## page was copied from DnsTemplate ##master-page:HelpTemplate == slack.com == <> <> DNSSEC関連の設定ミスでアクセスできないとの悲鳴が続く。-- ToshinoriMaeno <> * DNSSEC 設定に失敗した。 * 設定していたDS+DNSKEYレコードを抹消した。(TTL 1日) キャッシュを考慮しない操作。 * quad8がどう対応したのか、おかしな憶測がでている。 誰かがcache flush したとの情報がある。 dnsviz で DNSSEC関連を追跡できる。 https://lists.dns-oarc.net/pipermail/dns-operations/2021-September/021340.html [[/dns-operations]] DSレコードに対応するNS(dnskey) がないのであれば、DSレコード(キャッシュ)を取直せばいいと思うが。 https://lists.dns-oarc.net/pipermail/dns-operations/2021-October/021369.html {{{ Some information on what happened during this incident with the Google Public DNS service. * GPDNS did not configure an NTA for slack.com * We observed a small percentage of SERVFAILs during 10:05-10:47 AM PT on 20210930. Which was fixed by * a number of user-initiated cache flush requests for slack.com records (dname, ds, a, soa) between 10:46 AM to 11:28 AM PT on 20210930. Our general policy on NTAs is to only add them after evaluating the specific scenario. We never add them by default. -Puneet }}} https://news.ycombinator.com/item?id=28709988 https://twitter.com/Petr52898131/status/1443959135498686467 https://twitter.com/TheRegister/status/1443658850511425540 {{{ but yes backing out of it without taking the cached DS into account seems to be the big issue. }}} https://twitter.com/hixxxxxhi/status/1443868095576035330?s=20 「1%の利用者に影響」という誤魔化し。(新たな手口) これで調べてみればよかった。 https://dnschecker.org/#DS/slack.com == history == {{{ Domain Name: SLACK.COM Registry Domain ID: 900992_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2021-09-30T16:10:03Z Creation Date: 1992-10-21T04:00:00Z Registry Expiry Date: 2023-10-20T04:00:00Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Name Server: NS-1493.AWSDNS-58.ORG Name Server: NS-166.AWSDNS-20.COM Name Server: NS-1901.AWSDNS-45.CO.UK Name Server: NS-606.AWSDNS-11.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2021-10-01T23:56:18Z <<< }}} ---- CategoryDns CategoryWatch CategoryTemplate