dnssec-lookaside auto key expiration

Victoria Risk vicky at isc.org
Wed Mar 25 18:39:59 UTC 2020

We apparently let our signatures on dlv.isc.org expire. We are fixing it now. We apologize for this.

This was an accident - we did *not* do this on purpose - but infact, this is a good time for anyone who still has dlv.isc.org configured to REMOVE it from your BIND configuration. The zone is empty, lookups to the zone do nothing beneficial, and as has just been demonstrated, when the zone is bogus, it can have a negative impact.

I expect we will have some message here or on Twitter when the issue is finally resolved, but I don’t want to interrupt the person who is currently working on fixing it. 

As we are removing other obsolete features, we are tracking them along with the newly added features on the BIND Significant Features Matrix. https://kb.isc.org/docs/aa-01310  The DLV was actually removed from 9.16 so as later versions are adopted, it will no longer even be possible to run named with the dlv configured. 

Vicky Risk

Victoria Risk
Product Manager
Internet Systems Consortium
vicky at isc.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200325/322e0851/attachment-0001.htm>

More information about the bind-users mailing list