Re: managed-keys update when outgoing UDP is blocked

Hi Tony, Thanks for that. But I'm curious, do you know does BIND failover to TCP if UDP timeouts during DNSKEY fetching? Thanks On Tue, Feb 25, 2020 at 12:47 AM Tony Finch wrote: > Branko Mijuskovic wrote: > > > > We have an authoritative DNS hidden master (bind-9.11

managed-keys update when outgoing UDP is blocked

Hi All, We have an authoritative DNS hidden master (bind-9.11.4-9) running behind the network where outgoing UDP traffic to unlisted IPs is blocked. We are using DNSSEC and I've noticed that we are getting following errors in the bind9 logfile: 'managed-keys-zone/default: Unable to fetch DNSKEY s