RRSIG Expired
Paul Ooi Cong Jen
paulooi at takizo.com
Fri Apr 1 09:24:57 UTC 2011
Hi All,
First of all apologize using existing email created new question
On 29-Mar-2011, at 3:49 PM, Stephane Bortzmeyer wrote:
> [Stealing email threads is a bad idea:
> <http://wiki.exim.org/MailingListEtiquette#Thread_Stealing>]
>
> On Tue, Mar 29, 2011 at 03:25:29PM +0800,
> Paul Ooi Cong Jen <paulooi at takizo.com> wrote
> a message of 28 lines which said:
>
>> Anyone has issue with RRSIG expired on in-addr.arpa on b.root
>> server?
>
> You probably mean b.in-addr-servers.arpa, since b.root-servers.net is
> not authoritative for in-addr.arpa.
>
> And, no, I do not see the problem.
>
>> general: /etc/namedb/slave/in-addr.arpa.slave:10: signature has
>> expired
>
> How should I read that? Do you really slave in-addr.arpa? If so, this
> may be the problem.
>
>> in-addr.arpa IN SOA b.in-addr-servers.arpa. nstld.iana.org. (
>> 2011022011 ; serial
This file came with default bind installation
>
> It's an old SOA.
>
> % dig +dnssec SOA in-addr.arpa
>
> ; <<>> DiG 9.7.2-P3 <<>> +dnssec SOA in-addr.arpa
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44984
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;in-addr.arpa. IN SOA
>
> ;; ANSWER SECTION:
> in-addr.arpa. 3436 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2011022215 1800 900 604800 3600
> in-addr.arpa. 3436 IN RRSIG SOA 8 2 3600 20110405074734 20110329042525 32721 in-addr.arpa. DAUgwhRmsmrVI7ph9a593VGtK7IxBfrTTrB7yBLIzgW9NNLlx77JIB5B INWOZlGAuFfX7B5EQBCJdL8Xg9aAxhXtgzZAaP/aEb/oCcEk+J7i23y1 HxS1aY4cStZimmQ9G9QfztX+6G5FU9qYKoTEYoq1d0gARgSQ5OLGVVFP G9E=
>
> ;; AUTHORITY SECTION:
> in-addr.arpa. 86236 IN NS a.in-addr-servers.arpa.
> in-addr.arpa. 86236 IN NS b.in-addr-servers.arpa.
> in-addr.arpa. 86236 IN NS c.in-addr-servers.arpa.
> in-addr.arpa. 86236 IN NS d.in-addr-servers.arpa.
> in-addr.arpa. 86236 IN NS e.in-addr-servers.arpa.
> in-addr.arpa. 86236 IN NS f.in-addr-servers.arpa.
> in-addr.arpa. 86236 IN RRSIG NS 8 2 86400 20110405164354 20110329042525 32721 in-addr.arpa. BUxGCAURoVCHgTGjScjXANpX31rNPXcZSlPrlCBx3ybldhANtGJqfvZS yhOPoe33Ka69j/fd0kfMSqmbUh+8nV4D3JWG0CtR/LFoPYEk/kwWkeIf La9WfiypbUmT5VQ7xcaDH/C7FYOvQxj06ZftIIN1LkoxhdAGuThaLR97 4K8=
Sorry, may be my question is not clear. Do we update the RRSIG manuall when its expired?
>
> ;; Query time: 0 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Tue Mar 29 09:49:22 2011
> ;; MSG SIZE rcvd: 547
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110401/8e7106fd/attachment.html>
More information about the bind-users
mailing list