Looks like DE ccTLD is unresolvable due to DNSSEC issue:https://dnsviz.net/d/nic.de/dnssec/
-
Looks like DE ccTLD is unresolvable due to DNSSEC issue:
https://dnsviz.net/d/nic.de/dnssec/
-
Looks like DE ccTLD is unresolvable due to DNSSEC issue:
https://dnsviz.net/d/nic.de/dnssec/ @rysiek yeah there is some weird sh!t going on lately yesterday when I checked dnscheck.tools and also mullvad.net/en/check I got the firts time an DNS error. Not quite sure what to make out of that
-
R relay@relay.infosec.exchange shared this topic
-
Looks like DE ccTLD is unresolvable due to DNSSEC issue:
https://dnsviz.net/d/nic.de/dnssec/ If I am reading this correctly – and I might not, it's been a long day – the issue is not directly with DE itself, but with nic.de.
Which doesn't necessarily make it much better.
-
If I am reading this correctly – and I might not, it's been a long day – the issue is not directly with DE itself, but with nic.de.
Which doesn't necessarily make it much better.
And that's why it doesn't make it much better:
;; ANSWER SECTION:
de. 86400 IN NS a.nic.de.
de. 86400 IN NS f.nic.de.
de. 86400 IN NS l.de.net.
de. 86400 IN NS n.de.net.
de. 86400 IN NS s.de.net.
de. 86400 IN NS z.nic.de.If nic.de. is down, nameservers in nic.de. are down. Which will cause issues for DE.
-
And that's why it doesn't make it much better:
;; ANSWER SECTION:
de. 86400 IN NS a.nic.de.
de. 86400 IN NS f.nic.de.
de. 86400 IN NS l.de.net.
de. 86400 IN NS n.de.net.
de. 86400 IN NS s.de.net.
de. 86400 IN NS z.nic.de.If nic.de. is down, nameservers in nic.de. are down. Which will cause issues for DE.
At this moment, please send #HugOps to folks at DENIC. They are dealing with a really bad and stressful situation and I am sure they are doing their best to resolve it as soon as possible.
-
And that's why it doesn't make it much better:
;; ANSWER SECTION:
de. 86400 IN NS a.nic.de.
de. 86400 IN NS f.nic.de.
de. 86400 IN NS l.de.net.
de. 86400 IN NS n.de.net.
de. 86400 IN NS s.de.net.
de. 86400 IN NS z.nic.de.If nic.de. is down, nameservers in nic.de. are down. Which will cause issues for DE.
@rysiek its causing a cascading failure onto de.net as well since de.net uses nic.de for nameservers.
-
@rysiek its causing a cascading failure onto de.net as well since de.net uses nic.de for nameservers.
@packetcat ooof.
There is going to be a lot of stuff to learn from the post-mortem.
-
R relay@relay.mycrowd.ca shared this topic
-
Looks like DE ccTLD is unresolvable due to DNSSEC issue:
https://dnsviz.net/d/nic.de/dnssec/ @rysiek Also looks like dnsviz.net has been hugged to death by everyone hitting it.
-
Because it is DNS, everything is cached on multiple levels. Because there are nameservers in different TLDs (which is the correct thing to do!), combined with cache invalidation fun, this will keep looking like intermittent failures for a while most probably.
-
And that's why it doesn't make it much better:
;; ANSWER SECTION:
de. 86400 IN NS a.nic.de.
de. 86400 IN NS f.nic.de.
de. 86400 IN NS l.de.net.
de. 86400 IN NS n.de.net.
de. 86400 IN NS s.de.net.
de. 86400 IN NS z.nic.de.If nic.de. is down, nameservers in nic.de. are down. Which will cause issues for DE.
@rysiek@mstdn.social i mean, they do have de.net, so it's not an irrepairable level of a fuckup
don't look at
dig NS plnow... -
@rysiek while I'm taking this as a cue to just go to bed and leave computering for tomorrow... RIP to all the shoddily written automations and batch jobs that will fail tonight 🫡
May their knock-on effects be mild tomorrow -
@varbin yeah, this might keep looking like an intermittent failure for a while
-
@rysiek while I'm taking this as a cue to just go to bed and leave computering for tomorrow... RIP to all the shoddily written automations and batch jobs that will fail tonight 🫡
May their knock-on effects be mild tomorrow -
@rysiek@mstdn.social i mean, they do have de.net, so it's not an irrepairable level of a fuckup
don't look at
dig NS plnow...@domi guess what are the NSes for de.net. though…
;; ANSWER SECTION:
de.net. 86400 IN NS ns1.denic.de.
de.net. 86400 IN NS ns2.denic.de.
de.net. 86400 IN NS ns3.denic.de.
de.net. 86400 IN NS ns4.denic.net. -
Because it is DNS, everything is cached on multiple levels. Because there are nameservers in different TLDs (which is the correct thing to do!), combined with cache invalidation fun, this will keep looking like intermittent failures for a while most probably.
@rysiek Why are the nic.de servers' addresses not glued to the root zone? I thought that was standard practice even if you have nameservers in other zones, too
-
@domi guess what are the NSes for de.net. though…
;; ANSWER SECTION:
de.net. 86400 IN NS ns1.denic.de.
de.net. 86400 IN NS ns2.denic.de.
de.net. 86400 IN NS ns3.denic.de.
de.net. 86400 IN NS ns4.denic.net.@rysiek@mstdn.social well, but denic.net has glue records. and so does de.net. so those fields don't really matter much, it's still resolvable
-
Looks like DE ccTLD is unresolvable due to DNSSEC issue:
https://dnsviz.net/d/nic.de/dnssec/ -
@rysiek@mstdn.social well, but denic.net has glue records. and so does de.net. so those fields don't really matter much, it's still resolvable
@domi fair enough
-
Because it is DNS, everything is cached on multiple levels. Because there are nameservers in different TLDs (which is the correct thing to do!), combined with cache invalidation fun, this will keep looking like intermittent failures for a while most probably.
-
Here's a thought:
The fact that people are experiencing issues with DE sites and asking if CloudFlare is down speaks volumes about the stability of DE ccTLD and the broader DNS compared to big cloud providers.
