DNSSEC / BIND breakage

Wolfgang Rosenauer wolfgang.rosenauer at an-netz.de
Thu Oct 1 14:35:08 CEST 2015


one of my DNSSEC/DANE secured domains started breaking as of today and I
do not fully understand why.
Probably bright people here can point me to the correct resolution?

I'm using bind and its
auto-dnssec maintain;
inline-signing yes;

Also I'm not aware that my KSK and ZSK keys have any expiration date but
today DNSSEC started to fail apparently because my RRSIG signatures are
said to be expired.
Actually my first idea is that the automatic maintenance in bind failed
for some reason. So I deleted the journal and signed zone files and
started over by signing the zone from scratch. This at least improved
the situation a little bit according to

But still it seems to be broken and I'm lost currently to understand
what is wrong.

Thanks for any pointers,

More information about the dane-users mailing list