On Sep 9, 2009, at 9:07 AM, Stephane Bortzmeyer wrote: > On Tue, Sep 08, 2009 at 05:08:23PM +0200, > Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote > a message of 126 lines which said: > >> % dig SOA pr. >> >> ; <<>> DiG 9.5.1-P3 <<>> SOA pr. >> ;; global options: printcmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 940 > > It works now. The DLV registry at ISC updated the key. Apparently, the > .PR people rolled over with a very short notice and anyone using DLV > or manual tracking of keys will have experienced the problem. > > Lesson learned: activating DNSSEC validation today is only for > playing and should not be done in a production environment. .SE has been in production mode for the last 2.5 years. It has been working very well in Sweden with all the major resolver operators performing DNSSEC validaion. I would rather say that DLV is not ready for use in a production environment. -- patrik_wallstrom->foodfight->pawal at blipp.com->+46-733173956 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2210 bytes Desc: not available URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20090909/0d4ddd4b/attachment.bin>