Hi Richard,
this is not the case.
slack.com botched their DS/DNSKEY deployment (there’s a thread on
dns-operations about it).
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
> On 1. 10. 2021, at 18:46, Richard T.A. Neal <rich...@richardneal.com> wrote:
>
> For those of you facing a curious issue with BIND failing to resolve records
> for some zones today it’s not necessarily BIND having “a Friday moment” 😊
>
> It looks like the LetsEncrypt root certificate expiry is even impacting some
> DNSSEC zones that have used a LetsEncrypt certificate to sign their zone file.
>
> For example my BIND 9.17.18 / Ubuntu 21.04 servers are failing to resolve
> {anything}.slack.com at the moment, presumably because Slack have used
> LetsEncrypt to sign their zone. BIND is logging the following in my
> query-errors.log file:
>
> (app.slack.com): query failed (broken trust chain) for app.slack.com/IN/A at
> query.c:7658
>
> There’s a little more info about the LetsEncrypt issue at the following two
> links (not my site):
>
> https://scotthelme.co.uk/lets-encrypt-old-root-expiration/
> and
> https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
>
> Richard.
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
