[Yeti DNS Discuss] Resolved! Yeti signatures missing: reconfigure your resolvers

Akira Kato kato at wide.ad.jp
Fri May 11 08:55:12 UTC 2018 

Folks,

I was on a plane during the event and not able to help (and even know)
the issue.

WIDE Yeti Root server has no specific rule to pull the zone from WIDE
DM.  It pulls the zone from one of the three DMs, and depending on
when IANA publishes a new zone, it would pull the zone from BII DM.

Regards,

-- Akira Kato

From: Davey Song(宋林健) <ljsong at biigroup.cn>
Subject: [Yeti DNS Discuss] Resolved! Yeti signatures missing: reconfigure your resolvers
Date: Fri, 11 May 2018 08:18:36 +0800

> Now most of servers update the latest root zone (expect
> yeti-dns01.dnsworkshop.org). The problem resolved! 
> 
> Brief report of that failure:  after troubleshooting, it is found that there
> was a power failure days ago stop BII DM generating new ZSK during ZSK
> rollover. And the old ZSK was invalid at that time. Sadly the monitoring
> script (affected by that power failure)did not capture that event. We update
> the scripture to check the whole zone before publish it and add more client
> agent to monitor DM. 
> 
> I'm sorry for that loss. We could have reacted more promptly yesterday
> middle night. 
> 
> Davey
> 
>> -----邮件原件-----
>> 发件人: discuss [mailto:discuss-bounces at lists.yeti-dns.org] 代表 Stephane
>> Bortzmeyer
>> 发送时间: 2018年5月11日 0:36
>> 收件人: discuss at lists.yeti-dns.org
>> 主题: [Yeti DNS Discuss] Yeti signatures missing: reconfigure your
> resolvers
>> 
>> Today, the Yeti root name servers stopped sending signatures with the
> data. As
>> a result, validating DNS resolvers using the Yeti root stopped working,
>> returning SERVFAIL to queries.
>> 
>> If you use a Yeti resolver, change to a non-Yeti one, or, if you are the
> resolver
>> administrator, change to another root, while the problem is still there.
>> _______________________________________________
>> discuss mailing list
>> discuss at lists.yeti-dns.org
>> http://lists.yeti-dns.org/mailman/listinfo/discuss
> 
> 
> 
> _______________________________________________
> discuss mailing list
> discuss at lists.yeti-dns.org
> http://lists.yeti-dns.org/mailman/listinfo/discuss

More information about the discuss mailing list