This is a multipart message in MIME format.
------=_NextPart_001_026A_01D68082.30E02CB0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
I am using DNSSEC for more than 5 years now (never had a problem so far),
but after upgrading to the latest bind-9.16.4 the verification fails using Verisign's DNSSEC Validator.
I reverted back to 9.14.12 and everything works as expected.
First I started upgrading my secondary DNS-Server (primary left untouched
!!!) to 9.16.4 - restarted named and everything seems to be OK.
So I tested with Verisign's DNSSEC Validator
https://dnssec-analyzer.verisignlabs.com/ before upgrading my primary DNS.
And Verisign reported an error -> All Queries to secondary.my-dnsserver-domain.com for my-domain.com/A timed out or failed
Test Results:
https://ibb.co/7QLVJsC
Any ideas? .or should I upgrade both servers before I do my first test (not only the secondary server)? As I said, I only updated my secondary server
and left my primary server untouched!
Are there any related upgrade issues from from 9.14.12 to 9.16.4, which I should take care first (do I have to update something in my configs)? Is it possible to keep my already signed zones of my 9.14.12 installation? Or do I have to re-sign anything?
------=_NextPart_001_026A_01D68082.30E02CB0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="
http://schemas.microsoft.com/office/2004/12/omml" xmlns="
http://www.w3.org/TR/REC-html40"><head><META
HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" /> </o:shapelayout></xml><![endif]--></head><body lang=DE link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>I am using DNSSEC for more than 5 years now (never had a problem so far), but after upgrading to the latest bind-9.16.4 the
verification fails using Verisign's DNSSEC Validator.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I reverted back to 9.14.12 and everything works as expected.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=
MsoNormal>First I started upgrading my secondary DNS-Server (primary left untouched !!!) to 9.16.4 - restarted named and everything seems to be OK.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>So I tested with Verisign's
DNSSEC Validator
https://dnssec-analyzer.verisignlabs.com/ before upgrading my primary DNS.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>And Verisign reported an error -> All Queries to secondary.my-dnsserver-domain.com for
my-domain.com/A timed out or failed<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Test Results:
https://ibb.co/7QLVJsC<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Any ideas? …or should I
upgrade both servers before I do my first test (not only the secondary server)? As I said, I only updated my secondary server and left my primary server untouched!<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Are there any
