[Opendnssec-user] DNSKEY signature expired

Colin Spensley via Opendnssec-user Mon, 03 May 2021 04:47:51 -0700

I have a zone managed by OpenDNSSEC 2 which now is not resolved byvalidating resolvers. The reason appears to be that the RRSIG over theDNSKEY RRset has been allowed to expire by ods-signer.


Ie. (crudely obfuscated):-

my_domain.tld.          3600    IN      RRSIG   DNSKEY 13 3 3600 20210501213711 
20210418073317 47867 my_domain.tld. 
BIzcTyvmGi/OcLaBdXMExes/iyHkrUC1qOhg4W4ybcjsS/zAXz65NJBa 
oojfCzX7gUo/DD9mXaMFZTyWm8iLpA==


The signer does run for the domain but does not regenerate this signature.

Can anyone suggest what might be causing this error?

Colin





_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

[Opendnssec-user] DNSKEY signature expired

Reply via email to