Re: FreeBSD Trust Chain
- Reply: Tomasz CEDRO : "Re: FreeBSD Trust Chain"
- In reply to: John Levine: "Re: FreeBSD Trust Chain"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 13 Jan 2022 04:02:56 UTC
On 1/12/22 9:47 PM, John Levine wrote:
> . 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1502433573 ;;Fri Aug 11 02:39:33 2017
Thanks, we're still digging into this. It may well not be a DNSSEC issue
at all. We've disabled DNSSEC checking and are still seeing issue.
This is starting to look like Comcast Business preventing our servers
from doing direct recursion via the root servers. i.e. We have to
use forwarders to resolve anything outside our own domain reliably.
It's weird, without forwarders, and with a clean cache, some names
resolve and some don't. If we add 1.1.1.1 as a forwarder
everything seems to work OK.
--
----------------------------------------------------------------------------
Tim Daneliuk tundra@tundraware.com
PGP Key: http://www.tundraware.com/PGP/