related upgrade issues from from 9.14.12 to 9.16.4, which I should take care first (do I have to update something in my configs)? Is it possible to keep my already signed zones of my 9.14.12 installation? Or do I have to re-sign anything?<o:p></o:p></p><
p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>
------=_NextPart_001_026A_01D68082.30E02CB0--
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCExYw ggW7MIIDo6ADAgECAghXChGXQsTjzDANBgkqhkiG9w0BAQsFADBrMQswCQYDVQQGEwJJVDEOMAwG A1UEBwwFTWlsYW4xIzAhBgNVBAoMGkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3MScwJQYDVQQD DB5BY3RhbGlzIEF1dGhlbnRpY2F0aW9uIFJvb3QgQ0EwHhcNMTEwOTIyMTEyMjAyWhcNMzAwOTIy MTEyMjAyWjBrMQswCQYDVQQGEwJJVDEOMAwGA1UEBwwFTWlsYW4xIzAhBgNVBAoMGkFjdGFsaXMg Uy5wLkEuLzAzMzU4NTIwOTY3MScwJQYDVQQDDB5BY3RhbGlzIEF1dGhlbnRpY2F0aW9uIFJvb3Qg Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnxsSlKaQs7+UYxbBQo29RO58KWsnC SDgKwhygGH+RtYe5QD/dHWgfCIPVLR6IoPiPVo9tmQKSkBbVXwhsidfhrLwgwrHgg1GKaU0Allpv L8BEfqMO5JHNWO7c+8ceRUfdJ7kIAZ+mIR31QS0vTP0oreCKrSK0VmWOhlSPk0Mp3jlGeKMwI7rN 8H0TV8Bd0oNrSEzEq5+AWls6vcmnIj+AJzNbDreKDF0HNwjLbNJ6RyJENcXMzC6O3Srtt31mDV9h USJVG+NG4+M90DVimtuvFMhbocyJG+EwJvygmx+Bp0cfBOujOZIGn5nTv9PqT1CcGf6Whx48Zfaj GCSDhhDnVD6oOnYkT4EhxeMPAviTlEcgu/7UDtNoud3EeoSC41NUed3bnNLyB5sutrw+7YVt7yUR 8pcaQmH3Spfoi7EQB/plgbKiOc/3PP8Y+8bxWotZ4gKse5LQThRPWUX2DF4oX7DoP0XPz6+bb/uE 03dalW+slISe7rzASo9Kk/hEIeIxRWFQThDY4zV8TBm03gW/owafyLXN5B/XFwYNepV0VQ1oGvwQ G2JknW3glaDDlAdXDRTmvQX7uJ/m34vixud+lvZTxYA0UChY8BJQcRcwuuZ4Y7z0sq2bK7L+4TmM XroLIJTee4O4/+NWjbcR6TuM8rHBXZ2kC0wr2bIY9bWfSwIDAQABo2MwYTAdBgNVHQ4EFgQUUtiI OsifeGbtifN7OHCUyQICNtAwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRS2Ig6yJ94Zu2J 83s4cJTJAgI20DAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAAt7cofAYKZJTIhY 5h2I9xRkSKbYWAoOTxM13zUd1O0GMciBPmrV3TsaMu6QPRHSLvSOw2MuI2awZ75vtsATOWCqojQl k3VS3qedrQ6HiVJxahY8GR2D+JopZb70P5rZ8PNahyFxgE3L4DibP7v64DBNz4bTZRAZGNGXArEr ckJorKC9TlraGL9rmIHQ/Zq+XhVIzREVucApXLToiPc+Nq63Yv0eYt5weBAcSFvavKQ4umftVT5e V9/UA0BMgaTST2OnCUIJFPwAqcKAc08uwEDZEXtI6noCwNPrKAEmWHTBwHMibZOV/Tl9uyrj9oLj LJdfTh+RlPr+LKPYdhq4TbI4T5v6HUhgeSbi8/2p0JrocI9JetblvQoO2y3zjb/r46R9y8eVceja o3zFwvh0kgQbhqykIlNAtqz+THbP+5QywDWfdj9u5ZBuoKYmorgsvtErhf2naMi6ASuxbHQduHOV 5+63xyXwAEwAsn62C4sc88BQniW54AjeNmb/N6XRu1RkLMkntUuSfmX/0y3huU68f6RBIZBBd6Y5 H+qe45/QZm8F7Kp2fr9rFqDrtcf8klQvKxEnJTd4TFFqsPPMWF0U8WpIFf/CB7axjQ+OXFBGsz2/ AZhPsllURz40e3htVpMuc+pmKHjNHRS/oI8vLrgujvIUiszptXz7bJ0MpeGWMIIF4jCCA8qgAwIB AgIQJJIhcLa7X/VLvBC/0JdUBDANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCSVQxEDAOBgNV BAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMg Uy5wLkEuMSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBDQSBHMzAeFw0y MDA4MDYyMDE5MzdaFw0yMTA4MDYyMDE5MzdaMB8xHTAbBgNVBAMMFGR1bmNhbkBpc24tcG9ydGFs LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXfOBYTplEN6vNm5UdvMdK9hMcTj 0nk+7QdCy1KXKj3x9AxR+il2D93ee1hdPApv9vKqntkVLuwSP9jZ97KafC5XVCUKNfoAaHS8hZq+ 6Ddu8VMfs3vQ+6S+78BO6F5QQcDsWFQ4XOZb6Ox+YVgCFlhCgA4ssECs2NdwkwiQyk5faQz97SPM