Portál AbcLinuxu, 14. května 2025 13:27
Hmm, včera jsem si musel vyprázdnit DNS cache, protože mi DNSSEC odmítal ověřit nameservery Verisignu, takže jsem se nemohl dostat například na SourceForge. Řekl bych, že tohle trošku nezvládli, podle toho jak se to chovalo bych řekl, že neměli záznamy svých nameserverů podepsané s dostatečným předstihem...
Drobná ukázka ze včerejšího logu, až po restartu cachovacího nameserveru to začlo chodit správně:
Dec 9 19:58:23 vdns named[279]: validating @0x7f657f578630: pbid.pro-market.net AAAA: bad cache hit (pro-market.net/DS) Dec 9 19:58:23 vdns named[279]: no valid DS resolving 'pbid.pro-market.net/A/IN': 208.78.29.10#53 Dec 9 19:58:23 vdns named[279]: broken trust chain resolving 'pbid.pro-market.net/AAAA/IN': 208.78.29.10#53 Dec 9 19:58:23 vdns named[279]: validating @0x7f657002ea50: pbid.pro-market.net A: bad cache hit (pro-market.net/DS) Dec 9 19:58:23 vdns named[279]: broken trust chain resolving 'pbid.pro-market.net/A/IN': 208.78.29.30#53 Dec 9 19:58:23 vdns named[279]: validating @0x7f657f610510: pro-market.net SOA: bad cache hit (pro-market.net/DS) Dec 9 19:58:23 vdns named[279]: broken trust chain resolving 'pbid.pro-market.net/AAAA/IN': 208.78.29.30#53 Dec 9 19:58:23 vdns named[279]: validating @0x7f657f5ee730: pbid.pro-market.net A: bad cache hit (pro-market.net/DS) Dec 9 19:58:23 vdns named[279]: broken trust chain resolving 'pbid.pro-market.net/A/IN': 208.78.29.20#53 Dec 9 19:58:24 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.52.178.30#53 Dec 9 19:58:24 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.33.14.30#53 Dec 9 19:58:24 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.54.112.30#53 Dec 9 19:58:24 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.43.172.30#53 Dec 9 19:58:24 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.55.83.30#53 Dec 9 19:58:24 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.5.6.30#53 Dec 9 19:58:24 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.42.93.30#53 Dec 9 19:58:24 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.31.80.30#53 Dec 9 19:58:24 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.12.94.30#53 Dec 9 19:58:24 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.41.162.30#53 Dec 9 19:58:25 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.26.92.30#53 Dec 9 19:58:25 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.35.51.30#53 Dec 9 19:58:25 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 192.48.79.30#53 Dec 9 19:58:25 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 2001:503:231d::2:30#53 Dec 9 19:58:25 vdns named[279]: no valid RRSIG resolving 'verisign.net/DS/IN': 2001:503:a83e::2:30#53 Dec 9 19:58:25 vdns named[279]: no valid DS resolving 'ocsp.verisign.net/A/IN': 199.7.51.78#53 Dec 9 19:58:25 vdns named[279]: no valid DS resolving 'ocsp.verisign.net/AAAA/IN': 199.7.51.78#53 Dec 9 19:58:25 vdns named[279]: validating @0x7f657f610510: ocsp.verisign.net A: bad cache hit (verisign.net/DS) Dec 9 19:58:25 vdns named[279]: broken trust chain resolving 'ocsp.verisign.net/A/IN': 199.7.55.78#53 Dec 9 19:58:25 vdns named[279]: validating @0x7f657f578630: ocsp.verisign.net AAAA: bad cache hit (verisign.net/DS) Dec 9 19:58:25 vdns named[279]: broken trust chain resolving 'ocsp.verisign.net/AAAA/IN': 199.7.55.78#53 Dec 9 19:58:25 vdns named[279]: validating @0x7f657f5ee730: ocsp.verisign.net A: bad cache hit (verisign.net/DS) Dec 9 19:58:25 vdns named[279]: broken trust chain resolving 'ocsp.verisign.net/A/IN': 199.7.59.78#53
10.12.2010 11:48
xkucf03 | skóre: 49
| blog: xkucf03
Ale speciálně u Verisignu bych čekal, že to budou mít promyšlené.
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.