On 04/05/2009 09:17 AM, Chuck Anderson wrote: >> It appears that the DNSSEC key on the root servers has changed, but I >> have forgotten how to download the root keys. I'll have to dredge >> through the manpages to remember. For now, I, too, have had to disable >> DNSSEC. (1) I assume there must be a clear and robust mechanism to enable keys to change (since they all expire) without causing DNS outages ? What is the mechanism ? Or does one need to be created. I would assume that the keys can both be valid for some overlapping period of time for example - or that the older key can approve the newer key so the update is automatic (less secure but way more robust than any hand required method). Perhaps yum can play a role ? I cannot imagine a world where the world stops every time a key updates .. > > There was an outage on dlv.isc.org that has now been repaired > according to folks at the ISC. (2) Why would one server prevent bind from working at all ? -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
