Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 566
    • Issues 566
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 93
    • Merge requests 93
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #2500
Closed
Open
Issue created Feb 18, 2021 by Marc Dequènes (Duck)@duck-rh

dnssec-policy checkds does not seem to work

This is a follow-up on #2488 (closed) but for a different problem.

Key 5022 is now published:

# rndc dnssec -status _kage.hq.duckcorp.org
dnssec-policy: generated
current time:  Thu Feb 18 18:24:02 2021

key: 43281 (RSASHA512), KSK
  published:      yes - since Fri Aug 28 00:31:44 2020
  key signing:    yes - since Fri Aug 28 00:31:44 2020

  Rollover is due since Fri Feb 12 00:26:50 2021
  - goal:           hidden
  - dnskey:         omnipresent
  - ds:             unretentive
  - key rrsig:      omnipresent

key: 20426 (RSASHA512), ZSK
  published:      yes - since Sat Nov 21 00:31:44 2020
  zone signing:   yes - since Mon Dec 21 00:31:44 2020

  Next rollover scheduled on Sat Mar 20 22:26:44 2021
  - goal:           omnipresent
  - dnskey:         omnipresent
  - zone rrsig:     omnipresent

key: 5022 (RSASHA512), KSK
  published:      yes - since Tue Feb 16 01:47:35 2021
  key signing:    yes - since Tue Feb 16 01:47:35 2021

  Next rollover scheduled on Wed Feb 16 01:47:35 2022
  - goal:           omnipresent
  - dnskey:         omnipresent
  - ds:             rumoured
  - key rrsig:      omnipresent

I used rndc dnssec -checkds -key 5022 published _kage.hq.duckcorp.org yesterday right after replying to #2488 (closed) but his did not produce anything in the logs and the status is the same. The output (forgot to keep it so doing it again): KSK 5022: Marked DS as published since 18-Feb-2021 19:48:06.000. And I can confirm the is nothing in the logs except received control channel command.

I just used rndc loadkeys _kage.hq.duckcorp.org as suggested in #2488 (closed), so let's see if that's a similar problem.

\_o<

Assignee
Assign to
Time tracking