[mailop] broken ISP in china
Lyle Giese
lyle at lcrcomputer.net
Tue Feb 19 01:27:18 UTC 2013
On 02/18/13 19:02, Tony Finch wrote:
> Lyle Giese <lyle at lcrcomputer.net> wrote:
>> Recently I moved this domain(lcrcomputer.net) to a registrar that suports
>> DNSSEC and inserted the DS record for this domain.
> Was it signed before this point? I am wondering if this is a DNS response
> size problem - was the cause the addition of the DS record, or the
> addition of DNSKEY and RRSIG records?
>
> Tony.
The zone was signed before and was registered with ISC's look aside at
dlv.isc.org and had been for quite a while(at least a year and maybe
two). I made NO changes to the lcrcomputer.net zone itself other than
resign the data every 15 days. It appears to have broken on Feb 6th or
so and that would have been about the time I inserted the DS record.
The only change I have made was insert the DS record into my new
registrar for publishing.
My customer's zone is not signed, has no DKIM and has no SPF records,
never did.
But I am happy with this discussion as I get more than one set of eyes
looking at what I have done and getting some opinions. So I am getting
back that nothing is really wrong.(yea a couple of things I could
tweak..) I had forgotten about those pesky SPF records and am happy to
get rid of them! I may do the same with the DKIM records also.
Thanks to everyone for the feedback.
Lyle Giese
LCR Computer Services, Inc.
More information about the bind-users
mailing list