[dns-operations] Unplanned DLV zone outage on 2009-Apr-06

Paul Vixie vixie at isc.org
Tue Apr 7 15:59:44 UTC 2009

> I tried to track down the answers to the following by reading
> documentation, but I failed (which probably has more to do with me than
> the documentation).


> Can you configure multiple DLV zones on an unbound or BIND9 validator?


> What's the behaviour in the case that data exists in just one DLV zone,
> and what's the behaviour if multiple DLV zones contain different data?
> What about if one DLV zone is inaccessible, but others aren't?

multiple DLV zones are only described in ISC-TN-2006-1 where each has its
own apex (so, one for ., one for MIL, etc).  there's no specification for
multiple DLV zones at the same apex, and therefore no answer to the above
questions.  (this was not an oversight on my part: i think multiple DLV's
at the same apex would be a bad idea because i studied the outcomes that
come out of drafty answers to the above questions.)

> If you can't configure more than one DLV zone, then surely the single
> point of failure does indeed exist, despite the fact that you get to
> choose the SPOF your validator depends on.


More information about the dns-operations mailing list