On 23 Aug 2014, at 17:00, Jean-Francois Pirus
Unless I'm missing something, looks like my internal dns stopped working because there were issues with the link to the US.
My understanding is that dlv.isc.org is served on three separate anycast clouds, hosted by ISC, Afilias and Ultra. If there's none of any of those in New Zealand (which seems entirely possible) you're going to have problems doing local resolution with DLV. You you have a better chance of maintaining local resolution and validation if you turn off DLV and just use a root KSK trust anchor. There are multiple root servers reachable within New Zealand, peering willing. DLV was a transition mechanism that was arguably most useful before the root zone was signed. The root zone was signed in 2010. My advice would be to turn it off, to avoid exactly the kind of problem you described. Joe