Hi all,
I've a litte problem to get rollerd running and signing my zones if the ZSK of my zones are near expiring or expired.
rollerd is running but do nothing
startet with:
/usr/bin/perl /usr/sbin/rollerd -rrfile /etc/bind/all.rollrec -directory /etc/bind -logfile /dev/stdout
all.rollrec file:
skip "info rollrec"
version "2"
roll "mindorf-netz.de"
zonename "mindorf-netz.de"
zonefile "/etc/bind/zone-mindorf-netz.de.signed"
keyrec "/etc/bind/mindorf-netz.de.krf"
administrator "zonemaster@mindorf-netz.de"
kskphase "0"
zskphase "0"
ksk_rolldate "Thu Nov 20 11:33:43 2014"
ksk_rollsecs "1416483223"
zsk_rolldate "Thu Nov 20 11:33:43 2014"
zsk_rollsecs "1416483223"
maxttl "0"
display "1"
phasestart "new"
# optional records for RFC5011 rolling:
istrustanchor "no"
holddowntime "60D"
and my krf:
zone "mindorf-netz.de"
keyrec_type "zone"
zonefile "zone-mindorf-netz.de"
keyrec_signsecs "1416580022"
keyrec_signdate "Fri Nov 21 14:27:02 2014"
lastset "mindorf-netz.de-signset-00003"
signedzone "/etc/bind/zone-mindorf-netz.de.signed"
zskdirectory "/data/bind/etc"
kskdirectory "/data/bind/etc"
archivedir "/var/lib/dnssec-tools/archive"
endtime "1800"
kskcount "1"
zskcount "1"
zskcur "mindorf-netz.de-signset-00001"
zskpub "mindorf-netz.de-signset-00002"
szopts "-O full"
kskcur "mindorf-netz.de-signset-00003"
serial "2014112020"
rollmgr "rollerd"
lastcmd "-krfile mindorf-netz.de.krf -szopts -O full -genkeys -usensec3 -zone mindorf-netz.de zone-mindorf-netz.de"
set "mindorf-netz.de-signset-00001"
keyrec_setsecs "1416478797"
keyrec_setdate "Thu Nov 20 10:19:57 2014"
zonename "mindorf-netz.de"
set_type "zskcur"
keys "Kmindorf-netz.de.+008+11061"
set "mindorf-netz.de-signset-00002"
keyrec_setsecs "1416478797"
keyrec_setdate "Thu Nov 20 10:19:57 2014"
zonename "mindorf-netz.de"
set_type "zskpub"
keys "Kmindorf-netz.de.+008+29604"
key "Kmindorf-netz.de.+008+11061"
keyrec_type "zskcur"
algorithm "rsasha256"
random "/dev/urandom"
keypath "/data/bind/etc/Kmindorf-netz.de.+008+11061.key"
zsklength "1024"
zsklife "604800"
keyrec_gensecs "1416478798"
keyrec_gendate "Thu Nov 20 10:19:58 2014"
zonename "mindorf-netz.de"
key "Kmindorf-netz.de.+008+29604"
keyrec_type "zskpub"
algorithm "rsasha256"
random "/dev/urandom"
keypath "/data/bind/etc/Kmindorf-netz.de.+008+29604.key"
zsklength "1024"
zsklife "604800"
keyrec_gensecs "1416478798"
keyrec_gendate "Thu Nov 20 10:19:58 2014"
zonename "mindorf-netz.de"
set "mindorf-netz.de-signset-00003"
keyrec_setsecs "1416478798"
keyrec_setdate "Thu Nov 20 10:19:58 2014"
zonename "mindorf-netz.de"
set_type "kskcur"
keys "Kmindorf-netz.de.+008+30394"
key "Kmindorf-netz.de.+008+30394"
keyrec_type "kskcur"
algorithm "rsasha256"
random "/dev/urandom"
keypath "/data/bind/etc/Kmindorf-netz.de.+008+30394.key"
ksklength "2048"
ksklife "15768000"
revperiod "3888000"
keyrec_gensecs "1416478798"
keyrec_gendate "Thu Nov 20 10:19:58 2014"
zonename "mindorf-netz.de"
Has someone an idea why it is not signing my zones?
Regards,
xabbu