Closed Bug 872818 Opened 11 years ago Closed 11 years ago

mozilla.org SOA mismatch, DNSSEC signer refusing to sign SOA 2013051500

Categories

(Infrastructure & Operations :: Infrastructure: Other, task)

Product:
Infrastructure & Operations
Component:
Infrastructure: Other
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dumitru, Assigned: bhourigan)

References

Details

15:32 < nagios-scl3> Wed 15:32:38 PDT [587] ns1a.dmz.scl3.mozilla.com:DNS SOA - mozilla.org is CRITICAL: CRITICAL: Serials for zone mozilla.org differ. Dig shows: 2013051402. Local file shows 2013051500. (http://m.allizom.org/DNS+SOA+-+mozilla.org)

This is true. Running the update named script by hand doesn't return any errors. I reloaded rndc but no change.

limed and atoll were notified and looking at this.
Depends on: 872832
The SOA mismatch for mozilla.org occurred when the DNSSEC signing process refused to sign the zone. We traced that to an expired ZSK ("zone signing key"), which has been renewed. DNSSEC signing has resumed, and today's mozilla.org updates are now published as expected.
Depends on: 872884
Depends on: 872885
Bug 872832 was the root cause of the SOA issue, and is now resolved.
Summary: SOA mismatch between dig and local files → mozilla.org SOA mismatch, DNSSEC signer refusing to sign SOA 2013051500
Depends on: 872927
Group: infra
Assignee: server-ops-infra → bhourigan
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Component: Server Operations: Infrastructure → Infrastructure: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.