broken trust chain
Anand Buddhdev
anandb at ripe.net
Sun Oct 14 12:54:18 UTC 2018
On 14/10/2018 14:17, Cody Allen wrote:
> issue just started on 10/13/2018 both servers impacted at same time, clocks are correct, version of bind is 9.11.1 impacting recursion on internal view, authoritative zones work fine, servers have been running for couple of years or longer with zero problems. most recent version of bind.keys installed. only solution has been to set dnssec-validation to no
On 11 October 2018, at 16:00 UTC, the root zone KSK was rolled. You're
almost certainly affected by this. But saying that "the most recent
version of bind.keys is installed" is meaningless, because I have no
idea what your definition of "most recent" is. At the very least,
provide the key IDs of the keys in your bind.keys file. If you don't
have key ID 20326 in there, you won't be able to do DNSSEC validation.
Regards,
Anand
More information about the bind-users
mailing list