[Yeti DNS Discuss] First KSK rollover in Yeti Testbed

Shane Kerr shane at biigroup.cn
Mon Jul 13 10:36:17 UTC 2015


On 2015-07-12 12:22:26+0200 (Sunday)
Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> On Sat, Jul 11, 2015 at 03:35:31PM +0200,
>  Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote 
>  a message of 39 lines which said:
> > I'm not sure that this timing was correct. At least one Yeti resolver
> > now SERVFAILs (see the thread "Problem in the rollover?" on this
> > mailing list).
> A second of my resolvers failed. Unbound, too. A BIND machine is OK
> (may be BIND 9.9.5 does not implement the hold-down of RFC 5011, which
> seems to be the source of the problem?)
> Nobody reported the problem, besides me? Am I unlucky or are there very
> few Yeti resolvers?

I was "lucky" enough to be on vacation, so only noticed it last night
when I got home and was unable to surf for cat pictures^W^W^W^Wcatch up
on important e-mails.

I'm using Unbound, and this hit me at some point as well.
> I had to edit the "autokey" file and change manually the trust anchor
> to key 55954 :-(

I chose the more extreme method of returning to the IANA root servers.
Will revert to Yeti roots shortly!



More information about the discuss mailing list