Hi It seems the DNSSEC delegation is broken from ".gov" to bls.gov domain and due to which the records for bls.gov are considered as bogus and we are having issues at our site.
It looks like we were in the process of KSK rollover and that may have caused the issue as things were fine till yesterday. As we troubleshoot this issue was wondering whether from our master DNS server can we use some option in named.conf so that dnssec verification is NOT done for any bls.gov DNS lookups from outside to get a quick fix to this problem. Currently DNS lookups from outside are flaky and I believe the reason behind that being that the DNSSEC delegation is broken. >From the output at dnsviz.net analyzing for bls.gov it seems that KSK rollover >for bls.gov is the issue. Basically, trying to see if I can get a quick interim fix till we resolve the issue correctly. Please advise. Thanks Sandeep
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
