[Pdns-users] DNSSEC Expiry with slaves

Troy Kelly troy.kelly at really.ai
Thu Aug 24 02:05:48 UTC 2017

Thank you in advance for your advice, I'm sure this is a simple one - I
just can't find anything that seems to resolve our issue.

We recently implemented DNSSEC, and then more recently had several of the
RRSIG's expire - and those domains become unoperational.

We use PowerDNS as a stealth master, with public nameservers supplied by
one of our infrastructure providers.

Where we don't make regular changes to the domain - we are going to keep
experiencing this expiry issue.

Is there some (cron job?) solution that we can implement to roll over and
notify a domain before the RRSIG's expire?

I had thought of a weekly pdnsutil increase-serial for every domain - but
it seems like a real kludge of a solution.

Cheers, Troy

This email and any attachments may contain confidential or privileged 
information and may be protected by copyright. You must not use or disclose 
them other than for the purposes for which they were supplied. The 
confidentiality and privilege attached to this message and attachment is 
not waived by reason of mistaken delivery to you. If you are not the 
intended recipient, you must not use, disclose, retain, forward or 
reproduce this message or any attachments. If you receive this message in 
error please notify the sender by return email or telephone, and destroy 
and delete all copies. Really Really, Inc. does not accept any 
responsibility for any loss or damage that may result from reliance on, or 
use of, any information contained in this email and/or attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170824/0ea1bf73/attachment.html>

More information about the Pdns-users mailing list