lists.isc.org rDNS failed, DNSSEC?

Mark Andrews marka at isc.org
Thu Feb 23 22:47:08 UTC 2012


There was a issues with the delegation of some zones.  NS records
were not added to the parent zone when they should have been but
the scripts which sign the zones added DS records which caused the
parent zone not to be resigned.  The signatures for the parent zone
eventually expired which caused resolution failures for all the
children of the parent zone rather than just the zones with a broken
delegation.

The scripts that sign the zones did report the error but those
reports were overlooked.

Operations is looking at their proceedures and what additional
checking can be done to prevent a repeat.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list