[Unbound-users] .PR servfails with Unbound but not with BIND
Patrik Wallstrom
pawal at blipp.com
Wed Sep 9 12:46:19 UTC 2009
On Sep 9, 2009, at 9:07 AM, Stephane Bortzmeyer wrote:
> On Tue, Sep 08, 2009 at 05:08:23PM +0200,
> Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote
> a message of 126 lines which said:
>
>> % dig SOA pr.
>>
>> ; <<>> DiG 9.5.1-P3 <<>> SOA pr.
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 940
>
> It works now. The DLV registry at ISC updated the key. Apparently, the
> .PR people rolled over with a very short notice and anyone using DLV
> or manual tracking of keys will have experienced the problem.
>
> Lesson learned: activating DNSSEC validation today is only for
> playing and should not be done in a production environment.
.SE has been in production mode for the last 2.5 years. It has been
working very well in Sweden with all the major resolver operators
performing DNSSEC validaion. I would rather say that DLV is not ready
for use in a production environment.
--
patrik_wallstrom->foodfight->pawal at blipp.com->+46-733173956
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2210 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20090909/0d4ddd4b/attachment.bin>
More information about the Unbound-users
mailing list