[AusNOG] AU DNS - Something happening?

Mark Andrews marka at isc.org
Mon Sep 18 11:49:20 AEST 2023 

This isn’t key renewal.  This is signature regeneration.  

net.au. 900 IN DS 40165 8 2 E1EF24B9E822E574D996E6B03F438B78E5F5914E47D0C0151A21B114 CEE45A26
net.au. 900 IN RRSIG DS 8 2 900 20231030004937 20230917231937 62233 au. L446gkKJ2PaxX+6QbcfDJMmV7a9Ho2E9wDctqtixeX90O0fGxOtENcyM 28nmJPhGN+RYY1Kycx3NsM6x+zEqVX6X1SOxLBfon6IBxtqg8bRafMQm DZcdo82c6wQAacBUsutqPuY+foTF7ygn1tbPees6rPJE8N9hRqhJC0QE DpCkWmA6bdSprjivnYJTAYiT3+/7UKRmxiu386qPNICeSP4jc2YdkH7A VPeZapqnhY72cLGcfmgZWT6apveljm2gwrYoq1dTh5vvc/r+jTJVHgSn zU7pYU/BJlHIFC4lwaGpNB/j/oKngL6or1zfnB3rjFeBx2R9kfzwWl2R dGvdkg==

With signature lifetimes of ~45 days and a zone expiry value of 4 weeks this should have been
caught at least 4 weeks ago if good operation practice was being applied.

Mark

> On 18 Sep 2023, at 11:04, Two Fat Monkeys - Dirk Bermingham <dirk at twofatmonkeys.com> wrote:
> 
> Isn’t PKI fun? I’d not like to be the person in charge of key renewal today…
>  From: AusNOG <ausnog-bounces at lists.ausnog.net> On Behalf Of Nathan Brookfield
> Sent: Monday, September 18, 2023 10:58 AM
> To: Andrew Radke <andrew at osi.com.au>; Luke Thompson <luke.t at tncrew.com.au>
> Cc: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] AU DNS - Something happening?
>  Appears that the RRSIG expired at 00:05:29 UTC
>  Nathan Brookfield | VK2NAB
> General Manager
> 
> p: 1300 592 330 | m: 0412 266 008
> e: Nathan.brookfield at iperium.com.au | w: iperium.com.au
> 
> Suite 4.02, 189 Kent Street Sydney NSW 2000<image001.png>
> 
> Your Telco Team
> DISCLAIMER: This document is intended solely for the named addressee. This electronic communication, which includes any files or attachments thereto, contains proprietary or confidential information and may be privileged and otherwise protected under copyright or other applicable intellectual property laws. The use, disclosure, copying or distribution of any of the information contained in this document, by any person other than the addressee, is strictly prohibited. If you received this document in error, please contact the sender immediately and delete all the material from any computer. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you. Any views or opinions presented are solely those of the author and do not necessarily represent those of Iperium. 
> 
> WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. Iperium accepts no liability for any damage caused by any virus transmitted by this email.
>  From: AusNOG <ausnog-bounces at lists.ausnog.net> On Behalf Of Andrew Radke
> Sent: Monday, September 18, 2023 10:56 AM
> To: Luke Thompson <luke.t at tncrew.com.au>
> Cc: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] AU DNS - Something happening?
>  Yeah, we are seeing dnssec failing on some of our resolvers but not others. Haven’t dug as to why but disabling it until sorted.
> Regards,
> Andrew Radke
> Open Spaces Internet Pty Ltd
> Ph: 0412 798 593
> Web: osi.com.au
>  On 18 Sep 2023, at 10:26 am, Luke Thompson <luke.t at tncrew.com.au> wrote:
>  Ah hah, DNSSEC makes sense. Curious to see how long goes by until everything clears.
> 
> On 18/9/2023 10:23 am, Ted Cooper wrote:
> The DNS signatures just expired. Everything just went boom.
> 
> RRSIG net.au/DS alg 8, id 62233: The Signature Expiration field of the RRSIG RR (2023-09-18 00:05:29+00:00) is 15 minutes in the past.
> 
> https://dnsviz.net/d/abc.net.au/ZQeX9w/dnssec/
> 
> 
> On 18/9/23 10:20, Luke Thompson wrote:
> We've got many internal/external monitoring alerts going off. Common factor seems to be AU DNS.
> 
> Is anyone else seeing alerts tripped? Emails are flowing & I can query OK (Starlink), yet hosts remain "down".
> 
> 15 minutes since the first alert came through. WhatsMyDNS for "down" hosts is showing about a 50% query hit rate.
> 
> Cheers,
> Luke
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog
>  _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> https://lists.ausnog.net/mailman/listinfo/ausnog


-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the AusNOG mailing list