dnssec-delegation seems to be broken from .gov to bls.gov
Bhangui, Sandeep - BLS CTR
Bhangui.Sandeep at bls.gov
Wed Dec 6 12:53:44 UTC 2023
Hi
It seems the DNSSEC delegation is broken from ".gov" to bls.gov domain and due to which the records for bls.gov are considered as bogus and we are having issues at our site.
It looks like we were in the process of KSK rollover and that may have caused the issue as things were fine till yesterday.
As we troubleshoot this issue was wondering whether from our master DNS server can we use some option in named.conf so that dnssec verification is NOT done for any bls.gov DNS lookups from outside to get a quick fix to this problem.
Currently DNS lookups from outside are flaky and I believe the reason behind that being that the DNSSEC delegation is broken.
>From the output at dnsviz.net analyzing for bls.gov it seems that KSK rollover for bls.gov is the issue.
Basically, trying to see if I can get a quick interim fix till we resolve the issue correctly.
Please advise.
Thanks
Sandeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231206/ba66d986/attachment.htm>
More information about the bind-users
mailing list