Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] sudden dnssec errors for .jp domains



On 05/17/2014 09:14 PM, Stephen J. Turnbull wrote:
Nikolay Elenkov writes:

  > Probably that Google's servers were configured properly, unlike NTT's.

I love to hate NTT too, but do you have actual evidence of
misconfiguration there?


Nothing besides the fact that one worked and the other not.

This

May 15 19:09:06 tjener named[2812]: error (broken trust chain)
resolving 'www.yahoo.co.jp/A/IN': 203.139.160.105#53

probably means that validating server (NTT?) didn't update keys
properly, but it could something else, too. Maybe JPRS didn't
properly rollover keys and caused a problem for everyone, but
Google just ignored the error, automatically turned off
validation for broken domains, who knows what else.







Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links