Earlier today, at 16:00 UTC, a new key was used to sign the root zone
DNSKEY RRset. It's a major event in the DNS world, that you appear to
have missed completely:
https://www.icann.org/resources/pages/ksk-rollover
You'll probably need to load the new trust anchor into your validating
resolvers.
Regards,
Anand
On 11/10/2018 22:07, Walter H. wrote:> Hello,
>
> after I did update all my CentOS6 boxes - VMs and router; two of them
> (one VM and the router) are my local DNS resolvers;
> and I'm using the DNSSECTLSAvalidator plugin from nic.cz:
> https://www.dnssec-validator.cz/
>
> before the update this plugin worked using my resolvers, after the
> update I get:
> "Failure - bogus DNSSEC reply, DNSSEC validation not possible with
> current settings"
> of course, when telling using a custom resolver (the one of nic.cz) it
> works, but before mine worked, too ...
>
> Thanks,
> Walter
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>