[Unbound-users] .PR servfails with Unbound but not with BIND
Paul Wouters
paul at xelerance.com
Wed Sep 9 15:41:31 UTC 2009
On Wed, 9 Sep 2009, Ondřej Surý wrote:
> At first they had removed .PR key from ITAR and after that they had added
> new key - it didn't look like regular well planned rollover.
No, they first added the new key to their zone on Aug 19. Then they removed
the old key from their zone on Sep 4.
But even now, they are still refering to the old key themselves at some
places, such as: http://dnssec.nic.pr/serverconf.php
(Also their SSL negotiation on https://dnssec.nic.pr/ is still failing)
> Also if .PR knew that their key is in DLV registry, that should
> exchange their key in DLV as well.
Yes. Anyone with a key in the DLV should make sure its updated before
they remove the old key. I too believe that's a mistake from the PR people.
Paul
More information about the Unbound-users
mailing list