On 9/15/13 12:59 PM, John R. Levine wrote:
Traceroutes confirm that it's dead, I sent a note to ietf-action.
On Sun, 15 Sep 2013, Jim Fenton wrote:
Slightly off-topic for this list, but the dkim-ops mailing list seems to
be dormant...
I'm getting a fair number of DKIM key lookup failures from ietf.org. I
have run into this on two different mail servers with independent
resolver configurations, so I'm inclined to think the problem is not on
my end:
Sep 7 12:58:19 v2 opendkim[1019]: r87JwCmq008446: key retrieval failed
(s=ietf1, d=ietf.org): timeout DNS query for `ietf1._domainkey.ietf.org'
If anyone else is seeing this, let me know and I'll report it. My
theory is that their DNS servers are struggling to respond to many key
requests after sending out signed messages to large mailing lists. The
TTL is 30 minutes, which may be too short.
-Jim
It turns out that the glue records for ietf.org were messed up. I sent a
note to ietf-action on that, and they have at least worked around the
problem (see below). I'm surprised Network Solutions had this problem.
I haven't seen any key retrieval timeouts since they implemented this.
On 10/5/13 7:51 AM, Glen via RT wrote:
Jim -
We've hit a wall with Network Solutions, and have been unable to get
past it. For reasons they cannot explain, they are unable to modify, or
allow us to modify, the glue record for "ns0.ietf.org".
Because this is clearly a problem, and one which will become much worse
when we start moving to upgraded colocation facilities in the coming
weeks, I have simply modified the domain itself to point to the more
correct "ns0.amsl.com" record. This is a record which we -do- have
control over, and which is correctly configured on all levels.
This should resolve any issues you've encountered, not to mention
preventing future issues that might be very bad.
I apologize for this confusion. Thanks for bringing this to our
attention, and thanks for your patience on this matter. Please feel
free to contact us if you require anything further at any time.
Regards,
Glen
Glen Barney
IT Director
AMS (IETF Secretariat)
On Tue Sep 24 14:09:49 2013, stevey wrote:
Hi Jim,
Unfortunately Network Solutions seem unable to correct the record for
us, and we are escalating this to IETF leadership and Network Solutions'
Corporate level.
This process could take a week or two but we will stay on top of it and
let you know when we get things fixed.
Best regards,
Steve
On Mon Sep 23 09:04:09 2013, stevey wrote:
Hi Jim,
We are working to get the glue records resolved, however, Network
Solutions is having to escalate our request. They have informed us it
may take 2-3 days to correct this. We'll keep you informed and let
you know as soon as this is fixed.
Best regards,
Steve
On Thu Sep 19 22:02:05 2013, fenton(_at_)bluepopcorn(_dot_)net wrote:
I have been getting intermittent errors retrieving IETF's DKIM key
records from DNS, and upon investigation I ran into the what seems
to be
an inconsistency in the "glue" records for the ietf.org domain.
According to:
http://www.dnssy.com/report.php?q=ietf.org
the glue record for ns0.ietf.org says its address is 12.22.58.2 rather
than 64.170.98.2, which is the address given in the domain's zone
file.
Please let me know when this is corrected (or if it's not really an
error) and I will check to see if there are further errors retrieving
DKIM keys.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html