Re: DNS Failures - All of a sudden today 20200325

To: yancm%sdf.org@localhost
Subject: Re: DNS Failures - All of a sudden today 20200325
From: reed%reedmedia.net@localhost
Date: Wed, 25 Mar 2020 15:53:00 -0500 (CDT)

On Wed, 25 Mar 2020, yancm%sdf.org@localhost wrote:

> Another user on the ISC list suggested setting
>   dnssec-lookaside no;
> Which also feels risky.

Comment out or remove the NetBSD provided configuration for that in 
named.conf.

> And generically ISC suggested all users remove the dlv.isc.org zone from
> their configuration...because the zone is empty and if removed would not
> cause
> the expired key to fail dns...
> 
> My only problem is I do not know how to remove as I cannot find this zone in
> my configuration.

Not a zone but a managed keys (or trusted keys) configuration.
Remove the reference to it (a few lines) from your bind keys file, 
probably at /etc/namedb/bind.keys
If you have managed-keys or trusted-keys with it elsewhere remove those 
lines there too.
But be sure to keep the DNS root zone's keys.

(Looking at my old sent-mail, I tested and reported about this scenario 
in May 2014.)

References:
- DNS Failures - All of a sudden today 20200325
  - From: yancm

Prev by Date: Re: trouble resolving protonmail.ch, dnssec, seems netbsd-specific maybe
Next by Date: Re: DNS Failures - All of a sudden today 20200325
Previous by Thread: DNS Failures - All of a sudden today 20200325
Next by Thread: Re: DNS Failures - All of a sudden today 20200325
Indexes:

Home | Main Index | Thread Index | Old Index