DLV issue 2020/03/25

2020-03-26 Thread Ray Bellis
The issue with the dlv.isc.org DNSSEC signatures yesterday (2020/03/25) was caused by an undetected failure to restore the virtual machine that runs the hidden master for that zone following a failed upgrade to the underlying hypervisor. As a result of this issue the internet facing servers were u

Re: Non-disruptive migration to dnssec-policy possible?

2020-03-26 Thread Håkan Lindqvist via bind-users
I reported a bug with the requested details: https://gitlab.isc.org/isc-projects/bind9/issues/1706 A related thing that I've noticed in my tests is that "dnssec-policy x" seems to also imply "inline-signing yes"? Is this intended as a strict requirement, it seems a little awkward? On that no

Re: Non-disruptive migration to dnssec-policy possible?

2020-03-26 Thread Shumon Huque
On Thu, Mar 26, 2020 at 3:35 PM Håkan Lindqvist via bind-users < bind-users@lists.isc.org> wrote: > > A related thing that I've noticed in my tests is that "dnssec-policy x" > seems to also imply "inline-signing yes"? > Is this intended as a strict requirement, it seems a little awkward? > I'm su

Re: Non-disruptive migration to dnssec-policy possible?

2020-03-26 Thread Mark Andrews
dnssec-policy should be independent of inline-signing. If it isn’t then it is a bug. It just people like editing master files rather than using nsupdate to make changes. > On 27 Mar 2020, at 08:02, Shumon Huque wrote: > > On Thu, Mar 26, 2020 at 3:35 PM Håkan Lindqvist via bind-users > wro

Re: Non-disruptive migration to dnssec-policy possible?

2020-03-26 Thread Håkan Lindqvist via bind-users
On 2020-03-26 23:00, Mark Andrews wrote: dnssec-policy should be independent of inline-signing. If it isn’t then it is a bug. It just people like editing master files rather than using nsupdate to make changes. Ok, thank you for clarifying what should be expected. I guess that leaves the q

Re: Non-disruptive migration to dnssec-policy possible?

2020-03-26 Thread Shumon Huque
On Thu, Mar 26, 2020 at 7:27 PM Håkan Lindqvist via bind-users < bind-users@lists.isc.org> wrote: > On 2020-03-26 23:00, Mark Andrews wrote: > > dnssec-policy should be independent of inline-signing. If it isn’t then > it is a bug. > > > > It just people like editing master files rather than usin