Recently started invalid signings
Peter 'PMc' Much
pmc at citylink.dinoex.sub.org
Fri Nov 29 02:54:23 UTC 2024
Hi,
I just noticed my dns-signer recently started to create some
invalid signings - the two red arrows in here:
https://dnsviz.net/d/daemon.contact/Z0ka0A/dnssec/
There is a history, one can go back and see these weren't present
in March '24 and earlier.
The problem is, I didn't change anything; my script does basically
invoke 'dnssec-signzone' & friends, and only that was regularly upgraded.
root at kerb:~opdns/DNSSEC/config # dir /ext/libexec/dns-signer.rb
-r-xr-xr-x 1 root wheel uarch 7037 Mar 29 2023 /ext/libexec/dns-signer.rb
root at kerb:~opdns/DNSSEC/config # dir
-rw-rw-r-- 1 opdns staff uarch 119 May 16 2022 daemon.contact:intra
-rw-rw-r-- 1 opdns staff uarch 850 May 30 2022 global
root at kerb:~opdns/DNSSEC/config # grep bind /var/log/messages
Jan 7 19:30:11 <user.notice> kerb pkg[43351]: bind-tools upgraded: 9.18.20 -> 9.18.20_1
Mar 3 01:01:42 <user.notice> kerb pkg[30861]: bind-tools upgraded: 9.18.20_1 -> 9.18.24
Apr 12 23:05:48 <user.notice> kerb pkg[95839]: bind-tools reinstalled: 9.18.24 -> 9.18.24
Apr 29 10:21:01 <user.notice> kerb pkg[85248]: bind-tools upgraded: 9.18.24 -> 9.18.26
Jul 8 20:49:49 <user.notice> kerb pkg[98894]: bind-tools upgraded: 9.18.26 -> 9.18.27_1
Jul 27 19:23:28 <user.notice> kerb pkg[53621]: bind-tools upgraded: 9.18.27_1 -> 9.18.28
Aug 24 17:54:22 <user.notice> kerb pkg[51161]: bind-tools upgraded: 9.18.28 -> 9.18.29
Sep 8 21:13:34 <user.notice> kerb pkg[22254]: bind-tools reinstalled: 9.18.29 -> 9.18.29
Oct 17 20:16:54 <user.notice> kerb pkg[90460]: bind-tools upgraded: 9.18.29 -> 9.20.2
I am sure these arrows are no technical problem, but, well, they don't
look good... so what has happened?
cheerio,
PMc
More information about the bind-users
mailing list