[dns-operations] Unplanned DLV zone outage on 2009-Apr-06

Michael Graff michael_graff at isc.org
Mon Apr 6 20:30:06 UTC 2009

Hash: SHA1

Edward Lewis wrote:
> At 14:59 -0500 4/6/09, Michael Graff wrote:
> This is where I'd be interested in more detail on these points:
>> The roll script failure
> Curious if it were, say, "the private key file for the KSK didn't get
> transferred to disk because the partition was full and the script didn't
> account for that" or some other technical reason.

It was actually fairly simple:  The script was written assuming the
DNSKEY lines were multi-line format, and the data in the dlv.isc.org
file was single-line.  When the script proceeded to search for the ()
markers, it failed to find them, and simply ignored the lines.

The new key inserted had them, of course, so that was the only key which
was used in signing.

I will certainly be providing "what ISC does for dlv.isc.org" page as
soon as we finish making certain that our current list of requirements
is as bullet-proof as possible.

- --Michael

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the dns-operations mailing list