[Yeti DNS Discuss] First KSK rollover in Yeti Testbed
Stephane Bortzmeyer
bortzmeyer at nic.fr
Sun Jul 12 10:22:26 UTC 2015
On Sat, Jul 11, 2015 at 03:35:31PM +0200,
Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote
a message of 39 lines which said:
> I'm not sure that this timing was correct. At least one Yeti resolver
> now SERVFAILs (see the thread "Problem in the rollover?" on this
> mailing list).
A second of my resolvers failed. Unbound, too. A BIND machine is OK
(may be BIND 9.9.5 does not implement the hold-down of RFC 5011, which
seems to be the source of the problem?)
Nobody reported the problem, besides me? Am I unlucky or are there very
few Yeti resolvers?
I had to edit the "autokey" file and change manually the trust anchor
to key 55954 :-(
More information about the discuss
mailing list