On 23 Aug 2014, at 17:00, Jean-Francois Pirus <jfp(a)clearfield.com> wrote:
Unless I'm missing something, looks like my
internal dns stopped working because there were issues with the link to the US.
My understanding is that dlv.isc.org
is served on three separate anycast clouds, hosted by
ISC, Afilias and Ultra. If there's none of any of those in New Zealand (which seems
entirely possible) you're going to have problems doing local resolution with DLV.
You you have a better chance of maintaining local resolution and validation if you turn
off DLV and just use a root KSK trust anchor. There are multiple root servers reachable
within New Zealand, peering willing.
DLV was a transition mechanism that was arguably most useful before the root zone was
signed. The root zone was signed in 2010. My advice would be to turn it off, to avoid
exactly the kind of problem you described.