[dns-operations] [Dnssec-deployment] .uk validation failure
Paul Hoffman
paul.hoffman at vpnc.org
Sun Sep 12 14:44:34 UTC 2010
At 11:32 AM +0200 9/12/10, Anand Buddhdev wrote:
>In case anyone is having problems looking up names in .uk, and doesn't
>know why, here is the reason:
>
>http://tinyurl.com/23vreu3
>
>I lookup failures on our resolvers last night, and after I noticed that
>the ZSK in our cache was different from the one served by the .uk
>servers, I concluded that something had gone wrong with ZSK roll-over,
>so I flushed our caches.
It would be very useful to hear from someone at Nominet why "the backup system did not use the exact same Zone Signing Keys (ZSK)" so that others who are using HSMs know what to look out for.
--Paul Hoffman, Director
--VPN Consortium
More information about the dns-operations
mailing list