Hello All,
I seem to be missing the plot on re-signing keys. I had all my keys signed and golden and everything is working. I wrote a little perl script to re-sign all of my domains in one fell swoop, even generating new keys in the process. But obviously in my excitement I missed something.
So the command I use to re-sign my keys is as follows: $salt is generated by the script.
/usr/sbin/dnssec-signzone -S -A -3 $salt -N increment -o example.com -t /var/named/example.com.db
Running this command gets me a promising output of:
Verifying the zone using the following algorithms: NSEC3RSASHA1.
Zone fully signed:
Algorithm: NSEC3RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked
ZSKs: 1 active, 0 stand-by, 0 revoked
/var/named/example.com.db.signed
Signatures generated: 21
Signatures retained: 0
Signatures dropped: 0
Signatures successfully verified: 0
Signatures unsuccessfully verified: 0
Signing time in seconds: 0.052
Signatures per second: 400.472
Runtime in seconds: 0.077
However when i check one of the internet DNS Check tools (i.e. http://dnscheck.iis.se/ ) it still shows an expired signature:
DNSSEC signature expired: RRSIG(example.com/IN/SOA/13232)
Any idea what I am missing?
DNSSEC Expired Keys
Issues related to configuring your network
Return to “CentOS 7 - Networking Support”
Jump to
- CentOS General Purpose
- ↳ CentOS - FAQ & Readme First
- ↳ Announcements
- ↳ CentOS Social
- ↳ User Comments
- ↳ Website Problems
- CentOS 8 / 8-Stream / 9-Stream
- ↳ 8 /8-Stream / 9-Stream - General Support
- ↳ 8 /8-Stream / 9-Stream - Hardware Support
- ↳ 8 /8-Stream / 9-Stream - Networking Support
- ↳ 8 /8-Stream / 9-Stream - Security Support
- CentOS 7
- ↳ CentOS 7 - General Support
- ↳ CentOS 7 - Software Support
- ↳ CentOS 7 - Hardware Support
- ↳ CentOS 7 - Networking Support
- ↳ CentOS 7 - Security Support
- CentOS Legacy Versions
- ↳ CentOS 5
- ↳ CentOS 5 - General Support
- ↳ CentOS 5 - Software Support
- ↳ CentOS 5 - Hardware Support
- ↳ CentOS 5 - Networking Support
- ↳ CentOS 5 - Server Support
- ↳ CentOS 5 - Security Support
- ↳ CentOS 5 - Oracle Installation and Support
- ↳ CentOS 5 - Miscellaneous Questions
- ↳ CentOS 6
- ↳ CentOS 6 - General Support
- ↳ CentOS 6 - Software Support
- ↳ CentOS 6 - Hardware Support
- ↳ CentOS 6 - Networking Support
- ↳ CentOS 6 - Security Support