Path: csiph.com!news.uzoreto.com!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail
From: Marcel de Riedmatten <mdr@dotforge.ch>
Newsgroups: comp.protocols.dns.bind
Subject: Re: dnssec-keygen getting dates wrong
Date: Sun, 30 Aug 2020 21:03:36 +0200
Lines: 30
Approved: bind-users@lists.isc.org
Message-ID: <mailman.846.1598814177.942.bind-users@lists.isc.org>
References: <f8b5eb0d-9573-4b87-7694-0c9cd363e6f4@posix.co.za> <1598814216.24772.5.camel@dotforge.ch>
NNTP-Posting-Host: lists.isc.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Trace: usenet.stanford.edu 1598814228 20978 149.20.1.60 (30 Aug 2020 19:03:48 GMT)
X-Complaints-To: action@cs.stanford.edu
To: bind-users@lists.isc.org
Return-Path: <mdr@dotforge.ch>
X-Original-To: bind-users@lists.isc.org
Delivered-To: bind-users@lists.isc.org
In-Reply-To: <f8b5eb0d-9573-4b87-7694-0c9cd363e6f4@posix.co.za>
X-Mailer: Evolution 3.18.5.2-0ubuntu3.2
X-Spam-Status: No, score=0.0 required=5.0 tests=SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-BeenThere: bind-users@lists.isc.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive: <https://lists.isc.org/pipermail/bind-users/>
List-Post: <mailto:bind-users@lists.isc.org>
List-Help: <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID: <1598814216.24772.5.camel@dotforge.ch>
X-Mailman-Original-References: <f8b5eb0d-9573-4b87-7694-0c9cd363e6f4@posix.co.za>
Xref: csiph.com comp.protocols.dns.bind:16079

Le dimanche 30 août 2020 à 12:58 +0200, Mark Elkins a écrit :
> Running BIND.. 9.16.6 on a Gentoo machine - so BIND is kept very much
> up to date.
> dnssec-keygen - Version: 9.16.6
> 
> I create DNSSEC Keys in a manual process and in order to see when a
> Key was created (so I can rotate them - etc..) I look at the Creation
> date inside the 'key' file....
> # dnssec-keygen -a RSASHA256 fubar.com
> # cat Kfubar.com.+008+21010.key 
> ; This is a zone-signing key, keyid 21010, for fubar.com.
> ; Created: 20200830105653 (Sun Aug 30 12:56:53 202)
> ; Publish: 20200830105653 (Sun Aug 30 12:56:53 202)
> ; Activate: 20200830105653 (Sun Aug 30 12:56:53 202)
> 
> Can anyone spot an issue? Look carefully at the creation date, the
> year in particular!


Hi

it looks like a pretty printing issue.

# dnssec-settime -p all Kfubar.com.+008+21010.key

should give you the correct timestamp.

-- 
Marcel de Riedmatten