ietf.org now DNSSEC-bogus :-(
Stephane Bortzmeyer <bortzmeyer@nic.fr> Fri, 27 June 2014 10:50 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 265D51B2AB1 for <ietf@ietfa.amsl.com>; Fri, 27 Jun 2014 03:50:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IKiNEwJAbAi3 for <ietf@ietfa.amsl.com>; Fri, 27 Jun 2014 03:50:40 -0700 (PDT)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [217.70.190.232]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA1D21B2A83 for <ietf@ietf.org>; Fri, 27 Jun 2014 03:50:39 -0700 (PDT)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id 117423B7DA; Fri, 27 Jun 2014 12:50:38 +0200 (CEST)
Received: by tyrion (Postfix, from userid 1000) id EDA5FF008D1; Fri, 27 Jun 2014 12:50:28 +0200 (CEST)
Date: Fri, 27 Jun 2014 12:50:28 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: ietf@ietf.org
Subject: ietf.org now DNSSEC-bogus :-(
Message-ID: <20140627105028.GA30447@laperouse.bortzmeyer.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
X-Transport: UUCP rules
X-Operating-System: Ubuntu 14.04 (trusty)
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/SG4w5zxoZQLd1odrnHkV-eXau6c
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jun 2014 10:50:42 -0000
[Sent by using a mail server with a non-validating resolver...] The delegation at .org still indicates the old name servers but the zone contains the new ones, at Cloudflare. % dig @ns0.amsl.com. NS ietf.org ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @ns0.amsl.com. NS ietf.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51586 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;ietf.org. IN NS ;; ANSWER SECTION: ietf.org. 1800 IN NS jack.ns.cloudflare.com. ietf.org. 1800 IN NS dora.ns.cloudflare.com. ietf.org. 1800 IN RRSIG NS 5 2 1800 20150627101542 ( 20140627091717 40452 ietf.org. cGLMaGJyWGuBsUJ43Ot5c1N8A0pe0DYpML2qhnCdvWAv SAiuyejFv0yjSXT2dAA4gM/lRMw6Ii07wus1S7GKAcS3 df2Rr2ltVxl3NWvo7cKXVAQN59QL2Er2G0J71zEBwMZu dx6UznWSBWf9IrNvDn6VHZkUzKOxcExtnOgV9iwk3Pef UfJpvHelQXo4DgYI5a2wCpuLcljLfb62GYu/N4vLYOLB hGxyygvDnCriYSGFlVO7bhqA6bFbZWK/g8G26zEqE+ix +XjkiV9hBR1xSadgiqPi28sBAFy+zyvVrrkracgzFGzC 5Jz2dAE+c6Haw8Es74sizo3VZ7M5tnKU+w== ) ;; Query time: 75 msec ;; SERVER: 64.170.98.2#53(64.170.98.2) ;; WHEN: Fri Jun 27 12:46:31 2014 ;; MSG SIZE rcvd: 388 The cloudflare name servers does not server RRSIG or DNSKEY :-( % dig @jack.ns.cloudflare.com. DNSKEY ietf.org ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @jack.ns.cloudflare.com. DNSKEY ietf.org ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29097 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;ietf.org. IN DNSKEY ;; AUTHORITY SECTION: ietf.org. 86400 IN SOA dora.ns.cloudflare.com. dns.cloudflare.com. ( 2015553176 ; serial 10000 ; refresh (2 hours 46 minutes 40 seconds) 2400 ; retry (40 minutes) 604800 ; expire (1 week) 3600 ; minimum (1 hour) ) ;; Query time: 8 msec ;; SERVER: 2400:cb00:2049:1::adf5:3b79#53(2400:cb00:2049:1::adf5:3b79) ;; WHEN: Fri Jun 27 12:49:46 2014 ;; MSG SIZE rcvd: 99
- Re: ietf.org now DNSSEC-bogus :-( Stephane Bortzmeyer
- ietf.org now DNSSEC-bogus :-( Stephane Bortzmeyer
- Re: ietf.org now DNSSEC-bogus :-( Stephane Bortzmeyer
- Re: ietf.org now DNSSEC-bogus :-( Christopher Morrow
- Re: ietf.org now DNSSEC-bogus :-( Shumon Huque
- Re: ietf.org now DNSSEC-bogus :-( Stephane Bortzmeyer
- Re: ietf.org now DNSSEC-bogus :-( Dick Franks