UK key roll-over - may need to flush name server caches

Sean Donelan sean at
Sun Sep 12 16:40:53 UTC 2010

If you are experiencing DNSSEC lookup validation failures for domains
under the .UK TLD, you may (engineering-speak for almost definitely) need 
to flush your name server caches.

DNSSEC validation issue

Due to a failure of a Hardware Security Module (HSM), as a matter of 
precaution, we failed over to our backup signing system this afternoon. As 
the backup system did not use the exact same Zone Signing Keys (ZSK), 
there is the possibility of validation failures. To make sure validators 
use the correct zone signing keys, caches might need to be flushed.

More information about the NANOG mailing list