Year 2038 Problem?
T.Suzuki
tss at reflection.co.jp
Tue Apr 28 02:06:27 UTC 2020
One more question.
With 1.7.1, drill -S shows "Chase failed" in case of no DS.
It shows "Chase successful" with 1.7.0.
Did you change the way? (I think ether is fine.)
% drill -S smbc.co.jp soa @1.1.1.1
;; Number of trusted keys: 1
;; Chasing: smbc.co.jp. SOA
DNSSEC Trust tree:
smbc.co.jp. (SOA)
|---smbc.co.jp. (DNSKEY keytag: 11478 alg: 8 flags: 256)
|---smbc.co.jp. (DNSKEY keytag: 7150 alg: 8 flags: 257)
No trusted keys found in tree: first error was: No DNSSEC public key(s)
;; Chase failed.
On Sat, 22 Feb 2020 23:18:01 +0900
"T.Suzuki via Unbound-users" <unbound-users at lists.nlnetlabs.nl> wrote:
> Hi.
>
> drill -S failed by a RRSIG with the signature validity period
> after 03:14:07 UTC on 19 January 2038.
>
> drill -D looks fine.
>
> ~% drill -t -S uecac.jp soa @localhost
> ;; Number of trusted keys: 1
> ;; Chasing: uecac.jp. SOA
>
> DNSSEC Trust tree:
> uecac.jp. (SOA)
> |---DNSSEC signature has expiration date earlier than inception date:
> uecac.jp. 600 IN RRSIG SOA 13 2 600 20380120000000 20191016000000 3202 uecac.jp. OcPQG5hMJvK5CC1tIIU4B0YatN9VhOvtIP/5zPFfay1fseNkdfGjBCX4mjWo7zHZBvWNEl5kw9dCU4pCIHEcYw==
> For RRset:
> uecac.jp. 600 IN SOA ns.uecac.jp. tss.e-ontap.com. 2020012402 3600 600 86400 600
> With key:
> uecac.jp. 600 IN DNSKEY 256 3 13 DvfFNM9fhT9VLOpWT/uG7Vg1kKq1K9YgwQ460aWPsy1RMsR/6QC7g34sM1WRT1ueJjOJHS5uJgnbnVMNnv7WWw== ;{id = 3202 (zsk), size = 256b}
> |---uecac.jp. (DNSKEY keytag: 3202 alg: 13 flags: 256)
> |---DNSSEC signature has expiration date earlier than inception date:
> uecac.jp. 600 IN RRSIG DNSKEY 13 2 600 20380120000000 20191016000000 9942 uecac.jp. hlmbWiTKGJKm4Tme5VEV9/RpFqUQrY1KOf/GIByoVk+FbUc2sCZ1pljDPOVjMyVRP0/Q1SrwYdN/JJBa42+9UA==
> For RRset:
> uecac.jp. 600 IN DNSKEY 256 3 13 DvfFNM9fhT9VLOpWT/uG7Vg1kKq1K9YgwQ460aWPsy1RMsR/6QC7g34sM1WRT1ueJjOJHS5uJgnbnVMNnv7WWw== ;{id = 3202 (zsk), size = 256b}
> uecac.jp. 600 IN DNSKEY 257 3 13 N8Z+Ct12ZgednW/y4PPbr52b+YlQdegl4kAg/r2+mIuNt0nsKBTl8AYvxHgjoEiY8WkeHUDOkF4JdqFV1S64ww== ;{id = 9942 (ksk), size = 256b}
> With key:
> uecac.jp. 600 IN DNSKEY 257 3 13 N8Z+Ct12ZgednW/y4PPbr52b+YlQdegl4kAg/r2+mIuNt0nsKBTl8AYvxHgjoEiY8WkeHUDOkF4JdqFV1S64ww== ;{id = 9942 (ksk), size = 256b}
> |---uecac.jp. (DNSKEY keytag: 9942 alg: 13 flags: 257)
> No trusted keys found in tree: first error was: No DNSSEC public key(s)
> ;; Chase failed.
>
> ~% drill -D soa uecac.jp
> ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 22942
> ;; flags: qr rd ra ad ; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
>
> ~% drill -v
> drill version 1.7.1 (ldns version 1.7.1)
> Written by NLnet Labs.
>
> Copyright (c) 2004-2008 NLnet Labs.
> Licensed under the revised BSD license.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS
> FOR A PARTICULAR PURPOSE.
>
> --
> ------------------------------------------------------------------------------
> T.Suzuki
>
--
------------------------------------------------------------------------------
T.Suzuki
More information about the Unbound-users
mailing list