I want to know why I suddenly can't resolve names.

Mon Aug 19 00:51:14 UTC 2024

This will be my first email. Sorry for any rough edges.

ISSUE:: I am using a DNS server in Japan. The DNS server failed to resolve
the domain name on August 2, 2024. It automatically recovered after a
while. The following message was recorded in the logs

logs::

log1: validating @0xXXXXXXXXXXXXXXXX: dlv.isc.org DNSKEY: verify failed due
to bad signature (keyid=xxxxxxx): RRSIG has expired

log2: validating @0xXXXXXXXXXXXXXXXX: domain.example.com A: bad cache hit (
domain.example.com.dlv.isc.org/DLV)

timestamp:: Failure date: 2024.08.02 00:39:30 (JST) Failure recovery date:
2024.08.02 05:06:06 (JST)

env:: CentOS release 6.4
(Final) BIND version: bind-9.8.2-0.68.rc1.el6_10.8.x86_64 Execution user:
/group:root / named

Considerations:: There were no other physical or internal OS failures. From
the fact that the recovery was automatic, I am guessing that there was a
failure or maintenance in the dlv repository for verification. If you have
any other information related to the cause of the problem, we would
appreciate it if you could share it with us.

Discussion::
I know that “Look aside validation” has already been discontinued, but I
have a question to isolate the cause.
I would like to know why “Look aside validation” has already been
discontinued, yet the system usually operates without problems.
There were no other physical or internal OS failures.
The system recovered automatically.
I am guessing that it was caused by the dlv repository for validation.
If anyone has any other information relate
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240819/7ceb6afa/attachment.htm>