XMPP Service Operators - 2022-08-07


  1. mjk

    Martin, DNS issues? I see s2s DNS failures trying to join a MUC @chat.diebesban.de

  2. Martin

    https://files.mdosch.de/upload/9n1Gt1Pj1FQVpr7wH6imLTWx/siCBgFBxS8-uYreYll5ICw.jpg

  3. Martin

    mjk: looks good here. Maybe dns issue on your side?

  4. mjk

    🤷️

  5. mjk

    on xmpp.is' side, then

  6. Martin

    Checked some big DNS servers and seems clownflare is not resolving it: > xmpp-dns --resolver 1.1.1.1 -st chat.diebesban.de > No server SRV records found.

  7. mjk

    heh

  8. Martin

    Google and quad9 are working without issues.

  9. mjk

    Martin: thanks for investigating!

  10. Martin

    np

  11. Martin

    Just avoid working with clowns. :D

  12. mjk

    and clots

  13. Martin

    Weird, looks like clownflare is the only one refusing to resolve diebesban.de; https://www.nslookup.io/domains/diebesban.de/dns-records/#cloudflare

  14. Holger

    Martin, I was going to recommend a tool for checking the DNS setup but seems you found it already.

  15. Martin

    ^^

  16. Menel

    Interesting.. Cloudflare DNS recently also had issues with the https://www.kuketz-blog.de/ website. I wonder why.. Such a big service should just work generally

  17. Martin

    > Just avoid working with clowns. :D ^

  18. Martin

    Checked some big DNS servers and seems clownflare is not resolving it: > xmpp-dns --resolver 1.1.1.1 -st chat.diebesban.de > No server SRV records found.

  19. Martin

    Google and quad9 are working without issues.

  20. Martin

    np

  21. Martin

    Just avoid working with clowns. :D

  22. Martin

    Weird, looks like clownflare is the only one refusing to resolve diebesban.de; https://www.nslookup.io/domains/diebesban.de/dns-records/#cloudflare

  23. Martin

    ^^

  24. Martin

    > Just avoid working with clowns. :D ^

  25. Menel

    Your client again Martin 😄

  26. Martin

    This type of debugging is exactly why I wrote it. I got tired of those dig and testssl commands…

  27. Menel

    I love thay software.. But I meant your same messages are repeating often again

  28. Zash

    1.1.1.1 says SERVFAIL, and returns the SRV record if you ask it to disable (DNSSEC) checking (`dig +cd`), so maybe a DNSSEC issue?

  29. Zash

    https://dnsviz.net/d/chat.diebesban.de/Yu-stQ/dnssec/ does look a bit off.

  30. Martin

    Hmm, `delv` is happy here… :(

  31. Martin

    I'm no expert about DNSSEC but dnsviz itself links to https://dnssec-debugger.verisignlabs.com/chat.diebesban.de which says all good. :-/

  32. Zash

    To me it looks like there may have been some wonky key rotation a few days ago with some leftover signatures that should be fine to just ignore. Maybe 1.1.1.1 is more sensitive, or maybe it has something cached from an earlier point where it was broken.

  33. Martin

    Just had a look and it seems 1.1.1.1 is resolving diebesban.de again. :)

  34. Martin

    mjk: Maybe you can try to rejoin the dino-win MUC.

  35. Zash

    caches work in mysterious ways