my IPv6 PTRs are failing, and like last time, it's a signature expiration upstream of my zone:
> 5.0.1.0.0.2.ip6.arpa to 9.5.5.0.1.0.0.2.ip6.arpa: No valid RRSIGs made by a > key corresponding to a DS RR were found covering the DNSKEY RRset, resulting > in no secure entry point (SEP) into the zone. (68.87.68.244, 68.87.72.244, > 68.87.76.228, 68.87.85.132, 69.252.250.103, 2001:558:1004:7:68:87:85:132, > 2001:558:100a:5:68:87:68:244, 2001:558:100e:5:68:87:72:244, > 2001:558:1014:c:68:87:76:228, 2001:558:fe23:8:69:252:250:103, > UDP_-_EDNS0_4096_D_KN) > RRSIG 9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 47242: The Signature > Expiration field of the RRSIG RR (2021-02-03 13:23:52+00:00) is 4 days in the > past. > RRSIG 9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 47242: The Signature > Expiration field of the RRSIG RR (2021-02-03 13:23:52+00:00) is 4 days in the > past. see also a lot of warnings about signing alg 5 and digest alg 1: > https://dnsviz.net/d/3.5.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/dnssec/ uptime needed. vixie -- Are you in? https://labs.fsi.io/ _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
