Reverse lookup failing when arpa.dlv.isc.org appeared
Michael Sinatra
michael at rancid.berkeley.edu
Sat Mar 27 21:58:38 UTC 2010
On 03/25/10 05:21, Chris Thompson wrote:
> I'll be reporting this to bind-bugs, but I thought I would mention it here
> in case others can confirm the effect.
>
> Our two main ecursive nameservers used DNSSEC validation via dlv.isc.org.
> In the past we have had suspicions that there are glitches when new entries
> appear in the DLV zone. For example, we got reports that users were
> temporarily unable to access CERN web sites on the morning that "cz"
> went into dlv.isc.org.
I saw the same effect within the GOV domain, when the GOV trust-anchor
was re-added to the ISC DLV last May:
https://lists.dns-oarc.net/pipermail/dns-operations/2009-May/003867.html
This is not a DLV-only issue; my experience is that it also affects
manually (or semi-automatically via scripts that modify
named-trustedkeys) updated trust-anchors. 'rndc flush' is necessary to
fix it.
michael
More information about the bind-users
mailing list