RRSIG Expired

Paul Ooi Cong Jen Fri, 01 Apr 2011 02:37:09 -0700

Hi All, 

First of all apologize using existing email created new question


On 29-Mar-2011, at 3:49 PM, Stephane Bortzmeyer wrote:  

> [Stealing email threads is a bad idea:
> <http://wiki.exim.org/MailingListEtiquette#Thread_Stealing>]
> 
> On Tue, Mar 29, 2011 at 03:25:29PM +0800,
> Paul Ooi Cong Jen <paul...@takizo.com> wrote 
> a message of 28 lines which said:
> 
>> Anyone has issue with RRSIG expired on in-addr.arpa on b.root
>> server? 
> 
> You probably mean b.in-addr-servers.arpa, since b.root-servers.net is
> not authoritative for in-addr.arpa.
> 
> And, no, I do not see the problem.
> 
>> general: /etc/namedb/slave/in-addr.arpa.slave:10: signature has
>> expired
> 
> How should I read that? Do you really slave in-addr.arpa? If so, this
> may be the problem.
> 
>> in-addr.arpa            IN SOA  b.in-addr-servers.arpa. nstld.iana.org. (
>>                                2011022011 ; serial

This file came with default bind installation

> 
> It's an old SOA.
> 
> % dig +dnssec SOA in-addr.arpa
> 
> ; <<>> DiG 9.7.2-P3 <<>> +dnssec SOA in-addr.arpa
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44984
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;in-addr.arpa.                        IN      SOA
> 
> ;; ANSWER SECTION:
> in-addr.arpa.         3436    IN      SOA     b.in-addr-servers.arpa. 
> nstld.iana.org. 2011022215 1800 900 604800 3600
> in-addr.arpa.         3436    IN      RRSIG   SOA 8 2 3600 20110405074734 
> 20110329042525 32721 in-addr.arpa. 
> DAUgwhRmsmrVI7ph9a593VGtK7IxBfrTTrB7yBLIzgW9NNLlx77JIB5B 
> INWOZlGAuFfX7B5EQBCJdL8Xg9aAxhXtgzZAaP/aEb/oCcEk+J7i23y1 
> HxS1aY4cStZimmQ9G9QfztX+6G5FU9qYKoTEYoq1d0gARgSQ5OLGVVFP G9E=
> 
> ;; AUTHORITY SECTION:
> in-addr.arpa.         86236   IN      NS      a.in-addr-servers.arpa.
> in-addr.arpa.         86236   IN      NS      b.in-addr-servers.arpa.
> in-addr.arpa.         86236   IN      NS      c.in-addr-servers.arpa.
> in-addr.arpa.         86236   IN      NS      d.in-addr-servers.arpa.
> in-addr.arpa.         86236   IN      NS      e.in-addr-servers.arpa.
> in-addr.arpa.         86236   IN      NS      f.in-addr-servers.arpa.
> in-addr.arpa.         86236   IN      RRSIG   NS 8 2 86400 20110405164354 
> 20110329042525 32721 in-addr.arpa. 
> BUxGCAURoVCHgTGjScjXANpX31rNPXcZSlPrlCBx3ybldhANtGJqfvZS 
> yhOPoe33Ka69j/fd0kfMSqmbUh+8nV4D3JWG0CtR/LFoPYEk/kwWkeIf 
> La9WfiypbUmT5VQ7xcaDH/C7FYOvQxj06ZftIIN1LkoxhdAGuThaLR97 4K8=

Sorry, may be my question is not clear. Do we update the RRSIG manuall when its 
expired? 


> 
> ;; Query time: 0 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Tue Mar 29 09:49:22 2011
> ;; MSG SIZE  rcvd: 547

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RRSIG Expired

Reply via email to