On 2021-05-03 13:39, Colin Spensley via Opendnssec-user wrote:
I have a zone managed by OpenDNSSEC 2 which now is not resolved by
validating resolvers. The reason appears to be that the RRSIG over the
DNSKEY RRset has been allowed to expire by ods-signer.
Ie. (crudely obfuscated):-
my_domain.tld. 3600 IN RRSIG DNSKEY 13 3 3600 20210501213711
20210418073317 47867 my_domain.tld.
BIzcTyvmGi/OcLaBdXMExes/iyHkrUC1qOhg4W4ybcjsS/zAXz65NJBa
oojfCzX7gUo/DD9mXaMFZTyWm8iLpA==
The signer does run for the domain but does not regenerate this
signature.
Can anyone suggest what might be causing this error?
Your log should provide more information. There should be some logging
lines, probably in /var/log/messages indicating that "ods-signer" has
some error. I would suggest a grep ods-signer /var/log/messages.
\Berry
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
