[Opendnssec-user] DNSKEY signature expired
odsu at c20.ksac.uk
Mon May 3 11:39:17 UTC 2021
I have a zone managed by OpenDNSSEC 2 which now is not resolved by
validating resolvers. The reason appears to be that the RRSIG over the
DNSKEY RRset has been allowed to expire by ods-signer.
Ie. (crudely obfuscated):-
> my_domain.tld. 3600 IN RRSIG DNSKEY 13 3 3600 20210501213711 20210418073317 47867 my_domain.tld. BIzcTyvmGi/OcLaBdXMExes/iyHkrUC1qOhg4W4ybcjsS/zAXz65NJBa oojfCzX7gUo/DD9mXaMFZTyWm8iLpA==
The signer does run for the domain but does not regenerate this signature.
Can anyone suggest what might be causing this error?
More information about the Opendnssec-user