I am using DNSSEC for more than 5 years now (never had a problem so far), but after upgrading to the latest bind-9.16.4 the verification fails using Verisign's DNSSEC Validator.
I reverted back to 9.14.12 and everything works as expected. First I started upgrading my secondary DNS-Server (primary left untouched !!!) to 9.16.4 - restarted named and everything seems to be OK. So I tested with Verisign's DNSSEC Validator https://dnssec-analyzer.verisignlabs.com/ before upgrading my primary DNS. And Verisign reported an error -> All Queries to secondary.my-dnsserver-domain.com for my-domain.com/A timed out or failed Test Results: https://ibb.co/7QLVJsC Any ideas? .or should I upgrade both servers before I do my first test (not only the secondary server)? As I said, I only updated my secondary server and left my primary server untouched! Are there any related upgrade issues from from 9.14.12 to 9.16.4, which I should take care first (do I have to update something in my configs)? Is it possible to keep my already signed zones of my 9.14.12 installation? Or do I have to re-sign anything?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
