Thank you for your reply. As you said, there is absolutely no negligence on the part of ISC in this case and it is our responsibility. I am contacting you to assist you in isolating the incident.
In the past (2020), when similar expiration problems occurred, a notice was given by bind-user, stating that they would prevent the problem from recurring. The year 2020 is already the year that dlv is no longer recommended, as it is now. So I just wanted to know if there was a similar case this time. Again, I know that the fault is not with dlv and that we are at fault. Just trying to gather information if possible. 2024年8月19日(月) 13:23 Ondřej Surý <ond...@isc.org>: > Additionally, you fail to run supported version of BIND 9. > > Support for DLV had been removed from BIND 9.16.0 and even BIND 9.16 had > reached end-of-life as of this year (after four and something years of > support). > > Ondrej > -- > Ondřej Surý — ISC (He/Him) > > My working hours and your working hours may be different. Please do not > feel obligated to reply outside your normal working hours. > > On 19. 8. 2024, at 5:56, Ondřej Surý <ond...@isc.org> wrote: > > Since you are asking for a cause. > > The cause is that you failed to follow operational advice and kept using > DLV after it has been discontinued. This is entirely on you. > > ISC is keeping dlv.isc.org operational only as a courtesy, and there is > absolutely no SLA. > > Ondrej > -- > Ondřej Surý — ISC (He/Him) > > My working hours and your working hours may be different. Please do not > feel obligated to reply outside your normal working hours. > > On 19. 8. 2024, at 2:51, 秋林峻祐 <jst...@d2c.co.jp> wrote: > > > > This will be my first email. Sorry for any rough edges. > > ISSUE:: I am using a DNS server in Japan. The DNS server failed to resolve > the domain name on August 2, 2024. It automatically recovered after a > while. The following message was recorded in the logs > > I want to know why I suddenly can't resolve names. > > logs:: > > log1: validating @0xXXXXXXXXXXXXXXXX: dlv.isc.org DNSKEY: verify failed > due to bad signature (keyid=xxxxxxx): RRSIG has expired > > log2: validating @0xXXXXXXXXXXXXXXXX: domain.example.com A: bad cache hit > (domain.example.com.dlv.isc.org/DLV) > > timestamp:: Failure date: 2024.08.02 00:39:30 (JST) Failure recovery date: > 2024.08.02 05:06:06 (JST) > > env:: CentOS release 6.4 > (Final) BIND version: bind-9.8.2-0.68.rc1.el6_10.8.x86_64 Execution user: > /group:root / named > > Considerations:: There were no other physical or internal OS failures. > From the fact that the recovery was automatic, I am guessing that there was > a failure or maintenance in the dlv repository for verification. If you > have any other information related to the cause of the problem, we would > appreciate it if you could share it with us. > > Discussion:: > I know that “Look aside validation” has already been discontinued, but I > have a question to isolate the cause. > I would like to know why “Look aside validation” has already been > discontinued, yet the system usually operates without problems. > There were no other physical or internal OS failures. > The system recovered automatically. > I am guessing that it was caused by the dlv repository for validation. > If anyone has any other information relate > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
