[AusNOG] .AU DNSSEC Broken
Mal
malz at jetlan.com
Tue Mar 22 16:59:45 AEDT 2022
downdetector.com.au is not a signed zone.
ing.com.au is not signed either.
But this one is:
https://dnsviz.net/d/apnic.com.au/dnssec/
On 22/03/2022 4:26 pm, francisfides at mailup.net wrote:
> From my box in WA, USA:
> Cloudflare below. Google failing right now for ing.com.au, but not
> downdetector.com.au.
> Have fun everyone.
>
>> username at hostname ~ $ nslookup
>> > server 1.1.1.1
>> Default server: 1.1.1.1
>> Address: 1.1.1.1#53
>> > ing.com.au
>> Server: 1.1.1.1
>> Address: 1.1.1.1#53
>>
>> ** server can't find ing.com.au: SERVFAIL
>> > downdetector.com.au
>> Server: 1.1.1.1
>> Address: 1.1.1.1#53
>>
>> ** server can't find downdetector.com.au: SERVFAIL
>> > afr.com
>> Server: 1.1.1.1
>> Address: 1.1.1.1#53
>>
>> Non-authoritative answer:
>> Name: afr.com
>> Address: 13.249.38.55
>> Name: afr.com
>> Address: 13.249.38.44
>> Name: afr.com
>> Address: 13.249.38.4
>> Name: afr.com
>> Address: 13.249.38.18
>> >
>
> --
>
> francisfides at mailup.net <mailto:francisfides at mailup.net>
>
>
>
> On Tue, Mar 22, 2022, at 15:50, Seamus Ryan wrote:
>>
>> Yup, things breaking everywhere. Guess is something was being done to
>> prepare for .AU launch and erm, fat fingered?
>>
>>
>>
>> Get Outlook for iOS <https://aka.ms/o0ukef>
>>
>> ------------------------------------------------------------------------
>>
>> *From:*AusNOG <ausnog-bounces at ausnog.net> on behalf of Luke Thompson
>> <luke.t at tncrew.com.au>
>> *Sent:* Tuesday, March 22, 2022 4:44:18 PM
>> *To:* Andrew Simmonds <andrew at levart.com.au>; ausnog at ausnog.net
>> <ausnog at ausnog.net>
>> *Subject:* Re: [AusNOG] .AU DNSSEC Broken
>>
>>
>>
>> Seeing the same from 3.41pm Sydney time.
>>
>> Cheers,
>>
>>
>> Luke Thompson
>> Operations Manager
>>
>> The Network Crew Pty Ltd
>> https://thenetworkcrew.com.au
>>
>>
>> On 22/3/22 4:41 pm, Andrew Simmonds wrote:
>>
>> Hi All,
>>
>> Anyone notice DNS chucking a wobbly from about 1pm Perth time today?
>>
>> Seems to be bringing a whole bunch of our customer .au domains
>> down especially clients using the Cloudflare 1.1.1.1 caching
>> resolvers etc.
>>
>> Cloudflare is giving errors such as:
>>
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 1232
>> ; EDE: 10 (RRSIGs Missing): (for DNSKEY au., id = 34882)
>>
>>
>> It seems .AU may be missing RRSIG records:
>>
>> https://dnssec-analyzer.verisignlabs.com/gov.au
>>
>> Hopefully the powers that be are already aware of this.
>>
>> Best Regards,
>>
>> <https://www.levart.com.au/>
>>
>> Andrew Simmonds
>> Systems Development Manager
>> *Levart*
>> 1A/18 Gibberd Road
>> Balcatta WA 6021
>>
>>
>>
>> p:
>> m:
>> f:
>> e:
>> w:
>>
>>
>>
>> 1300 538 278 <tel:1300538278>
>> +61 401 218 463 <tel:+61401218463>
>> +61 8 9382 8003 <tel:+61893828003>
>> andrew at levart.com.au <mailto:andrew at levart.com.au>
>> www.levart.com.au <https://www.levart.com.au/>
>>
>>
>> _______________________________________________
>>
>> AusNOG mailing list
>>
>> AusNOG at ausnog.net <mailto:AusNOG at ausnog.net>
>>
>> https://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at ausnog.net <mailto:AusNOG at ausnog.net>
>> https://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20220322/1271a90a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: levart-small.png
Type: image/png
Size: 4936 bytes
Desc: not available
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20220322/1271a90a/attachment.png>
More information about the AusNOG
mailing list