Not at this moment : $ dig @8.8.8.8 mx uscg.mil. +dnssec ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.8.8 mx uscg.mil. +dnssec ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42506 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 512 ;; QUESTION SECTION: ;uscg.mil. IN MX ;; ANSWER SECTION: uscg.mil. 8478 IN MX 40 smtp-gateway-4.uscg.mil. uscg.mil. 8478 IN MX 40 smtp-gateway-4a.uscg.mil. uscg.mil. 8478 IN MX 10 smtp-gateway-2.uscg.mil. uscg.mil. 8478 IN MX 20 smtp-gateway-5a.uscg.mil. uscg.mil. 8478 IN MX 10 smtp-gateway-1.uscg.mil. uscg.mil. 8478 IN MX 20 smtp-gateway-5.uscg.mil. uscg.mil. 8478 IN MX 10 smtp-gateway-1a.uscg.mil. uscg.mil. 8478 IN MX 10 smtp-gateway-2a.uscg.mil. uscg.mil. 8478 IN RRSIG MX 7 2 86400 20131118074336 20131113074105 53369 uscg.mil. F... Observe : AD bit set. Kind regards, On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor <linh.k...@ssa.gov>wrote: > Hi, > > Does anyone have any DNSSEC problem with uscg.mil. > > On our DNS servers, we have seen broken trust chain error and the > validation failed. > > 14-Nov-2013 12:57:37.486 lame-servers: error (broken trust chain) > resolving 'uscg.mil/A/IN': 199.211.218.6#53 > 14-Nov-2013 12:57:37.573 lame-servers: error (broken trust chain) > resolving 'uscg.mil/A/IN': 199.211.218.6#53 > 14-Nov-2013 12:57:37.658 lame-servers: error (broken trust chain) > resolving 'uscg.mil/MX/IN': 199.211.218.6#53 > 14-Nov-2013 12:57:37.743 lame-servers: error (broken trust chain) > resolving 'uscg.mil/MX/IN': 199.211.218.6#53 > > 14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: uscg.milAAAA: > in authvalidated > 14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: uscg.milAAAA: > authvalidated: got broken trust chain > 14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: uscg.milAAAA: > resuming nsecvalidate > 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: > starting > 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: > attempting positive response validation > 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: in > fetch_callback_validator > 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: > fetch_callback_validator: got failure > 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: > starting > 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: > attempting positive response validation > 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: > in fetch_callback_validator > 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: > fetch_callback_validator: got failure > > Thanks, > Linh Khuu > Network Security Specialist > Northrop Grumman IS | Civil Systems Division (CSD) > Office: 410-965-0746 > Pager: 443-847-7551 > Email: linh.k...@ssa.gov > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
