"auto-dnssec maintain" stoped working again...
Michelle Konzack
linux4michelle at tamay-dogan.net
Sun Oct 2 16:12:56 UTC 2011
Hello Hauke Lampe,
Am 2011-10-01 02:02:56, hacktest Du folgendes herunter:
> Do you mean expired signatures or no signatures at all?
I have expired signatures...
> In the latter case, have you checked that the zone's keys are readable
> by named and still active?
Ehm yes
root at dns1 /etc/bind # ls -Al /etc/bind/master/net/tamay-dogan/*tamay-dogan*
-rw-r--r-- 1 bind adm 502 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/KSK_Kintranet1.tamay-dogan.net.+005+12154.key
-rw------- 1 bind adm 1.2K Oct 2 18:01 /etc/bind/master/net/tamay-dogan/KSK_Kintranet1.tamay-dogan.net.+005+12154.private
-rw-r--r-- 1 bind adm 502 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/KSK_Kintranet2.tamay-dogan.net.+005+45271.key
-rw------- 1 bind adm 1.2K Oct 2 18:01 /etc/bind/master/net/tamay-dogan/KSK_Kintranet2.tamay-dogan.net.+005+45271.private
-rw-rw-r-- 1 bind adm 2.2K Jul 3 17:10 /etc/bind/master/net/tamay-dogan/net.tamay-dogan
-rw-rw-r-- 1 bind adm 249 Jun 17 22:33 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.conf
-rw-r--r-- 1 bind adm 256 Jul 3 17:10 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.conf.signed
-rw-rw-r-- 1 bind adm 1.1K Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet1
-rw-rw-r-- 1 bind adm 238 Oct 2 17:59 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet1.conf
-rw-r--r-- 1 bind adm 245 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet1.conf.signed
-rw-r--r-- 1 bind adm 13K Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet1.signed
-rw-rw-r-- 1 bind adm 798 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet2
-rw-rw-r-- 1 bind adm 238 Oct 2 17:59 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet2.conf
-rw-r--r-- 1 bind adm 245 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet2.conf.signed
-rw-r--r-- 1 bind adm 8.2K Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet2.signed
-rw-r--r-- 1 bind adm 7.1K Jul 26 04:22 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.signed
-rw-r--r-- 1 bind adm 15K Jul 26 04:10 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.signed.jnl
-rw-r--r-- 1 bind adm 459 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/ZSK_Kintranet1.tamay-dogan.net.+005+28905.key
-rw------- 1 bind adm 1010 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/ZSK_Kintranet1.tamay-dogan.net.+005+28905.private
-rw-r--r-- 1 bind adm 459 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/ZSK_Kintranet2.tamay-dogan.net.+005+36762.key
-rw------- 1 bind adm 1010 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/ZSK_Kintranet2.tamay-dogan.net.+005+36762.private
-rw-r--r-- 1 bind adm 439 Jul 3 17:10 /etc/bind/master/net/tamay-dogan/ZSK_Ktamay-dogan.net.+005+30945.key
-rw------- 1 bind adm 1010 Jul 3 17:10 /etc/bind/master/net/tamay-dogan/ZSK_Ktamay-dogan.net.+005+30945.private
If I am right, this looks right.
> Try dnssec-settime -p all /path/to/keys/Kexample.com.+005+12345.key and
> look for "Activate:" and "Inactive:"
root at dns1 /etc/bind # dnssec-settime -p all /etc/bind/master/net/tamay-dogan/KSK_Ktamay-dogan.net.+005+12268.key
Created: Sun Jul 3 17:10:49 2011
Publish: Sun Jul 3 17:10:49 2011
Activate: Sun Jul 3 17:10:49 2011
Revoke: UNSET
Inactive: UNSET
Delete: UNSET
seems not very good...
root at dns1 /etc/bind # dnssec-settime -p all /etc/bind/master/net/tamay-dogan/KSK_Kintranet1.tamay-dogan.net.+005+12154.key
Created: Sun Oct 2 18:01:29 2011
Publish: Sun Oct 2 18:01:29 2011
Activate: Sun Oct 2 18:01:29 2011
Revoke: UNSET
Inactive: UNSET
Delete: UNSET
root at dns1 /etc/bind # dnssec-settime -p all /etc/bind/master/net/tamay-dogan/KSK_Kintranet2.tamay-dogan.net.+005+45271.key
Created: Sun Oct 2 18:01:34 2011
Publish: Sun Oct 2 18:01:34 2011
Activate: Sun Oct 2 18:01:34 2011
Revoke: UNSET
Inactive: UNSET
Delete: UNSET
I have added this two today...
> There have been a few bugfixes to automatic signing between 9.7.3 and
> 9.8. Maybe you hit one of those bugs.
Hmmm, i will ask the Debian Maintainers...
> Hauke.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
itsystems at tdnet
Owner Michelle Konzack
Tel: +49-176-86004575 office
Gewerbe Straße 3 Tel: +49-177-9351947 mobil
77694 Kehl/Germany Tel: +33-6-61925193 mobil (France)
<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>
Jabber linux4michelle at jabber.ccc.de
ICQ #328449886
Linux-User #280138 with the Linux Counter, http://counter.li.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.pgp
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111002/e066b426/attachment.bin>
More information about the bind-users
mailing list