priming and dnskey
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Thu Aug 3 07:08:52 UTC 2017
Hi T.Suzuki,
Do you have prefetch-key enabled still? It causes the DNSKEY to be
prefetched. If so, that would just be extra data in the cache, and not
hamper KSK rollovers.
Otherwise, unbound shouldn't be fetching the DNSKEY itself then, but
downstream clients could still be asking for it.
Best regards, Wouter
On 03/08/17 02:05, T.Suzuki via Unbound-users wrote:
> I found a packet requesting dnskey record at priming,in spite of removing
> "validator" from my config.
> What is the purpose of this function?
> I think this function may cause trouble with KSK rollover.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20170803/22ed5943/attachment.bin>
More information about the Unbound-users
mailing list