Primary zone not fully maintained by BIND

Sandro lists at penguinpee.nl
Thu May 26 09:11:03 UTC 2022 

On 23-05-2022 16:12, Sandro wrote:

> I'll do some more digging through the log files. I meanwhile increased 
> the severity to 'debug 3' for dnssec_debug.

I'm having some issues again. Not as severe as last time, since the 
RRSIG records are all still within their validity period.

However, bind tells me it cannot rekey my zone. So, I suspect this will 
turn into a problem by the time the RRSIG records run out:

26-May-2022 10:06:14.458 debug 3: zone penguinpee.nl/IN/external: 
zone_rekey failure: unexpected error (retry in 600 seconds)

This message then repeats every 10 minutes. The last successful rekey 
happened on 25 May at 09:38:25 after zone reload. Shortly after, at 
09:38:54, the first error occurred and it hasn't been rectified since.

I may have issued a 'rndc sign' for the zone shortly after the reload. 
Could that have "confused" BIND as JP put it?

I'll attach the full log for better readability (long lines).

How do I get BIND to tell me more about the unexpected error?

-- Sandro

PS: This may turn out to be spilled milk. But I had this typed up 
already before I saw the mail from Matthijs.
-------------- next part --------------
26-May-2022 10:06:14.399 info: zone penguinpee.nl/IN/external: reconfiguring zone keys
26-May-2022 10:06:14.438 debug 1: keymgr: keyring: penguinpee.nl/ECDSAP256SHA256/56132 (policy penguinpee)
26-May-2022 10:06:14.438 debug 1: keymgr: dnskeys: penguinpee.nl/ECDSAP256SHA256/56132 (policy penguinpee)
26-May-2022 10:06:14.438 debug 1: keymgr: DNSKEY penguinpee.nl/ECDSAP256SHA256/56132 (CSK) matches policy penguinpee
26-May-2022 10:06:14.438 debug 1: keymgr: DNSKEY penguinpee.nl/ECDSAP256SHA256/56132 (CSK) is active in policy penguinpee
26-May-2022 10:06:14.438 debug 1: keymgr: new successor needed for DNSKEY penguinpee.nl/ECDSAP256SHA256/56132 (CSK) (policy penguinpee) in 2641414922 seconds
26-May-2022 10:06:14.438 debug 1: keymgr: examine CSK penguinpee.nl/ECDSAP256SHA256/56132 type DNSKEY in state OMNIPRESENT
26-May-2022 10:06:14.438 debug 1: keymgr: CSK penguinpee.nl/ECDSAP256SHA256/56132 type DNSKEY in stable state OMNIPRESENT
26-May-2022 10:06:14.438 debug 1: keymgr: examine CSK penguinpee.nl/ECDSAP256SHA256/56132 type ZRRSIG in state OMNIPRESENT
26-May-2022 10:06:14.438 debug 1: keymgr: CSK penguinpee.nl/ECDSAP256SHA256/56132 type ZRRSIG in stable state OMNIPRESENT
26-May-2022 10:06:14.439 debug 1: keymgr: examine CSK penguinpee.nl/ECDSAP256SHA256/56132 type KRRSIG in state OMNIPRESENT
26-May-2022 10:06:14.439 debug 1: keymgr: CSK penguinpee.nl/ECDSAP256SHA256/56132 type KRRSIG in stable state OMNIPRESENT
26-May-2022 10:06:14.439 debug 1: keymgr: examine CSK penguinpee.nl/ECDSAP256SHA256/56132 type DS in state OMNIPRESENT
26-May-2022 10:06:14.439 debug 1: keymgr: CSK penguinpee.nl/ECDSAP256SHA256/56132 type DS in stable state OMNIPRESENT
26-May-2022 10:06:14.458 debug 3: zone penguinpee.nl/IN/external: zone_rekey failure: unexpected error (retry in 600 seconds)

More information about the bind-users mailing list