The default bug view has changed. See this FAQ.

mozilla.org SOA mismatch, DNSSEC signer refusing to sign SOA 2013051500

RESOLVED FIXED

Status

Infrastructure & Operations
Infrastructure: Other
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: dumitru, Assigned: digi)

Tracking

Details

(Reporter)

Description

4 years ago
15:32 < nagios-scl3> Wed 15:32:38 PDT [587] ns1a.dmz.scl3.mozilla.com:DNS SOA - mozilla.org is CRITICAL: CRITICAL: Serials for zone mozilla.org differ. Dig shows: 2013051402. Local file shows 2013051500. (http://m.allizom.org/DNS+SOA+-+mozilla.org)

This is true. Running the update named script by hand doesn't return any errors. I reloaded rndc but no change.

limed and atoll were notified and looking at this.
Depends on: 872831
Depends on: 872832
The SOA mismatch for mozilla.org occurred when the DNSSEC signing process refused to sign the zone. We traced that to an expired ZSK ("zone signing key"), which has been renewed. DNSSEC signing has resumed, and today's mozilla.org updates are now published as expected.
Depends on: 872884
Depends on: 872885
Bug 872832 was the root cause of the SOA issue, and is now resolved.
Summary: SOA mismatch between dig and local files → mozilla.org SOA mismatch, DNSSEC signer refusing to sign SOA 2013051500
Depends on: 872927
Depends on: 873129
(Reporter)

Updated

4 years ago
Group: infra

Updated

4 years ago
Assignee: server-ops-infra → bhourigan
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Component: Server Operations: Infrastructure → Infrastructure: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.