On 2 Sep 2020, at 01:06, Duncan <duncan@isn-portal.de> wrote:
I am using DNSSEC for more than 5 years now (never had a problem so far), but after upgrading to the latest bind-9.16.4 the verification fails using Verisign's DNSSEC Validator.
I reverted back to 9.14.12 and everything works as expected.
First I started upgrading my secondary DNS-Server (primary left untouched !!!) to 9.16.4 - restarted named and everything seems to be OK.
So I tested with Verisign's DNSSEC Validator https://dnssec-analyzer.verisignlabs.com/ before upgrading my primary DNS.
And Verisign reported an error -> All Queries to secondary.my-dnsserver-domain.com for my-domain.com/Atimed out or failed
Test Results: https://ibb.co/7QLVJsC
Any ideas? rCaor should I upgrade both servers before I do my first test (not only the secondary server)? As I said, I only updated my secondary server and left my primary server untouched!
Are there any related upgrade issues from from 9.14.12 to 9.16.4, which I should take care first (do I have to update something in my configs)? Is it possible to keep my already signed zones of my 9.14.12 installation? Or do I have to re-sign anything?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list--
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 65 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 03:53:48 |
| Calls: | 862 |
| Files: | 1,311 |
| D/L today: |
744 files (8,167M bytes) |
| Messages: | 264,528 |