Dear IETF List - I apologize for the noise and confusion. Mr Dukhovni did not address his email to the IETF list; however, he did send his email with a manually-configured Reply-to: header set to the list. I should have noticed that when replying. At any rate, DNS for the IRTF is not down, it does appear to be functioning correctly, and other test sites confirm it. The site referenced in Mr. Dukhovni's email, dataviz.net, appeared to have been caching old results. I'll be sure I check for any "customized" headers before replying to any future trouble reports I receive. Thanks, Glen Glen Barney IT Director AMS (IETF Secretariat) On Sat, Nov 7, 2015 at 1:09 PM, Glen <glen@xxxxxxxx> wrote: > Dear Mr. Dukhovni: > > I'll open a trouble ticket with Afilias; however, for the moment, I > have re-signed all the files locally, and done a serial number > increment, and pushed them to Afilias. I will watch to see if that > clears it. > > Also, please let me remind everyone on the list that the reporting > address for things of this type is ietf-action@xxxxxxxx. > > Thanks, > Glen > Glen Barney > IT Director > AMS (IETF Secretariat) > > On Sat, Nov 7, 2015 at 12:54 PM, Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote: >> It looks like master -> slave DNS updates are failing, only the master >> nameserver has unexpired signatures: >> >> http://dnsviz.net/d/irtf.org/dnssec/ >> >> However, all the nameservers report the same SOA serial as the master: >> >> $ dig -t ns +noall +ans +nocl +nottl irtf.org @ns0.amsl.com. >> irtf.org. NS ns0.amsl.com. >> irtf.org. NS ns1.ams1.afilias-nst.info. >> irtf.org. NS ns1.hkg1.afilias-nst.info. >> irtf.org. NS ns1.mia1.afilias-nst.info. >> irtf.org. NS ns1.sea1.afilias-nst.info. >> irtf.org. NS ns1.yyz1.afilias-nst.info. >> >> $ dig -t soa +noall +ans +nocl +nottl irtf.org @ns0.amsl.com. >> irtf.org. SOA ns0.amsl.com. glen.amsl.com. 1200000226 1800 1800 604800 1800 >> >> $ while read ns; do dig -t soa +noall +ans +nocl +nottl irtf.org @$ns; done <<-EOF >> ns1.ams1.afilias-nst.info. >> ns1.hkg1.afilias-nst.info. >> ns1.mia1.afilias-nst.info. >> ns1.sea1.afilias-nst.info. >> ns1.yyz1.afilias-nst.info. >> EOF >> irtf.org. SOA ns0.amsl.com. glen.amsl.com. 1200000226 1800 1800 604800 1800 >> irtf.org. SOA ns0.amsl.com. glen.amsl.com. 1200000226 1800 1800 604800 1800 >> irtf.org. SOA ns0.amsl.com. glen.amsl.com. 1200000226 1800 1800 604800 1800 >> irtf.org. SOA ns0.amsl.com. glen.amsl.com. 1200000226 1800 1800 604800 1800 >> irtf.org. SOA ns0.amsl.com. glen.amsl.com. 1200000226 1800 1800 604800 1800 >> >> So perhaps the master zone resigning is no longer updating the SOA >> record. In any case, DNS resolution for irtf.org is mostly down. >> >> -- >> Viktor. >>