DNSSEC and upgrading/restoring
David Newman
dnewman at networktest.com
Fri Jan 31 18:25:37 UTC 2014
On 1/31/14 3:10 AM, Tony Finch wrote:
>> 2. For five domains, the log contains signature-has-expired warnings.
>>
>> In all five cases, these are for NSEC3PARAM records.
>>
>> Is any action needed on my part, for example manually doing NSEC3
>> signing of these zones?
>
> See if named has already re-signed them - check that the first date in the
> RRSIG is in the future.
So far (~18 hours) named has not re-signed them. In all five cases the
first date in the RRSIG is in the past, from 2013.
What action, if any, is needed?
Thanks!
dn
More information about the bind-users
mailing list