Hi,
I started with the Administrator level and sending of an email to my domain tenty.ca
and receive the error: no AAAA record.
I have A and AAAA records for tenty.ca and ns1.tenty.ca and they resolve correctly from
other servers at internet
I queried also the dns 2001:470:20::2 & 74.82.42.42 of he.net and they resolve also correctly
there so I don't understand it.
Greetings,
Bob
I see the AAAA. Sometimes the HE name server they cert machine resolves against gets negative cache entries. This will typically happen if your NS doesn't have the AAAA when it first queries (misconfiguration or whatever). If you wait a bit, it may just start working.
Same here...I'm able to see the AAAA records...have you been able to re-try the test?
IIRC, when I made the changes that were needed to pass the sage test, it took a couple of days for them to become active.
This happens enough that if I were running the cert stuff, I'd set up a recursive name server dedicated to the cert tests, and run a cron job that flushes the caches every five minutes or so (rndc flush). That way if there was a neg cache or some misconfigured item cached, it would only last five minutes.
I just tried and now it is working again and I could do the test.
Strange as I had always the correct AAAA records in my dns.
Anyhow whatever it is at HE, thanks for the reponse.
Bob
Quote from: jimb on April 22, 2010, 05:42:38 AM
This happens enough that if I were running the cert stuff, I'd set up a recursive name server dedicated to the cert tests, and run a cron job that flushes the caches every five minutes or so (rndc flush). That way if there was a neg cache or some misconfigured item cached, it would only last five minutes.
It does use a local caching recursor. Alas, the only way to do that and make it available to the various testing bits is to make it the system global one. Restarting it that often has caused issues in the brief window when it's restarting.
Consider it an additional educational element on DNS TTL values. ;-)
Quote from: kcochran on April 22, 2010, 08:19:24 AM
Quote from: jimb on April 22, 2010, 05:42:38 AM
This happens enough that if I were running the cert stuff, I'd set up a recursive name server dedicated to the cert tests, and run a cron job that flushes the caches every five minutes or so (rndc flush). That way if there was a neg cache or some misconfigured item cached, it would only last five minutes.
It does use a local caching recursor. Alas, the only way to do that and make it available to the various testing bits is to make it the system global one. Restarting it that often has caused issues in the brief window when it's restarting.
Consider it an additional educational element on DNS TTL values. ;-)
I wonder if using "rndc flush" would be disruptive? I can see how restarting would cause problems, but with "rndc flush" it doesn't stop the DNS server, just tells it to dump its cache (presumably negative cache entries too). Presuming you're using BIND.
Yeah I was also thinking that it's sort of part of the deal to have to wait for DNS if you dork it up, since the same thing would happen in a non test scenario too. :)