Hi!!
Thanks a lot for your answer!!
I tried before the fact of renaming back and rndc sign... but does not
work just has removed the error from the log
I have changed my key managing code, for not renaming to "-OLD" the ZSK
(.key and .private) until have passed at least 2 days from t
egoitz--- via bind-users wrote:
>
> These are the contents of a cat of the private file I have renamed to
> samename.private-OLD :
>
> Created: 20211031230338
> Publish: 2020220241
> Activate: 2020220341
> Inactive: 20211215230338
> Delete: 20211217230338
Yes, it can be confusing when the
Hi!
In the "Bump in wire" dns machine, have finally ended up by fixing the
errors. For that purpose I have done a :
In the directory of the zone file :
- rename the own zonefile to zonefile-NO
- rename the zonefile.jbk to zonefile.jbk-NO
- rename the zonefile.jnl to zonefile.jnl-NO
- re
If you return the -OLD files to it's before name (without -OLD) and you
make changes to the zone or perform rndc loadkeys of the zone, error
dissapear but still the DNSKEY become outdated
Any ideas mates?
El 2022-01-24 16:12, ego...@ramattack.net escribió:
> I think the problem is that if y
I think the problem is that if you do a :
dig +multi @dnssecserver thedomain.thetld dnskey +dnssec | grep 44526
You then see still that key id exists in DNSKEY records (and an RRSIG of
that ZSK, the 44526, but outdated).
But I don't really understand why because you see the delete date of
In fact... in a domain for whom I have seen these errors, it's arguing
about key id 44526 (it's private file) saying "File not found". But if I
perform an axfr request of the signed zone with pipe grep the key id, no
matches appear... so should not exist rrsigs for that key
These are the cont
Hi Klaus,
Thank you so much for your answer but when Bind deletes a key from a
zone, if I remember correctly, there should not be any rrsig still
active, signed previously by the deleted key. Isn't it?. So I assume in
that case, I should be doing it properly but still see these messages.
Am I w
IIRC, Bind needs the key as long as there are signatures in the zone generated
by this key. After key deactivation I waited the RRSIG lifetime before deleting
them.
regards
Klaus
Von: bind-users Im Auftrag von egoitz--- via
bind-users
Gesendet: Montag, 24. Jänner 2022 13:00
An: bind-users@lis
8 matches
Mail list logo