[129582] in North American Network Operators' Group
UK key roll-over - may need to flush name server caches
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sun Sep 12 12:41:01 2010
Date: Sun, 12 Sep 2010 12:40:53 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
If you are experiencing DNSSEC lookup validation failures for domains
under the .UK TLD, you may (engineering-speak for almost definitely) need
to flush your name server caches.
http://www.nominet.org.uk/registrars/systems/serviceannouncements/
DNSSEC validation issue
Due to a failure of a Hardware Security Module (HSM), as a matter of
precaution, we failed over to our backup signing system this afternoon. As
the backup system did not use the exact same Zone Signing Keys (ZSK),
there is the possibility of validation failures. To make sure validators
use the correct zone signing keys, caches might need to be flushed.