X52SjiO338NPPIwAdoqe5oj+7kFIab35aJf90qC6TD8XDdMW578abYEEGqeCpABjsbdDjLuutC2b hPjM8Dfl4p7TfVyhHExqCTpI1C2EG8TzBhlbIvT1UeYrDdGC+uVWq9dv/szNhXv+1hfD3g4IVqYv nV6HVNhcIQIDAQABo4IBtTCCAbEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBS+l6mqhL+AvxBT fQky+eEuMhvPdzB+BggrBgEFBQcBAQRyMHAwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jYWNlcnQuYWN0 YWxpcy5pdC9jZXJ0cy9hY3RhbGlzLWF1dGNsaWczMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcDA5 LmFjdGFsaXMuaXQvVkEvQVVUSENMLUczMB8GA1UdEQQYMBaBFGR1bmNhbkBpc24tcG9ydGFsLmRl MEcGA1UdIARAMD4wPAYGK4EfARgBMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vd3d3LmFjdGFsaXMu aXQvYXJlYS1kb3dubG9hZDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwSAYDVR0fBEEw PzA9oDugOYY3aHR0cDovL2NybDA5LmFjdGFsaXMuaXQvUmVwb3NpdG9yeS9BVVRIQ0wtRzMvZ2V0 TGFzdENSTDAdBgNVHQ4EFgQUwlLuoNVE6ybGh+Qblz4NvwtUvYMwDgYDVR0PAQH/BAQDAgWgMA0G CSqGSIb3DQEBCwUAA4ICAQAhKPKmX1XwMMWfQsg70fVMIBNeeYLdLbJGexjUxer08YwrSBYmBEUW OAB0S8JfEZ2r3CVof2bMy9Nfsu+aI9bMBey6dqreyy/ta1/BmNQ/24EK1FnshHNvDlnO1+RuD0I5 FT2hF/LBsoacNq16jApOP6buHtx9IhjP3lcIgHWNHK0VgboHak9NkRbz/fc5uSQ2oYNH/j3YmaHl kHfrR//drd9dDFnriJEtd6TcEz2nyuYdTkoN5o/XADuH66AxEBAfiAuy9gKM6fDkG5hysIvs4VOx F2wfFqRxDXQMF5crAdlqoy4A98Kjia1dbcoGKA7zUDhU9ZtEmG3K53kNR8Rq4WaYxj36a6m8pErp gZyPgpLOT90GTAsAe5Mgk4jYLiqDDPY2kormeuIle3lnEkoafDPH2kLs/UPo3wjA5VSBL16+pntg YJLRLNXXAkR5U5rgcuQFthmBcsDkhmKIm1Qt/kSeuNirf7ktdT2MIsBltlRFtVKSGKMtX3EV0ZtW q8lw7QMmHZIg2u2rhiNse5ddDUvGqJSdR49SdgUpnw5U/upYZoS7k2OSuaC7gpJPCJ7/9m543qaJ /MATXZfVT6f8PpB3huQ+UJhJJYa9gQWEK0NBG6J3tGBnkG5dy8hmOAzzkRC41Om97mZ8wDsdMiN5 AlwxwvpMsGURVi1WIHlKnDCCB20wggVVoAMCAQICEBcQPt49ihy1ygZRk+fKQ2swDQYJKoZIhvcN AQELBQAwazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMu cC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB MB4XDTIwMDcwNjA4NDU0N1oXDTMwMDkyMjExMjIwMlowgYExCzAJBgNVBAYTAklUMRAwDgYDVQQI DAdCZXJnYW1vMRkwFwYDVQQHDBBQb250ZSBTYW4gUGlldHJvMRcwFQYDVQQKDA5BY3RhbGlzIFMu cC5BLjEsMCoGA1UEAwwjQWN0YWxpcyBDbGllbnQgQXV0aGVudGljYXRpb24gQ0EgRzMwggIiMA0G CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDt5oeWocGktu3CQlX3Pw8PImBfE+CmQ4iGSZF5HBsv GlAP3EYB7va6OobMUWHvxA+ACHEpWq0YfNh6rRUlULOGcIpEFtVf4nAiEvdQtiFQBmtWJSn3naoM HqpMvmwZ4lL0Xr1U9JHmTqkU3DuYcNNO3S+hYWDZpWQbeSGibNVeiJ4kY6JDh0fvqloK1BsuS3n2 OgArPYGfAYtDjCvT2d+6Ym3kArHZjEcrZeBI+yVVnjPwbTSCKax8DtS2NP/CJ6RjpnRvuSwusRy8 4OdwdB71VKs1EDXj1ITcCWRZpkz+OhV6L8Zh+P0rmOSJF6KdHiaozfncURx4s54GFJNRGkx1DnCx cuL0NJMYG42/hrDYOjNv+oGWSEZO/CT3aaLSMB5wTbZKfcD1R+tTanXD+5Gz5Mi15DTE7QH8naZj ZxqqhyxL1KyuIgaVDxvQtPSjo5vTsoa09rn+Ui8ybHnvYO/a/68OIQIHLGbUd2COnwm0TiZ3Jg/o YGxwnJPvU1nDXNcecWTIJvFF5qD2ppJH3HgJVVePUEOY1E4Kp3k0B8hdRdhMV5n+O6RCKCTFcZaE SF8sELgdrqnCLPP1+rX7DA8pxZoX0/9Jk64EOsbfQyLIJlrrob2YS0Xlku6HisZ8qrHLhnkzF5y7 O34xmatIp8oZ5c54QP+K5flnTYzWjuIxLwIDAQABo4IB9DCCAfAwDwYDVR0TAQH/BAUwAwEB/zAf BgNVHSMEGDAWgBRS2Ig6yJ94Zu2J83s4cJTJAgI20DBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUH