? bad cache hit (eduftcdnsp01.ed.gov/DS)

Carlos Vicente cvicente.lists at gmail.com
Fri May 27 20:27:08 UTC 2011 

Hi Jim,

We are seeing the same thing. The problem is an incorrectly signed
zone (missing RRSIG records) at ed.gov. See:

http://dnssec-debugger.verisignlabs.com/www.ed.gov
http://dnsviz.net/d/www.ed.gov/dnssec/

cv

On Fri, May 27, 2011 at 12:09 PM, Jim Glassford <jmglass at iup.edu> wrote:
> Hi,
>
> Running BIND 9.7.0-P2
>
> Is this just me or other seeing this?
>
> Starting today got reports of unable to reach some student ad sites such as
> studentloans.gov
>
> # dig eduftcdnsp01.ed.gov
> ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> eduftcdnsp01.ed.gov
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46012
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;eduftcdnsp01.ed.gov.           IN      A
>
> ;; Query time: 550 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri May 27 15:06:00 2011
> ;; MSG SIZE  rcvd: 37
>
>
> ~in dnssec log file;
> 27-May-2011 15:06:00.097 dnssec: info: validating @0x7ff40c023520:
> eduftcdnsp01.ed.gov A: bad cache hit (eduftcdnsp01.ed.gov/DS)
>
>
> With the checking disabled;
>
> # dig eduftcdnsp01.ed.gov +cd
> ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> eduftcdnsp01.ed.gov +cd
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11700
> ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;eduftcdnsp01.ed.gov.           IN      A
>
> ;; ANSWER SECTION:
> eduftcdnsp01.ed.gov.    3539    IN      A       148.9.101.50
>
> ;; AUTHORITY SECTION:
> ed.gov.                 2777    IN      NS      eduptcdnsp01.ed.gov.
> ed.gov.                 2777    IN      NS      eduptcdnsp02.ed.gov.
> ed.gov.                 2777    IN      NS      eduftcdnsp02.ed.gov.
> ed.gov.                 2777    IN      NS      eduftcdnsp01.ed.gov.
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri May 27 15:07:01 2011
> ;; MSG SIZE  rcvd: 148
>
>
>
> thanks!
> jim
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

More information about the bind-users mailing list