Maintained by: NLnet Labs

[Unbound-users] .PR servfails with Unbound but not with BIND

Patrik Wallstrom
Wed Sep 9 14:46:19 CEST 2009


On Sep 9, 2009, at 9:07 AM, Stephane Bortzmeyer wrote:

> On Tue, Sep 08, 2009 at 05:08:23PM +0200,
> Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote
> a message of 126 lines which said:
>
>> % dig SOA pr.
>>
>> ; <<>> DiG 9.5.1-P3 <<>> SOA pr.
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 940
>
> It works now. The DLV registry at ISC updated the key. Apparently, the
> .PR people rolled over with a very short notice and anyone using DLV
> or manual tracking of keys will have experienced the problem.
>
> Lesson learned: activating DNSSEC validation today is only for
> playing and should not be done in a production environment.

.SE has been in production mode for the last 2.5 years. It has been  
working very well in Sweden with all the major resolver operators  
performing DNSSEC validaion. I would rather say that DLV is not ready  
for use in a production environment.

-- 
patrik_wallstrom->foodfight->pawal at blipp.com->+46-733173956

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2210 bytes
Desc: not available
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20090909/0d4ddd4b/attachment.bin>