Re: ISC DLV dnssec

2009-04-05 Thread Mark Andrews
In message , R Dicai re writes: > On Sun, Apr 5, 2009 at 8:48 PM, Mark Andrews wrote: > >Named is still able to return answers if you tell it not to > >validate the answers by setting CD=1 in the query. This flag > >is usually used when you have a validating resolver usin

Re: ISC DLV dnssec

2009-04-05 Thread R Dicaire
On Sun, Apr 5, 2009 at 8:48 PM, Mark Andrews wrote: >        Named is still able to return answers if you tell it not to >        validate the answers by setting CD=1 in the query.  This flag >        is usually used when you have a validating resolver using another >        validating resolver to

Re: ISC DLV dnssec

2009-04-05 Thread Mark Andrews
In message , R Dicair e writes: > On Sun, Apr 5, 2009 at 5:40 PM, Mark Andrews wrote: > >> Shouldn't the behaviour for DLV lookups be such that if the query > >> can't be answered by the DLV server, then fall back to a non-dnssec > >> lookup? > > > > =A0 =A0 =A0 =A0No. > > May I ask why?

Re: ISC DLV dnssec

2009-04-05 Thread R Dicaire
On Sun, Apr 5, 2009 at 7:02 PM, Evan Hunt wrote: > vigilant; this particular failure won't occur again.  And we were already > in the process of making dlv.isc.org substantially more robust, so > hopefully any similar breakages that might have come along in the future > will be stopped before the

Re: ISC DLV dnssec

2009-04-05 Thread Evan Hunt
> Could you provide more details as to what specifically caused the fault? > Perhaps then other dns admins may learn something new to look for when > having to troubleshoot a similar problem. I know it would help me > further understand. As I understand it (and I wasn't involved in diagnosing the

Re: ISC DLV dnssec

2009-04-05 Thread R Dicaire
On Sun, Apr 5, 2009 at 5:40 PM, Mark Andrews wrote: >> Shouldn't the behaviour for DLV lookups be such that if the query >> can't be answered by the DLV server, then fall back to a non-dnssec >> lookup? > >        No. May I ask why? I'm sure something was learned from whatever caused the DLV serv

Re: ISC DLV dnssec

2009-04-05 Thread Mark Andrews
In message , R Dicai re writes: > Hi folks, last night the ISC server responsible for responding to DLV > lookups was apparently down. Since all lookups were failing due to a > lack of response from this server, bind couldn't resolve anything at > all. I had to comment out a couple lines in named.

ISC DLV dnssec

2009-04-05 Thread R Dicaire
Hi folks, last night the ISC server responsible for responding to DLV lookups was apparently down. Since all lookups were failing due to a lack of response from this server, bind couldn't resolve anything at all. I had to comment out a couple lines in named.conf to restore function. bind-9.4.3-P2