[prev in list] [next in list] [prev in thread] [next in thread]
List: pdns-users
Subject: Re: [Pdns-users] TLSA problemns
From: <steffannoord () gmail ! com>
Date: 2019-12-13 14:58:16
Message-ID: 025e01d5b1c5$c06e37a0$414aa6e0$ () gmail ! com
[Download RAW message or body]
Thanxs for that
I wass still using the old command in the script.
Will waith till the TTL expires to see if that halps.
Met vriendelijke groet,
Steffan Noord
-----Oorspronkelijk bericht-----
Van: Pdns-users <pdns-users-bounces@mailman.powerdns.com> Namens Remi Gacogne
Verzonden: vrijdag 13 december 2019 15:30
Aan: 'Pdns-users Users' <pdns-users@mailman.powerdns.com>
Onderwerp: Re: [Pdns-users] TLSA problemns
Hi,
It might not be related but this domain has some DNSSEC-related issues, for example \
the denial for _tcp.mail01.tkservers.com|A is not valid:
https://dnsviz.net/d/_tcp.mail01.tkservers.com/dnssec/
You might need to run pdnsutil rectify-zone 'tkservers.com'.
Best regards,
Remi
On 12/13/19 3:04 PM, steffannoord@gmail.com wrote:
> Yes it is my own.
> I use mysql replication
> If i test the dns servers it works.
>
> I also see the difference in the TTL, but the settings are in my dns for several \
> months.
> The reasen why i test 8.8.8.8 is that SIDN uses them to test for
> tlsa/dane And my domains are failing for there test.
>
> Met vriendelijke groet,
> Steffan Noord
>
> -----Oorspronkelijk bericht-----
> Van: Brian Candler <b.candler@pobox.com>
> Verzonden: vrijdag 13 december 2019 14:44
> Aan: steffannoord@gmail.com; 'Pdns-users Users'
> <pdns-users@mailman.powerdns.com>
> Onderwerp: Re: [Pdns-users] TLSA problemns
>
> On 13/12/2019 13:23, steffannoord@gmail.com wrote:
> > I have a strange problem.
> > When i do a:
> > dig _25._tcp.mail01.tkservers.com tlsa @8.8.8.8
> >
> > om getting sometimes a NOERROR and sometimes a NXDOMAIN
> >
> > When i change the 8.8.8.8 to my dns servers that it works fine.
> > When i use 1.1.1.1 it works fine
> >
> > Any idees why Google gives a NXDOMAIN randomly?
>
> 8.8.8.8 will be a big anycast pool of caches, and you may hit a different one with \
> each query. Other providers might have "sticky" load balancing. Notice how the \
> TTL bounces up and down here:
> $ dig @8.8.8.8 powerdns.com | grep '^powerdns\.com'
> powerdns.com. 3599 IN A 188.166.104.92 $ dig @8.8.8.8 powerdns.com \
> | grep '^powerdns\.com' powerdns.com. 3599 IN A 188.166.104.92 $ \
> dig @8.8.8.8 powerdns.com | grep '^powerdns\.com' powerdns.com. 1227 IN \
> A 188.166.104.92 $ dig @8.8.8.8 powerdns.com | grep '^powerdns\.com' \
> powerdns.com. 3026 IN A 188.166.104.92 $ dig @8.8.8.8 powerdns.com \
> | grep '^powerdns\.com' powerdns.com. 3595 IN A 188.166.104.92
>
> Is tkservers.com your own domain?
>
> You would need to dig into the details, but there are a whole bunch of possible \
> reasons, most likely due to misconfiguration of tkservers.com authoritative DNS. \
> Examples:
> - synchronization problem between master and slaves
> - NS records in the delegation are different to the NS records in the
> zone
>
> Or it could just be a temporary anomaly due to TTL expiring after a change, and \
> will eventually become consistent.
> _______________________________________________
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic