2017-07-18 - News - Tony Finch
From October, the Computer Laboratory will be known as the Department of Computer Science and Technology.
Our colleagues in the CL have set up the zone cst.cam.ac.uk to go
with the new name, and it has been added to our sample nameserver
configuration file.
The first root DNSSEC key rollover is happening
The new key (tag 20326) was published on 11th July, and validating resolvers that follow RFC 5011 rollover timing will automatically start trusting it on the 10th August. There's a lot more information about the root DNSSEC key rollover on the ISC.org blog. I have added some notes on how to find out about your server's rollover state on our DNSSEC validation page.
DNSSEC lookaside validation is deprecated
The DLV turndown was announced in
2015 and the dlv.isc.org zone is
due to be emptied in 2017. You should delete any dnssec-lookaside
option you have in your configuration to avoid complaints in named's
logs.
Annoyingly, we were relying on DLV as a stop-gap while waiting for JISC to sign their reverse DNS zones. Some of our IPv4 address ranges and our main IPv6 allocation are assigned to us from JISC. Without DLV these zones can no longer be validated.