3 new servers couldn't download the key for '.' and there really wasn't any indication
Drew Weaver
drew.weaver at thenap.com
Wed Oct 30 13:36:51 UTC 2024
Hello,
We recently replaced 3 BIND 9 servers with newer ones.
For whatever reason during the initial setup process the 3 servers all failed to download the dnssec key for '.' And there was no indication whatsoever that this failed.
I would propose that if the server is configured as a caching nameserver that if it cannot download the key the service shouldn't start at all or there should be some very forceful indication that it didn't work.
Also does anyone know under what conditions that process fails?
I'd like to avoid this in the future.
Thanks,
-Drew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20241030/b2a6ee5f/attachment-0001.htm>
More information about the bind-users
mailing list