[Dnssec-trigger] Help diagnose DNSSEC hostile network

Arne Jørgensen arne at arnested.dk
Fri Sep 12 05:05:53 UTC 2014


Recently something changed in the network at my work and now
Dnssec-Trigger bails out with "The Network Fails to Support DNSSEC".

Dnssec-Trigger still works fine on other networks so it seems obvious
that something changed somewhere in the network at work or at my
workplaces internet supplier.

If I am to report this as a problem I would like to supply them with a
more precise description of what they changed and how they could fix it
(otherwise the report will most likely be shelved).

What should I look for? What is the best way to diagnose such a problem?

The probe results contain this info: 

dnssec-trigger 0.12
results from probe at 2014-09-12 06:53:04

ssl443 error TCP connection failure
tcp80 error TCP connection failure
authority error timeout
http fedoraproject.org ( OK 
cache error timeout
cache error timeout
cache error timeout
cache error timeout

DNS queries are sent to INSECURE servers.
Please, be careful out there.

Kind regards,
Arne Jørgensen

More information about the dnssec-trigger mailing list