On 23-05-2022 16:12, Sandro wrote:
I'll do some more digging through the log files. I meanwhile increased the severity to 'debug 3' for dnssec_debug.
I'm having some issues again. Not as severe as last time, since the RRSIG records are all still within their validity period.
However, bind tells me it cannot rekey my zone. So, I suspect this will turn into a problem by the time the RRSIG records run out:
26-May-2022 10:06:14.458 debug 3: zone penguinpee.nl/IN/external: zone_rekey failure: unexpected error (retry in 600 seconds)
This message then repeats every 10 minutes. The last successful rekey happened on 25 May at 09:38:25 after zone reload. Shortly after, at 09:38:54, the first error occurred and it hasn't been rectified since.
I may have issued a 'rndc sign' for the zone shortly after the reload. Could that have "confused" BIND as JP put it?
I'll attach the full log for better readability (long lines). How do I get BIND to tell me more about the unexpected error? -- SandroPS: This may turn out to be spilled milk. But I had this typed up already before I saw the mail from Matthijs.
26-May-2022 10:06:14.399 info: zone penguinpee.nl/IN/external: reconfiguring zone keys 26-May-2022 10:06:14.438 debug 1: keymgr: keyring: penguinpee.nl/ECDSAP256SHA256/56132 (policy penguinpee) 26-May-2022 10:06:14.438 debug 1: keymgr: dnskeys: penguinpee.nl/ECDSAP256SHA256/56132 (policy penguinpee) 26-May-2022 10:06:14.438 debug 1: keymgr: DNSKEY penguinpee.nl/ECDSAP256SHA256/56132 (CSK) matches policy penguinpee 26-May-2022 10:06:14.438 debug 1: keymgr: DNSKEY penguinpee.nl/ECDSAP256SHA256/56132 (CSK) is active in policy penguinpee 26-May-2022 10:06:14.438 debug 1: keymgr: new successor needed for DNSKEY penguinpee.nl/ECDSAP256SHA256/56132 (CSK) (policy penguinpee) in 2641414922 seconds 26-May-2022 10:06:14.438 debug 1: keymgr: examine CSK penguinpee.nl/ECDSAP256SHA256/56132 type DNSKEY in state OMNIPRESENT 26-May-2022 10:06:14.438 debug 1: keymgr: CSK penguinpee.nl/ECDSAP256SHA256/56132 type DNSKEY in stable state OMNIPRESENT 26-May-2022 10:06:14.438 debug 1: keymgr: examine CSK penguinpee.nl/ECDSAP256SHA256/56132 type ZRRSIG in state OMNIPRESENT 26-May-2022 10:06:14.438 debug 1: keymgr: CSK penguinpee.nl/ECDSAP256SHA256/56132 type ZRRSIG in stable state OMNIPRESENT 26-May-2022 10:06:14.439 debug 1: keymgr: examine CSK penguinpee.nl/ECDSAP256SHA256/56132 type KRRSIG in state OMNIPRESENT 26-May-2022 10:06:14.439 debug 1: keymgr: CSK penguinpee.nl/ECDSAP256SHA256/56132 type KRRSIG in stable state OMNIPRESENT 26-May-2022 10:06:14.439 debug 1: keymgr: examine CSK penguinpee.nl/ECDSAP256SHA256/56132 type DS in state OMNIPRESENT 26-May-2022 10:06:14.439 debug 1: keymgr: CSK penguinpee.nl/ECDSAP256SHA256/56132 type DS in stable state OMNIPRESENT 26-May-2022 10:06:14.458 debug 3: zone penguinpee.nl/IN/external: zone_rekey failure: unexpected error (retry in 600 seconds)
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
