named stops resolving anything -- dnssec issue
Mail Lists
lists at sapience.com
Sun Apr 5 16:00:34 UTC 2009
On 04/05/2009 09:17 AM, Chuck Anderson wrote:
>> It appears that the DNSSEC key on the root servers has changed, but I
>> have forgotten how to download the root keys. I'll have to dredge
>> through the manpages to remember. For now, I, too, have had to disable
>> DNSSEC.
(1) I assume there must be a clear and robust mechanism to enable keys
to change (since they all expire) without causing DNS outages ?
What is the mechanism ? Or does one need to be created. I would assume
that the keys can both be valid for some overlapping period of time for
example - or that the older key can approve the newer key so the update
is automatic (less secure but way more robust than any hand required
method). Perhaps yum can play a role ?
I cannot imagine a world where the world stops every time a key
updates ..
>
> There was an outage on dlv.isc.org that has now been repaired
> according to folks at the ISC.
(2) Why would one server prevent bind from working at all ?
More information about the fedora-test-list
mailing list