Re: [tlug] sudden dnssec errors for .jp domains

[nigel barker <nigel@example.com>]

On 16 May 2014 13:49, Nikolay Elenkov <nick@example.com> wrote:
> Easiest is to switch off validation (set to no). DNSSEC is a bit of a hot
> mess anyway.

Is that what people do - switch off dnssec?

If I switched to google dns and the problem stopped, what does that
mean? dnssec was still auto.

This morning I switched back to NTT servers and everything worked.
This afternoon I saw some similar errors, (but not for .jp) and which
didn't appear to stop pages loading (eg. there was an error for
mozilla.org, but I could visit the site)

Kalin wrote:

>What version of BIND are you running on what OS/kernel?

9.8 on wheezy 3.2

>Are you by chance open resolver?

This server is on our LAN and not accessible from outside.

>Are you seeing increased activity (check daily log size compared to same day last week) ?
>Or somebody inside your network has been p0wned? (Check usage per IP)

Haven't had time today to look at logs, but will do.

Thanks for the replies
Nigel