[atlas] Wrong TLSA for stat.ripe.net
- Previous message (by thread): [atlas] DNS measurement using the Probe's resolvers
- Next message (by thread): [atlas] Transfer Anchor ownership
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alarig Le Lay
alarig at grifon.fr
Tue Jul 10 00:34:23 CEST 2018
Hi, Since one week or so, I have a TLSA validation error for stat.ripe.net on TCP/443 at each time I visit https://atlas.ripe.net/ and I have the same result from the RIPE nlnog node: alarig at airmure ~ % echo '' | openssl s_client -connect atlas.ripe.net:443 2>/dev/null | openssl x509 -in /dev/stdin -fingerprint -sha256 | grep SHA256 | sed 's/://g' | cut -d '=' -f 2 8248E13AB5CA3BACAC63F15B831DA32F2CD54973EDF74E69B6A614B7295C02B4 alarig at airmure ~ % dig +short -t TLSA _443._tcp.atlas.ripe.net | awk '{ print $4 $5 }' 8248E13AB5CA3BACAC63F15B831DA32F2CD54973EDF74E69B6A614B7295C02B4 alarig at airmure ~ % echo '' | openssl s_client -connect stat.ripe.net:443 2>/dev/null | openssl x509 -in /dev/stdin -fingerprint -sha256 | grep SHA256 | sed 's/://g' | cut -d '=' -f 2 2A2B939449E847374121D4846E3117F23A0283C7B2818ED96C91D2808ABE4C0E alarig at airmure ~ % dig +short -t TLSA _443._tcp.stat.ripe.net | awk '{ print $4 $5 }' E3DC43427AA9F62D1E07BBE108AF62BEE84A454DB579FD57A4FFDFFD5A23E576 grifon at ripe01:~$ echo '' | openssl s_client -connect stat.ripe.net:443 2>/dev/null | openssl x509 -in /dev/stdin -fingerprint -sha256 | grep SHA256 | sed 's/://g' | cut -d '=' -f 2 2A2B939449E847374121D4846E3117F23A0283C7B2818ED96C91D2808ABE4C0E grifon at ripe01:~$ dig +short -t TLSA _443._tcp.stat.ripe.net | awk '{ print $4 $5 }' E3DC43427AA9F62D1E07BBE108AF62BEE84A454DB579FD57A4FFDFFD5A23E576 The commands are ugly but work on atlas.ripe.net. Could you please update it? Regards, -- Alarig Le Lay
- Previous message (by thread): [atlas] DNS measurement using the Probe's resolvers
- Next message (by thread): [atlas] Transfer Anchor ownership
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]