RRSIG Expired

Paul Ooi Cong Jen paulooi at takizo.com
Fri Apr 1 09:24:57 UTC 2011 

Hi All, 

First of all apologize using existing email created new question 

On 29-Mar-2011, at 3:49 PM, Stephane Bortzmeyer wrote:	

> [Stealing email threads is a bad idea:
> <http://wiki.exim.org/MailingListEtiquette#Thread_Stealing>]
> 
> On Tue, Mar 29, 2011 at 03:25:29PM +0800,
> Paul Ooi Cong Jen <paulooi at takizo.com> wrote 
> a message of 28 lines which said:
> 
>> Anyone has issue with RRSIG expired on in-addr.arpa on b.root
>> server? 
> 
> You probably mean b.in-addr-servers.arpa, since b.root-servers.net is
> not authoritative for in-addr.arpa.
> 
> And, no, I do not see the problem.
> 
>> general: /etc/namedb/slave/in-addr.arpa.slave:10: signature has
>> expired
> 
> How should I read that? Do you really slave in-addr.arpa? If so, this
> may be the problem.
> 
>> in-addr.arpa            IN SOA  b.in-addr-servers.arpa. nstld.iana.org. (
>>                                2011022011 ; serial

This file came with default bind installation

> 
> It's an old SOA.
> 
> % dig +dnssec SOA in-addr.arpa
> 
> ; <<>> DiG 9.7.2-P3 <<>> +dnssec SOA in-addr.arpa
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44984
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;in-addr.arpa.			IN	SOA
> 
> ;; ANSWER SECTION:
> in-addr.arpa.		3436	IN	SOA	b.in-addr-servers.arpa. nstld.iana.org. 2011022215 1800 900 604800 3600
> in-addr.arpa.		3436	IN	RRSIG	SOA 8 2 3600 20110405074734 20110329042525 32721 in-addr.arpa. DAUgwhRmsmrVI7ph9a593VGtK7IxBfrTTrB7yBLIzgW9NNLlx77JIB5B INWOZlGAuFfX7B5EQBCJdL8Xg9aAxhXtgzZAaP/aEb/oCcEk+J7i23y1 HxS1aY4cStZimmQ9G9QfztX+6G5FU9qYKoTEYoq1d0gARgSQ5OLGVVFP G9E=
> 
> ;; AUTHORITY SECTION:
> in-addr.arpa.		86236	IN	NS	a.in-addr-servers.arpa.
> in-addr.arpa.		86236	IN	NS	b.in-addr-servers.arpa.
> in-addr.arpa.		86236	IN	NS	c.in-addr-servers.arpa.
> in-addr.arpa.		86236	IN	NS	d.in-addr-servers.arpa.
> in-addr.arpa.		86236	IN	NS	e.in-addr-servers.arpa.
> in-addr.arpa.		86236	IN	NS	f.in-addr-servers.arpa.
> in-addr.arpa.		86236	IN	RRSIG	NS 8 2 86400 20110405164354 20110329042525 32721 in-addr.arpa. BUxGCAURoVCHgTGjScjXANpX31rNPXcZSlPrlCBx3ybldhANtGJqfvZS yhOPoe33Ka69j/fd0kfMSqmbUh+8nV4D3JWG0CtR/LFoPYEk/kwWkeIf La9WfiypbUmT5VQ7xcaDH/C7FYOvQxj06ZftIIN1LkoxhdAGuThaLR97 4K8=

Sorry, may be my question is not clear. Do we update the RRSIG manuall when its expired? 


> 
> ;; Query time: 0 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Tue Mar 29 09:49:22 2011
> ;; MSG SIZE  rcvd: 547


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110401/8e7106fd/attachment.html>

More information about the bind-users mailing list