info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: dnssec-keygen getting dates wrong
13 views
Skip to first unread message
Marcel de Riedmatten
Aug 30, 2020, 3:03:49 PM8/30/20
to bind-...@lists.isc.org
Le dimanche 30 août 2020 à 12:58 +0200, Mark Elkins a écrit :
> Running BIND.. 9.16.6 on a Gentoo machine - so BIND is kept very much
> up to date.
> dnssec-keygen - Version: 9.16.6
>
> I create DNSSEC Keys in a manual process and in order to see when a
> Key was created (so I can rotate them - etc..) I look at the Creation
> date inside the 'key' file....
> # dnssec-keygen -a RSASHA256 fubar.com
> # cat Kfubar.com.+008+21010.key
> ; This is a zone-signing key, keyid 21010, for fubar.com.
> ; Created: 20200830105653 (Sun Aug 30 12:56:53 202)
> ; Publish: 20200830105653 (Sun Aug 30 12:56:53 202)
> ; Activate: 20200830105653 (Sun Aug 30 12:56:53 202)
>
> Can anyone spot an issue? Look carefully at the creation date, the
> year in particular!
Hi
it looks like a pretty printing issue.
# dnssec-settime -p all Kfubar.com.+008+21010.key
should give you the correct timestamp.
--
Marcel de Riedmatten
> Running BIND.. 9.16.6 on a Gentoo machine - so BIND is kept very much
> up to date.
> dnssec-keygen - Version: 9.16.6
>
> I create DNSSEC Keys in a manual process and in order to see when a
> Key was created (so I can rotate them - etc..) I look at the Creation
> date inside the 'key' file....
> # dnssec-keygen -a RSASHA256 fubar.com
> # cat Kfubar.com.+008+21010.key
> ; This is a zone-signing key, keyid 21010, for fubar.com.
> ; Created: 20200830105653 (Sun Aug 30 12:56:53 202)
> ; Publish: 20200830105653 (Sun Aug 30 12:56:53 202)
> ; Activate: 20200830105653 (Sun Aug 30 12:56:53 202)
>
> Can anyone spot an issue? Look carefully at the creation date, the
> year in particular!
Hi
it looks like a pretty printing issue.
# dnssec-settime -p all Kfubar.com.+008+21010.key
should give you the correct timestamp.
--
Marcel de Riedmatten
Mark Andrews
Aug 30, 2020, 8:51:08 PM8/30/20
to Marcel de Riedmatten, bind-...@lists.isc.org
This is fixed in
5486. [func] Add 'rndc dnssec -checkds' command to tell named
that the DS record has been published in the parent.
[GL #1613]
Which is in the next maintenance release.
Mark
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
5486. [func] Add 'rndc dnssec -checkds' command to tell named
that the DS record has been published in the parent.
[GL #1613]
Which is in the next maintenance release.
Mark
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
0 new messages