[Yeti DNS Discuss] yeti root name server health report

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Sep 7 14:38:20 UTC 2015 

On Mon, Sep 07, 2015 at 10:18:11PM +0800,
 龚道彪 <dbgong at biigroup.cn> wrote 
 a message of 64 lines which said:

> That is a problem about different ZSKs in the two DMs. We compare
> other Yeti root name server' ZSK with BII's DM.  WARNING means that
> the servers's ZSK records is not entirely consistent with BII.

Indeed, there is a serious synchronisation problem .

% for server in $(dig +nodnssec +short NS .); do
echo -n "$server $(dig +nodnssec +short @$server SOA .) $(dig +nodnssec +short @$server  DNSKEY . | wc -l)"; echo "" 
done

bii.dns-lab.net. bii.dns-lab.net. yeti.biigroup.cn. 2015090700 1800 900 604800 86400 3
yeti.bofh.priv.at. bii.dns-lab.net. yeti.biigroup.cn. 2015090700 1800 900 604800 86400 4
yeti.ipv6.ernet.in. bii.dns-lab.net. yeti.biigroup.cn. 2015090700 1800 900 604800 86400 3
dahu1.yeti.eu.org. bii.dns-lab.net. yeti.biigroup.cn. 2015090700 1800 900 604800 86400 4
ns-yeti.bondis.org. bii.dns-lab.net. yeti.biigroup.cn. 2015090700 1800 900 604800 86400 4
yeti-ns.ix.ru. bii.dns-lab.net. yeti.biigroup.cn. 2015090700 1800 900 604800 86400 4
yeti-ns.tisf.net. bii.dns-lab.net. yeti.biigroup.cn. 2015090700 1800 900 604800 86400 4
yeti-ns.wide.ad.jp. bii.dns-lab.net. yeti.biigroup.cn. 2015090700 1800 900 604800 86400 4
yeti-ns.conit.co. bii.dns-lab.net. yeti.biigroup.cn. 2015090700 1800 900 604800 86400 4
yeti-ns.as59715.net. bii.dns-lab.net. yeti.biigroup.cn. 2015090700 1800 900 604800 86400 4
yeti-dns01.dnsworkshop.org. bii.dns-lab.net. yeti.biigroup.cn. 2015090700 1800 900 604800 86400 3

I also note that, recently, ZSK are created but no longer retired:

#11 of .: ['55954*', '39696']   (first 2015-09-02 19:57:11Z, last 2015-09-05 17:57:46Z)
#12 of .: ['55954*', '39696', '17868']  (first 2015-09-05 19:57:06Z, last 2015-09-07 07:57:48Z)
#13 of .: ['55954*', '27765', '39696', '17868'] (first 2015-09-06 17:57:23Z, last 2015-09-07 13:57:23Z)

(Note the overlapping of the dates, since the program tries a root
name server chosen at random)

More information about the discuss mailing list