DNSSEC ISSUE (Msg: Request is not signed)

Curt Sampson cjs at cynic.net
Mon Jul 23 06:07:48 UTC 2007

On Wed, 18 Jul 2007, Edward Lewis wrote:

> At 6:30 +0900 7/18/07, Curt Sampson wrote:
>> And that makes me rather nervous given how much stuff would stop
>> working if my master server loaded some incorrectly signed data.
> At this point, a lot of folks rely on alcohol to quell the nervousness.
> ...
> One practice would be to have a script that runs remotely, looking up
> and testing your essential public services.

I implement both practices. :-)

In fact, all my monitoring systems do lookups though authenticating
servers, so DNS going down will trigger alarms. Still, it'd be nice to
know before the records go out, rather than after.

I've not had a problem yet, at least not since I started using a separate
ZSK for each zone, so perhaps I'm just a worry-wart.

Curt Sampson         <cjs at cynic.net>         +81 90 7737 2974
The power of accurate observation is commonly called cynicism
by those who have not got it.    --George Bernard Shaw

More information about the bind-users mailing list