[dns-operations] Unplanned DLV zone outage on 2009-Apr-06

Michael Graff michael_graff at isc.org
Mon Apr 6 20:30:06 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Edward Lewis wrote:
> At 14:59 -0500 4/6/09, Michael Graff wrote:
> 
> This is where I'd be interested in more detail on these points:
> 
>> The roll script failure
> 
> Curious if it were, say, "the private key file for the KSK didn't get
> transferred to disk because the partition was full and the script didn't
> account for that" or some other technical reason.

It was actually fairly simple:  The script was written assuming the
DNSKEY lines were multi-line format, and the data in the dlv.isc.org
file was single-line.  When the script proceeded to search for the ()
markers, it failed to find them, and simply ignored the lines.

The new key inserted had them, of course, so that was the only key which
was used in signing.

I will certainly be providing "what ISC does for dlv.isc.org" page as
soon as we finish making certain that our current list of requirements
is as bullet-proof as possible.

- --Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknaZk4ACgkQLdqv0r6eD6Z6LQCfWpBzKo/R3Ex6RtvwGAD4H7Zl
gZgAn1H9kC7/oqWhUjDCTzVn4+Z+ujkh
=hQOq
-----END PGP SIGNATURE-----



More information about the dns-operations mailing list