Issue With Latest Update Of CentOS6
Hello,
after I did update all my CentOS6 boxes – VMs and router; two of them
(one VM and the router) are my local DNS resolvers;
and I’m using the DNSSECTLSAvalidator plugin from nic.cz:
https://www.dnssec-validator.cz/
before the update this plugin worked using my resolvers, after the update I get:
“Failure – bogus DNSSEC reply, DNSSEC validation not possible with current settings”
of course, when telling using a custom resolver (the one of nic.cz) it works, but before mine worked, too …
Thanks, Walter
One thought on - Issue With Latest Update Of CentOS6
Earlier today, at 16:00 UTC, a new key was used to sign the root zone DNSKEY RRset. It’s a major event in the DNS world, that you appear to have missed completely:
https://www.icann.org/resources/pages/ksk-rollover
You’ll probably need to load the new trust anchor into your validating resolvers.
Regards, Anand