These name servers have another interesting feature: the serial number
is different depending on whether you set the DO bit or or:
% dig +short +dnssec +bufsize=4096 @ns1.uscg.mil SOA uscg.mil
osc-bloxmaster.iap.uscg.mil. hostmaster.uscg.mil. 2012079853 10800 1080 604800
900
...
% dig +short +nod
; dnsstuff.com <http://dnsstuff.com>, dnscheck.iis.se
>>> <http://dnscheck.iis.se>, they all show DNSSEC error for uscg.mil
>>> <http://uscg.mil>.*
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
On 11/14/13 1:29 PM, Kevin Oberman wrote:
> Don't forget that Google will white-list domains with known (by them)
> broken DNSSEC and reply even though validation is broken, so using
> 8.8.8.8 for checking on whether validation is broken is not the best idea.
Really? Google sets the ad flag for k
huu Network Security SpecialistNorthrop Grumman IS | Civil Systems
>> Division (CSD)Office: 410-965-0746 <410-965-0746>Pager: 443-847-7551
>> <443-847-7551> Email: linh.k...@ssa.gov *
>>
>>
>>
>> *From:* Marc Lampo [mailto:marc.lampo.i...@gmail.com
y SpecialistNorthrop Grumman IS | Civil Systems
> Division (CSD)Office: 410-965-0746 <410-965-0746>Pager: 443-847-7551
> <443-847-7551>Email: linh.k...@ssa.gov *
>
>
>
> *From:* Marc Lampo [mailto:marc.lampo.i...@gmail.com]
> *Sent:* Thursday, November 14, 2013 1:16 PM
&
l.com]
Sent: Thursday, November 14, 2013 1:16 PM
To: Khuu, Linh Contractor
Cc: Bind Users Mailing List
Subject: Re: Does anyone have DNSSEC problem with uscg.mil
Not at this moment :
$ dig @8.8.8.8<http://8.8.8.8> mx uscg.mil<http://uscg.mil>. +dnssec
; <<>> DiG 9.8.4-
And the name server 199.211.218.6 does not seem lame either :
$ dig @199.211.218.6 mx uscg.mil. +dnssec
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @199.211.218.6 mx uscg.mil. +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61958
;;
Not at this moment :
$ dig @8.8.8.8 mx uscg.mil. +dnssec
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.8.8 mx uscg.mil. +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42506
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 9, AUTHORITY: 0
Hi,
Does anyone have any DNSSEC problem with uscg.mil.
On our DNS servers, we have seen broken trust chain error and the validation
failed.
14-Nov-2013 12:57:37.486 lame-servers: error (broken trust chain) resolving
'uscg.mil/A/IN': 199.211.218.6#53
14-Nov-2013 12:57:37.573 lame-servers: error
9 matches
Mail list logo
