[dns-operations] DNSSEC, DLV, and delegation-only
Michael Graff
michael_graff at isc.org
Thu May 14 22:43:06 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Craig Leres wrote:
> It seems as if DLV has degraded over the last few weeks and if I
> can't come up with working config I'm probably going to have to
> turn it off. I hate to do it but I can't take many more service
> hits (the se TLD has been down for more than 24 hours) and I don't
> see a solution in site.
We have made no changes to the zone signing procedures in well over a
month. The only significant change recently was the addition of .gov
TLD. The keys referred to from se.dlv.isc.org are correct and refer to
the two KSKs in the .se zone. All 10 .se servers are responding with
identical DNSKEY information. All dlv.isc.org servers report identical
information.
If you manually configure a trusted key for .se, does this problem go
away? This problem suddenly started only 24 hours ago, but we have made
no changes to the dlv.isc.org zone during that time frame.
- --Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoMnnkACgkQLdqv0r6eD6aMAwCggmMr+SfybN4EFzSNtCugeWX/
aG8AnR1z2RZwaVBRYiRNIHuqoXNvzMrK
=ltu/
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list