MAGGJWh0dHA6Ly9vY3NwMDUuYWN0YWxpcy5pdC9WQS9BVVRILVJPT1QwRQYDVR0gBD4wPDA6BgRV HSAAMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vd3d3LmFjdGFsaXMuaXQvYXJlYS1kb3dubG9hZDAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwgeMGA1UdHwSB2zCB2DCBlqCBk6CBkIaBjWxk YXA6Ly9sZGFwMDUuYWN0YWxpcy5pdC9jbiUzZEFjdGFsaXMlMjBBdXRoZW50aWNhdGlvbiUyMFJv b3QlMjBDQSxvJTNkQWN0YWxpcyUyMFMucC5BLiUyZjAzMzU4NTIwOTY3LGMlM2RJVD9jZXJ0aWZp Y2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTA9oDugOYY3aHR0cDovL2NybDA1LmFjdGFsaXMuaXQv UmVwb3NpdG9yeS9BVVRILVJPT1QvZ2V0TGFzdENSTDAdBgNVHQ4EFgQUvpepqoS/gL8QU30JMvnh LjIbz3cwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAmm+cbWQ10sxID6edV94SA hc1CwzthHFfHpuYS30gisWUfWpgp43Dg1XzG2in3VGV7XrzCCGZh4JM/XQWp+4oxmyV42Qjz9vc8 GRksgo6X2nYObPYZzQjda9wxsCB38i4G3H33w8lf9sFvl0xm4ZXZ2s2bF/PdqvrK0ZgvF51+MoIP nli/wJBw3p72xbk5Sb1MneSO3tZ293WFzDmz7tuGU0PfytYUkG7O6annGqbU1I6CA6QVKUqeFLPo dSODAFqJ3pimKD0vX9MuuSa0QinH7CkiPtZMD0mpwwzIsnSs3qOOl60tIZQOTc0I6lCe1LLhrz7Q 75J6nNL9N5zVwZ1I3o2Lb8Dt7BA13VFuZvZIzapUGV83R7pmSVaj1Bik1nJ/R393e6mwppsT140K DVLh4Oenywmp2VpBDuEj9RgICAO0sibv8n379LbO7ARa0kw9y9pggFzN2PAX25b7w0n9m78kpv3z 3vW65rs6wl7E8VEHNfv8+cnb81dxN3C51KElz+l31zchFTurD5HFEpyEhzO/fMS5AkweRJIzwozx Ns7OL/S/SVTpJLJL1ukZ1lnHHX0d3xCzRy/5HqfK3uiG22LPB5+RjNDobPAjAz2BKMfkF/+v0pzn 8mqqkopQaJzEAbLbMpgQYHRCjvrUxxwjJyUFb2Z+40UNtMF4MTK7zTGCBBswggQXAgEBMIGWMIGB MQswCQYDVQQGEwJJVDEQMA4GA1UECAwHQmVyZ2FtbzEZMBcGA1UEBwwQUG9udGUgU2FuIFBpZXRy bzEXMBUGA1UECgwOQWN0YWxpcyBTLnAuQS4xLDAqBgNVBAMMI0FjdGFsaXMgQ2xpZW50IEF1dGhl bnRpY2F0aW9uIENBIEczAhAkkiFwtrtf9Uu8EL/Ql1QEMA0GCWCGSAFlAwQCAQUAoIICVTAYBgkq hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMDA5MDExNTA2MTBaMC8GCSqG SIb3DQEJBDEiBCCBkziNcX7dfijmkUcsRIX/hvAew0sI4KBOybtrfg4GYzCBkwYJKoZIhvcNAQkP MYGFMIGCMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCgYIKoZIhvcNAwcwCwYJYIZIAWUDBAEC MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDALBglghkgBZQMEAgEwCwYJYIZIAWUDBAID MAsGCWCGSAFlAwQCAjAHBgUrDgMCGjCBpwYJKwYBBAGCNxAEMYGZMIGWMIGBMQswCQYDVQQGEwJJ VDEQMA4GA1UECAwHQmVyZ2FtbzEZMBcGA1UEBwwQUG9udGUgU2FuIFBpZXRybzEXMBUGA1UECgwO QWN0YWxpcyBTLnAuQS4xLDAqBgNVBAMMI0FjdGFsaXMgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIENB IEczAhAkkiFwtrtf9Uu8EL/Ql1QEMIGpBgsqhkiG9w0BCRACCzGBmaCBljCBgTELMAkGA1UEBhMC SVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRlIFNhbiBQaWV0cm8xFzAVBgNVBAoM DkFjdGFsaXMgUy5wLkEuMSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBD QSBHMwIQJJIhcLa7X/VLvBC/0JdUBDANBgkqhkiG9w0BAQEFAASCAQCkOoWp4L9168WhYg1bC1G/ RU4LqNOYH9rKY/+g+bBtQXaooLGeh47Qz9jn/Dz7ZJ94SzBVlVINDYB2f9f1bGfC1OQZgV/CWXLw duvzFVLHGgNfZJy5FCVDZdXoVgQhhwbILS/Vm7T2Hyo1nUykIZa/L4dJqt2rog07Fo0CzfKnY9TW LU1nAxcD+dgFs1ppFmBNIIEPxnobHRZkIUVk+vVWTQ47yM5h4uHTPbmJePuIXcr08SSvDma7w0n2 j6twUCAd3+QDkuNnV1JC/CULwzPOesFXCGHwXTK6MpCvNBg4ISomzqyvUam3ZIwpGmrCOUBD+jFZ N6V0KBYwUx/pXS/4AAAAAAAA
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)