RRSIG Expired

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Mar 29 07:49:42 UTC 2011 

[Stealing email threads is a bad idea:
<http://wiki.exim.org/MailingListEtiquette#Thread_Stealing>]

On Tue, Mar 29, 2011 at 03:25:29PM +0800,
 Paul Ooi Cong Jen <paulooi at takizo.com> wrote 
 a message of 28 lines which said:

> Anyone has issue with RRSIG expired on in-addr.arpa on b.root
> server? 

You probably mean b.in-addr-servers.arpa, since b.root-servers.net is
not authoritative for in-addr.arpa.

And, no, I do not see the problem.

> general: /etc/namedb/slave/in-addr.arpa.slave:10: signature has
> expired

How should I read that? Do you really slave in-addr.arpa? If so, this
may be the problem.

> in-addr.arpa            IN SOA  b.in-addr-servers.arpa. nstld.iana.org. (
>                                 2011022011 ; serial

It's an old SOA.

% dig +dnssec SOA in-addr.arpa

; <<>> DiG 9.7.2-P3 <<>> +dnssec SOA in-addr.arpa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44984
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;in-addr.arpa.			IN	SOA

;; ANSWER SECTION:
in-addr.arpa.		3436	IN	SOA	b.in-addr-servers.arpa. nstld.iana.org. 2011022215 1800 900 604800 3600
in-addr.arpa.		3436	IN	RRSIG	SOA 8 2 3600 20110405074734 20110329042525 32721 in-addr.arpa. DAUgwhRmsmrVI7ph9a593VGtK7IxBfrTTrB7yBLIzgW9NNLlx77JIB5B INWOZlGAuFfX7B5EQBCJdL8Xg9aAxhXtgzZAaP/aEb/oCcEk+J7i23y1 HxS1aY4cStZimmQ9G9QfztX+6G5FU9qYKoTEYoq1d0gARgSQ5OLGVVFP G9E=

;; AUTHORITY SECTION:
in-addr.arpa.		86236	IN	NS	a.in-addr-servers.arpa.
in-addr.arpa.		86236	IN	NS	b.in-addr-servers.arpa.
in-addr.arpa.		86236	IN	NS	c.in-addr-servers.arpa.
in-addr.arpa.		86236	IN	NS	d.in-addr-servers.arpa.
in-addr.arpa.		86236	IN	NS	e.in-addr-servers.arpa.
in-addr.arpa.		86236	IN	NS	f.in-addr-servers.arpa.
in-addr.arpa.		86236	IN	RRSIG	NS 8 2 86400 20110405164354 20110329042525 32721 in-addr.arpa. BUxGCAURoVCHgTGjScjXANpX31rNPXcZSlPrlCBx3ybldhANtGJqfvZS yhOPoe33Ka69j/fd0kfMSqmbUh+8nV4D3JWG0CtR/LFoPYEk/kwWkeIf La9WfiypbUmT5VQ7xcaDH/C7FYOvQxj06ZftIIN1LkoxhdAGuThaLR97 4K8=

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Mar 29 09:49:22 2011
;; MSG SIZE  rcvd: 547

More information about the bind-users mailing list