Year 2038 Problem?
T.Suzuki
tss at reflection.co.jp
Sat Feb 22 14:18:01 UTC 2020
Hi.
drill -S failed by a RRSIG with the signature validity period
after 03:14:07 UTC on 19 January 2038.
drill -D looks fine.
~% drill -t -S uecac.jp soa @localhost
;; Number of trusted keys: 1
;; Chasing: uecac.jp. SOA
DNSSEC Trust tree:
uecac.jp. (SOA)
|---DNSSEC signature has expiration date earlier than inception date:
uecac.jp. 600 IN RRSIG SOA 13 2 600 20380120000000 20191016000000 3202 uecac.jp. OcPQG5hMJvK5CC1tIIU4B0YatN9VhOvtIP/5zPFfay1fseNkdfGjBCX4mjWo7zHZBvWNEl5kw9dCU4pCIHEcYw==
For RRset:
uecac.jp. 600 IN SOA ns.uecac.jp. tss.e-ontap.com. 2020012402 3600 600 86400 600
With key:
uecac.jp. 600 IN DNSKEY 256 3 13 DvfFNM9fhT9VLOpWT/uG7Vg1kKq1K9YgwQ460aWPsy1RMsR/6QC7g34sM1WRT1ueJjOJHS5uJgnbnVMNnv7WWw== ;{id = 3202 (zsk), size = 256b}
|---uecac.jp. (DNSKEY keytag: 3202 alg: 13 flags: 256)
|---DNSSEC signature has expiration date earlier than inception date:
uecac.jp. 600 IN RRSIG DNSKEY 13 2 600 20380120000000 20191016000000 9942 uecac.jp. hlmbWiTKGJKm4Tme5VEV9/RpFqUQrY1KOf/GIByoVk+FbUc2sCZ1pljDPOVjMyVRP0/Q1SrwYdN/JJBa42+9UA==
For RRset:
uecac.jp. 600 IN DNSKEY 256 3 13 DvfFNM9fhT9VLOpWT/uG7Vg1kKq1K9YgwQ460aWPsy1RMsR/6QC7g34sM1WRT1ueJjOJHS5uJgnbnVMNnv7WWw== ;{id = 3202 (zsk), size = 256b}
uecac.jp. 600 IN DNSKEY 257 3 13 N8Z+Ct12ZgednW/y4PPbr52b+YlQdegl4kAg/r2+mIuNt0nsKBTl8AYvxHgjoEiY8WkeHUDOkF4JdqFV1S64ww== ;{id = 9942 (ksk), size = 256b}
With key:
uecac.jp. 600 IN DNSKEY 257 3 13 N8Z+Ct12ZgednW/y4PPbr52b+YlQdegl4kAg/r2+mIuNt0nsKBTl8AYvxHgjoEiY8WkeHUDOkF4JdqFV1S64ww== ;{id = 9942 (ksk), size = 256b}
|---uecac.jp. (DNSKEY keytag: 9942 alg: 13 flags: 257)
No trusted keys found in tree: first error was: No DNSSEC public key(s)
;; Chase failed.
~% drill -D soa uecac.jp
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 22942
;; flags: qr rd ra ad ; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
~% drill -v
drill version 1.7.1 (ldns version 1.7.1)
Written by NLnet Labs.
Copyright (c) 2004-2008 NLnet Labs.
Licensed under the revised BSD license.
There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.
--
------------------------------------------------------------------------------
T.Suzuki
More information about the Unbound-users
mailing list