Looks like DE ccTLD is unresolvable due to DNSSEC issue:https://dnsviz.net/d/nic.de/dnssec/
-
And that's why it doesn't make it much better:
;; ANSWER SECTION:
de. 86400 IN NS a.nic.de.
de. 86400 IN NS f.nic.de.
de. 86400 IN NS l.de.net.
de. 86400 IN NS n.de.net.
de. 86400 IN NS s.de.net.
de. 86400 IN NS z.nic.de.If nic.de. is down, nameservers in nic.de. are down. Which will cause issues for DE.
At this moment, please send #HugOps to folks at DENIC. They are dealing with a really bad and stressful situation and I am sure they are doing their best to resolve it as soon as possible.
-
And that's why it doesn't make it much better:
;; ANSWER SECTION:
de. 86400 IN NS a.nic.de.
de. 86400 IN NS f.nic.de.
de. 86400 IN NS l.de.net.
de. 86400 IN NS n.de.net.
de. 86400 IN NS s.de.net.
de. 86400 IN NS z.nic.de.If nic.de. is down, nameservers in nic.de. are down. Which will cause issues for DE.
@rysiek its causing a cascading failure onto de.net as well since de.net uses nic.de for nameservers.
-
@rysiek its causing a cascading failure onto de.net as well since de.net uses nic.de for nameservers.
@packetcat ooof.
There is going to be a lot of stuff to learn from the post-mortem.
-
R relay@relay.mycrowd.ca shared this topic
-
Looks like DE ccTLD is unresolvable due to DNSSEC issue:
https://dnsviz.net/d/nic.de/dnssec/
@rysiek Also looks like dnsviz.net has been hugged to death by everyone hitting it.
-
Because it is DNS, everything is cached on multiple levels. Because there are nameservers in different TLDs (which is the correct thing to do!), combined with cache invalidation fun, this will keep looking like intermittent failures for a while most probably.
-
And that's why it doesn't make it much better:
;; ANSWER SECTION:
de. 86400 IN NS a.nic.de.
de. 86400 IN NS f.nic.de.
de. 86400 IN NS l.de.net.
de. 86400 IN NS n.de.net.
de. 86400 IN NS s.de.net.
de. 86400 IN NS z.nic.de.If nic.de. is down, nameservers in nic.de. are down. Which will cause issues for DE.
@rysiek@mstdn.social i mean, they do have de.net, so it's not an irrepairable level of a fuckup
don't look at
dig NS plnow... -
@rysiek while I'm taking this as a cue to just go to bed and leave computering for tomorrow... RIP to all the shoddily written automations and batch jobs that will fail tonight 🫡
May their knock-on effects be mild tomorrow -
@varbin yeah, this might keep looking like an intermittent failure for a while
-
@rysiek while I'm taking this as a cue to just go to bed and leave computering for tomorrow... RIP to all the shoddily written automations and batch jobs that will fail tonight 🫡
May their knock-on effects be mild tomorrow -
@rysiek@mstdn.social i mean, they do have de.net, so it's not an irrepairable level of a fuckup
don't look at
dig NS plnow...@domi guess what are the NSes for de.net. though…
;; ANSWER SECTION:
de.net. 86400 IN NS ns1.denic.de.
de.net. 86400 IN NS ns2.denic.de.
de.net. 86400 IN NS ns3.denic.de.
de.net. 86400 IN NS ns4.denic.net. -
Because it is DNS, everything is cached on multiple levels. Because there are nameservers in different TLDs (which is the correct thing to do!), combined with cache invalidation fun, this will keep looking like intermittent failures for a while most probably.
@rysiek Why are the nic.de servers' addresses not glued to the root zone? I thought that was standard practice even if you have nameservers in other zones, too
-
@domi guess what are the NSes for de.net. though…
;; ANSWER SECTION:
de.net. 86400 IN NS ns1.denic.de.
de.net. 86400 IN NS ns2.denic.de.
de.net. 86400 IN NS ns3.denic.de.
de.net. 86400 IN NS ns4.denic.net.@rysiek@mstdn.social well, but denic.net has glue records. and so does de.net. so those fields don't really matter much, it's still resolvable
-
Looks like DE ccTLD is unresolvable due to DNSSEC issue:
https://dnsviz.net/d/nic.de/dnssec/ -
@rysiek@mstdn.social well, but denic.net has glue records. and so does de.net. so those fields don't really matter much, it's still resolvable
@domi fair enough
-
Because it is DNS, everything is cached on multiple levels. Because there are nameservers in different TLDs (which is the correct thing to do!), combined with cache invalidation fun, this will keep looking like intermittent failures for a while most probably.
-
Here's a thought:
The fact that people are experiencing issues with DE sites and asking if CloudFlare is down speaks volumes about the stability of DE ccTLD and the broader DNS compared to big cloud providers.
-
Looks like DE ccTLD is unresolvable due to DNSSEC issue:
https://dnsviz.net/d/nic.de/dnssec/ From a users perspective some .de domains are not available on one connection but on another connection?
At least that's what I'm experiencing currently.
-
@rysiek@mstdn.social True experts questioned their home infra first, because that is obviously the most stable culprit
-
From a users perspective some .de domains are not available on one connection but on another connection?
At least that's what I'm experiencing currently.
@stekopf read the thread, I explain why this is going to feel intermittent
-
@rysiek the last failure of DE I recall was in May (hmm) 2010 (or 2012) when the zone exporter failed because of a file-system full error which wasn’t caught before the zone was shipped out to DE’s secondaries. That caused (alphabetically) all zones > a certain letter (ISTR it was ‘m’) to fail. Quite funny on one hand, sad on another, and hugely embarrassing to the DENIC people
