Closed Bug 1005992 Opened 11 years ago Closed 11 years ago

resolving fxfeeds.mozilla.com returns "mozilla.com DNSKEY: no DS record"

Categories

(Infrastructure & Operations :: DNS and Domain Registration, task)

Product:
Infrastructure & Operations
Component:
DNS and Domain Registration
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: swsnyder, Assigned: bhourigan)

Details

View from local DNSSEC name server (BIND v9.8.2): 05-May-2014 16:53:54.293 dnssec: validating @0x7fb9bc844970: mozilla.com DNSKEY: no DS record 05-May-2014 16:53:54.293 dnssec: validating @0x7fb9bc002a90: fXfEEdS.MOZILlA.Com A: no valid signature found More info on failure: http://dnssec-debugger.verisignlabs.com/fxfeeds.mozilla.com
Summary: Bad DNSSEC for fxfeeds.mozilla.com → resolving fxfeeds.mozilla.com returns "mozilla.com DNSKEY: no DS record"
And the debugger link says that our only error listed is: "No DS records found for mozilla.com in the com zone"
Steve, Thanks for reporting this. You're seeing these noisy messages because mozilla.com is signed with dnssec keys, but the parent zone (com) does not have DS records for us. It does not mean service is impacted or our domain is failing dnssec validation. BIND is just getting slightly confused. We're working on rolling out dnssec for mozilla.com but we have some internal cleanup to perform first.
Assignee: infra → bhourigan
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.