Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
BIND
BIND
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 637
    • Issues 637
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 106
    • Merge Requests 106
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #2500

Closed
Open
Opened Feb 18, 2021 by Marc Dequènes (Duck)@duck-rh

dnssec-policy checkds does not seem to work

This is a follow-up on #2488 but for a different problem.

Key 5022 is now published:

# rndc dnssec -status _kage.hq.duckcorp.org
dnssec-policy: generated
current time:  Thu Feb 18 18:24:02 2021

key: 43281 (RSASHA512), KSK
  published:      yes - since Fri Aug 28 00:31:44 2020
  key signing:    yes - since Fri Aug 28 00:31:44 2020

  Rollover is due since Fri Feb 12 00:26:50 2021
  - goal:           hidden
  - dnskey:         omnipresent
  - ds:             unretentive
  - key rrsig:      omnipresent

key: 20426 (RSASHA512), ZSK
  published:      yes - since Sat Nov 21 00:31:44 2020
  zone signing:   yes - since Mon Dec 21 00:31:44 2020

  Next rollover scheduled on Sat Mar 20 22:26:44 2021
  - goal:           omnipresent
  - dnskey:         omnipresent
  - zone rrsig:     omnipresent

key: 5022 (RSASHA512), KSK
  published:      yes - since Tue Feb 16 01:47:35 2021
  key signing:    yes - since Tue Feb 16 01:47:35 2021

  Next rollover scheduled on Wed Feb 16 01:47:35 2022
  - goal:           omnipresent
  - dnskey:         omnipresent
  - ds:             rumoured
  - key rrsig:      omnipresent

I used rndc dnssec -checkds -key 5022 published _kage.hq.duckcorp.org yesterday right after replying to #2488 but his did not produce anything in the logs and the status is the same. The output (forgot to keep it so doing it again): KSK 5022: Marked DS as published since 18-Feb-2021 19:48:06.000. And I can confirm the is nothing in the logs except received control channel command.

I just used rndc loadkeys _kage.hq.duckcorp.org as suggested in #2488, so let's see if that's a similar problem.

\_o<

Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: isc-projects/bind9#2500