[Pdns-users] DNSSEC failure on non-DNSSEC subdomain
Peter van Dijk
peter.van.dijk at netherlabs.nl
Fri Feb 24 19:33:34 UTC 2012
Hello Ask,
On Feb 24, 2012, at 20:12 , Ask Bjørn Hansen wrote:
> develooper.org is using DNSSEC (NSEC, native in PowerDNS - show-zone output below). l.develooper.org is pointed to a different set of nameservers with no DS record (they don't have DNSSEC configured).
>
> This morning I got a report that DNSSEC validating resolvers stopped being able to get to the l.develooper.org names (cpan-global.l.develooper.org specifically). Not sure if it being Thursday yesterday is related or if it was broken all along.
This was reported to pdns-dev earlier today; I responded there including a (not very well-tested!) patch: http://mailman.powerdns.com/pipermail/pdns-dev/2012-February/001095.html
Another user reported this to us very recently; we're working with him to get a robust fix out soon. Our apologies for the troubles.
Kind regards,
Peter van Dijk
More information about the Pdns-users
mailing list