Maintained by: NLnet Labs

[Unbound-users] .PR servfails with Unbound but not with BIND

Stephane Bortzmeyer
Wed Sep 9 09:07:59 CEST 2009


On Tue, Sep 08, 2009 at 05:08:23PM +0200,
 Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote 
 a message of 126 lines which said:

> % dig SOA pr.
> 
> ; <<>> DiG 9.5.1-P3 <<>> SOA pr.
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 940

It works now. The DLV registry at ISC updated the key. Apparently, the
.PR people rolled over with a very short notice and anyone using DLV
or manual tracking of keys will have experienced the problem.

Lesson learned: activating DNSSEC validation today is only for
playing and should not be done in a production environment.