Closed
Bug 872818
Opened 11 years ago
Closed 11 years ago
mozilla.org SOA mismatch, DNSSEC signer refusing to sign SOA 2013051500
Categories
(Infrastructure & Operations :: Infrastructure: Other, task)
Infrastructure & Operations
Infrastructure: Other
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dumitru, Assigned: bhourigan)
References
Details
15:32 < nagios-scl3> Wed 15:32:38 PDT [587] ns1a.dmz.scl3.mozilla.com:DNS SOA - mozilla.org is CRITICAL: CRITICAL: Serials for zone mozilla.org differ. Dig shows: 2013051402. Local file shows 2013051500. (http://m.allizom.org/DNS+SOA+-+mozilla.org) This is true. Running the update named script by hand doesn't return any errors. I reloaded rndc but no change. limed and atoll were notified and looking at this.
The SOA mismatch for mozilla.org occurred when the DNSSEC signing process refused to sign the zone. We traced that to an expired ZSK ("zone signing key"), which has been renewed. DNSSEC signing has resumed, and today's mozilla.org updates are now published as expected.
Bug 872832 was the root cause of the SOA issue, and is now resolved.
Summary: SOA mismatch between dig and local files → mozilla.org SOA mismatch, DNSSEC signer refusing to sign SOA 2013051500
Reporter | ||
Updated•11 years ago
|
Group: infra
Updated•11 years ago
|
Assignee: server-ops-infra → bhourigan
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Component: Server Operations: Infrastructure → Infrastructure: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in
before you can comment on or make changes to this bug.
Description
•