-
mjk
Martin, DNS issues? I see s2s DNS failures trying to join a MUC @chat.diebesban.de
-
Martin
https://files.mdosch.de/upload/9n1Gt1Pj1FQVpr7wH6imLTWx/siCBgFBxS8-uYreYll5ICw.jpg
-
Martin
mjk: looks good here. Maybe dns issue on your side?
-
mjk
🤷️
-
mjk
on xmpp.is' side, then
-
Martin
Checked some big DNS servers and seems clownflare is not resolving it: > xmpp-dns --resolver 1.1.1.1 -st chat.diebesban.de > No server SRV records found.
-
mjk
heh
-
Martin
Google and quad9 are working without issues.
-
mjk
Martin: thanks for investigating!
-
Martin
np
-
Martin
Just avoid working with clowns. :D
-
mjk
and clots
-
Martin
Weird, looks like clownflare is the only one refusing to resolve diebesban.de; https://www.nslookup.io/domains/diebesban.de/dns-records/#cloudflare
-
Holger
Martin, I was going to recommend a tool for checking the DNS setup but seems you found it already.
-
Martin
^^
-
Menel
Interesting.. Cloudflare DNS recently also had issues with the https://www.kuketz-blog.de/ website. I wonder why.. Such a big service should just work generally
-
Martin
> Just avoid working with clowns. :D ^
-
Martin
Checked some big DNS servers and seems clownflare is not resolving it: > xmpp-dns --resolver 1.1.1.1 -st chat.diebesban.de > No server SRV records found.
-
Martin
Google and quad9 are working without issues.
-
Martin
np
-
Martin
Just avoid working with clowns. :D
-
Martin
Weird, looks like clownflare is the only one refusing to resolve diebesban.de; https://www.nslookup.io/domains/diebesban.de/dns-records/#cloudflare
-
Martin
^^
-
Martin
> Just avoid working with clowns. :D ^
-
Menel
Your client again Martin 😄
-
Martin
This type of debugging is exactly why I wrote it. I got tired of those dig and testssl commands…
-
Menel
I love thay software.. But I meant your same messages are repeating often again
-
Zash
1.1.1.1 says SERVFAIL, and returns the SRV record if you ask it to disable (DNSSEC) checking (`dig +cd`), so maybe a DNSSEC issue?
-
Zash
https://dnsviz.net/d/chat.diebesban.de/Yu-stQ/dnssec/ does look a bit off.
-
Martin
Hmm, `delv` is happy here… :(
-
Martin
I'm no expert about DNSSEC but dnsviz itself links to https://dnssec-debugger.verisignlabs.com/chat.diebesban.de which says all good. :-/
-
Zash
To me it looks like there may have been some wonky key rotation a few days ago with some leftover signatures that should be fine to just ignore. Maybe 1.1.1.1 is more sensitive, or maybe it has something cached from an earlier point where it was broken.
-
Martin
Just had a look and it seems 1.1.1.1 is resolving diebesban.de again. :)
-
Martin
mjk: Maybe you can try to rejoin the dino-win MUC.
-
Zash
caches work in mysterious ways