[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
/g/ - Technology
Return Catalog Bottom Refresh
Thread archived.
You cannot reply anymore.
[Advertise on 4chan]
[Return] [Catalog] [Bottom]
Anonymous Archived
All german domains nuked No.108761019
File: bl0w6y1lktq51.jpg (44 KB, 530x499)
44 KB JPG
All german domains nuked  No.108761019 Archived
Orange Reddit and German Reddit are on the case. Total fucking .deATH

https://www.reddit.com/r/de_EDV/comments/1t4qlrg/psa_die_dezone_l%C3%B6st_gerade_gro%C3%9Ffl%C3%A4chig_nicht_mehr/
https://news.ycombinator.com/item?id=48027897
>>
Anonymous
 No.108761085
 No.108761085
File: works on my machine.jpg (37 KB, 630x630)
37 KB JPG
>>
Anonymous
 No.108761178
 No.108761178
>>108761085
Hey my house is on fire!
>Strange, my house is fine? Skill issue.
>>
Anonymous
 No.108761188
 No.108761188
>>108761019
Sorry, I was trying to fix my DSLite tunnel to play Dota 2, won't happen again.
>>
Anonymous
 No.108761191
 No.108761191
>>108761019
...and nothing was lost.
>>
Anonymous
 No.108761216
 No.108761216
>>108761019
>>108761191
Too bad 4chan doesn't use a .de domain, Hurensöhne.
>>
Anonymous
 No.108761249
 No.108761249
>>108761216
Ehrenlose Kartoffel.
>>
Anonymous
 No.108761264
 No.108761264
>>108761019
Who the fuck cares? Ever since fefe had his stroke there are zero German websites left worth reading.
>>
Anonymous
 No.108761265
 No.108761265
i `dig`-ed google.de using different servers:
google (8.8.8.8) amd cloudflare (1.1.1.1) are okay.
quad9 (9.9.9.9) => no A address
Nord okay.
Mullvad and another VPN provider => no address
>>
Anonymous
 No.108761285
 No.108761285
>>108761019
>these are the tech experts that want to force you to dox yourself for the children
>>
Anonymous
 No.108761309
 No.108761309
was studiert ihr denn so
>>
Anonymous
 No.108761362
 No.108761362
>>108761309
Ich bin 40, also offensichtlich Philosophie der Sozialpädagogik.
>>
Anonymous
 No.108761363
 No.108761363
File: 1697208261978813.jpg (34 KB, 553x407)
34 KB JPG
>>108761019
>TFW my own private cloud is reachable
>TFW my friends and I are chilling on my teamspeak and laughing our asses off because I was too much of a cheapskate to get a .de tld
FEELS GOOD MAN, FEELS SO GOOD MAN.
Still tried fucking around with DNS for two hours though.
>>
Anonymous
 No.108761371
 No.108761371
>>108761019
one guess is DNSSEC is involved.
https://news.ycombinator.com/item?id=48027897
There are big sites not working.
examples: ebay.de, kleinanzeigen.de,
welt.de, bild.de, t-online.de, zeit.de,
spiegel.de,
bahn.de, adac.de,
>>
Anonymous
 No.108761383
 No.108761383
File: 1645679299221.png (385 KB, 563x498)
385 KB PNG
>>108761363
>wrong pic
Generational Fumble, fuck my life.
>>108761309
Informatik, was sonst?
>>
Anonymous
 No.108761409
 No.108761409
>>108761309
https://www.youtube.com/watch?v=39UDZMgPg5k
>>
Anonymous
 No.108761421
 No.108761421
File: deTLD.png (60 KB, 800x600)
60 KB PNG
>>108761363
>>108761383
https://www.youtube.com/watch?v=np2ymo0iMfk
Us btw
>>
Anonymous
 No.108761453
 No.108761453
>>108761371
okay. following up on >>108761265, it actually looks like Nord's DNS servers are the one's consistently working with these sites. e.g.
% dig @103.86.96.100 +tls +noall +answer welt.de
;; Warning: Client COOKIE mismatch
welt.de.        207    IN    A    75.2.108.245
>>
Anonymous
 No.108761475
 No.108761475
>>108761453 (Me)
>looks like Nord's DNS servers are the one's consistently working
from the few providers that i tested, that is. it's probably not the only one.
and this is not a Nord ad. i don't use Nord or Mullvad, the two VPN providers i mentioned by name.
>>
Anonymous
 No.108761492
 No.108761492
>>108761019
Denic Team literally drunk on the job right now
>>
Anonymous
 No.108761510
 No.108761510
>>108761453 (Me)
and this brings the question: was shoving application-level features like SVCB into DNS really a good idea?
>>
Anonymous
 No.108761524
 No.108761524
>>108761510
>was shoving X features into Y a good idea
It never is
>>
Anonymous
 No.108761559
 No.108761559
File: cloudflare.jpg (48 KB, 1103x171)
48 KB JPG
so cloudflare can just switch the encryption off when they feel like it?
>>
Anonymous
 No.108761585
 No.108761585
>>108761559
it's got nothing to do with encryption, it's validation. and yes, they can just omit the validation if they feel like it.
>>
Anonymous
 No.108761654
 No.108761654
>>108761264
The sad truth.
>>
Anonymous
 No.108761704
 No.108761704
>>108761585
was literally just explaining my coworker in operational services the difference
>>
Anonymous
 No.108761724
 No.108761724
>>108761492
This is a targeted attack on german infrastructure.

Alle Rentner müssen verrecken.
>>
Anonymous
 No.108761749
 No.108761749
>>108761654
I miss that motherfucker like you wouldn't believe. Wasn't often that I'd agree with him but god damn he was one of the last real ones.
>>
Anonymous
 No.108761795
 No.108761795
It's comming back slowly but not bc DENIX fixed it. Cloudflare seems to have disabled the DNSSEC resolver.
>>
Anonymous
 No.108761865
 No.108761865
>>108761795
Should be solved but it takes time until all dns servers get the updated zones.
>>
Anonymous
 No.108761869
 No.108761869
I have read this entire thread. OK.


Soooo ... what actually happened?
>>
Anonymous
 No.108761943
 No.108761943
>>108761869
>The cause appears to be a failed DNSSEC ZSK rollover at DENIC. DENIC signed zone data with the ZSK key Keytag 33834 but did not publish this key in the DNSKEY record. Every DNSSEC-validating resolver considers the signature invalid and responds with `SERVFAIL` and the error: “EDE: 6 (DNSSEC Bogus): RRSIG with malformed signature found for de/soa (keytag=33834)”
>>
Anonymous
 No.108761944
 No.108761944
>>108761869
The cause appears to be a failed DNSSEC ZSK rollover at DENIC. DENIC signed zone data with the ZSK key tag 33834, but did not publish this key in the DNSKEY record. Every DNSSEC-validating resolver considers the signature invalid and responds with SERVFAIL and the following error:

EDE: 6 (DNSSEC Bogus): RRSIG with malformed signature found for de/soa (keytag=33834)
>>
Anonymous
 No.108761957
 No.108761957
>>108761869
ELI5, as far as I understand what seems to be the current overall picture:
New signatures were set active for DNSSEC (a security mechanism which makes sure, your DNS (like a phonebook) replies have not been interceoted and were not read by third parties). This broke a few things which were not ready for this.
>>
Anonymous
 No.108763733
 No.108763733
File: 18237561395.png (24 KB, 666x666)
24 KB PNG
>>108761085
[Return] [Catalog] [Top]
Post a Reply
Return Catalog Top Refresh
[Advertise on 4chan]
Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.