Hello,
after I did update all my CentOS6 boxes - VMs and router; two of them (one VM and the router) are my local DNS resolvers; and I'm using the DNSSECTLSAvalidator plugin from nic.cz: https://www.dnssec-validator.cz/
before the update this plugin worked using my resolvers, after the update I get: "Failure - bogus DNSSEC reply, DNSSEC validation not possible with current settings" of course, when telling using a custom resolver (the one of nic.cz) it works, but before mine worked, too ...
Thanks, Walter
Earlier today, at 16:00 UTC, a new key was used to sign the root zone DNSKEY RRset. It's a major event in the DNS world, that you appear to have missed completely:
https://www.icann.org/resources/pages/ksk-rollover
You'll probably need to load the new trust anchor into your validating resolvers.
Regards, Anand
On 11/10/2018 22:07, Walter H. wrote:
Hello,
after I did update all my CentOS6 boxes - VMs and router; two of them (one VM and the router) are my local DNS resolvers; and I'm using the DNSSECTLSAvalidator plugin from nic.cz: https://www.dnssec-validator.cz/
before the update this plugin worked using my resolvers, after the update I get: "Failure - bogus DNSSEC reply, DNSSEC validation not possible with current settings" of course, when telling using a custom resolver (the one of nic.cz) it works, but before mine worked, too ...
Thanks, Walter
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Anand Buddhdev -
Walter H.