[outages] cannot resolve ca.gov from Linode default resolvers in Fremont
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Jul 2 04:05:54 EDT 2013
On Mon, Jul 01, 2013 at 07:37:23PM -0700,
Constantine A. Murenin <mureninc at gmail.com> wrote
a message of 326 lines which said:
> It's not over, Linode is still not working:
Not the right tests. What you should do:
1) dig to the Linode resolvers. If the resolver is 2001:db8:1::53,
then :
dig @2001:db8:1::53 A ns5.net.ca.gov
then the same with +cd (I don't know if Linode resolvers validate with
DNSSEC)
2) dig to the authoritative resolvers to see if it is a network
problem. Their addresses are 205.225.182.2, 134.186.254.247 and
205.225.182.66. So:
dig @205.225.182.2 SOA ca.gov
By the way, there IS something wrong in net.ca.gov. Name resolution of
the nameservers' names servfails. To quote DNSviz "DNSKEYs exist for
algorithm(s) 8, 7 in the net.ca.gov zone, but the net.ca.gov/SOA RRset
was not signed by any DNSKEY with algorithm(s) 7."
http://dnsviz.net/d/net.ca.gov/dnssec/
More information about the Outages
mailing list