[knot-dns-users] Re: zone lost its KSK

Le mercredi 21 février 2024 à 10:31 +0100, libor.peltan via knot-dns- users a écrit : Hello, I don´t usually use keymgr, only when I'm fixing things, or if I want to make a KSK or alg. rollover. (according to git logs, the last knot.conf modification related to dnssec was on June 22 2023) I found this message only once in logs since august : # grep 'cleared future timers of auto-managed' knotd.log Jan 26 22:50:26 arrakeen knotd[3061]: notice: [durel.eu.] DNSSEC, cleared future timers of auto-managed key 7402 Jan 26 22:50:26 arrakeen knotd[3061]: notice: [merlusina.eu.] DNSSEC, cleared future timers of auto-managed key 46783 Jan 26 22:50:27 arrakeen knotd[3061]: notice: [geekwu.org.] DNSSEC, cleared future timers of auto-managed key 20414 Jan 26 22:50:43 arrakeen knotd[6154]: notice: [durel.eu.] DNSSEC, cleared future timers of auto-managed key 64035 Jan 26 22:50:43 arrakeen knotd[6154]: notice: [geekwu.org.] DNSSEC, cleared future timers of auto-managed key 20799 knotd[6154] is my internal-view instance, while knotd[3061] is the public one only merlusina.eu. & geekwu.org. was broken, durel.eu. was not. at 22:50 on Jan 26 I was probably playing boadgames in my local games association But actually, my logs are very strange : they jump from Feb 12 13:01 to Jan 26 22:50 Feb 12 13:01:37 arrakeen freshclam[2243]: Mon Feb 12 13:01:37 2024 -> daily.cld database is up-to-date (version: 27183, sigs: 2053128, f-level: 90, builder: raynman) Feb 12 13:01:37 arrakeen freshclam[2243]: Mon Feb 12 13:01:37 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Feb 12 13:01:37 arrakeen freshclam[2243]: Mon Feb 12 13:01:37 2024 -> bytecode.cld database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) Jan 26 22:50:00 arrakeen systemd-modules-load[580]: Inserted module 'firewire_sbp2' Jan 26 22:50:00 arrakeen systemd-modules-load[580]: Inserted module 'dummy' Jan 26 22:50:00 arrakeen systemd-modules-load[580]: Inserted module 'coretemp' Jan 26 22:50:00 arrakeen systemd-sysctl[598]: Couldn't write '1' to 'net/netfilter/nf_conntrack_acct', ignoring: No such file or directory Jan 26 22:50:00 arrakeen kernel: [ 0.000000] microcode: microcode updated early to revision 0x1d, date = 2018-05-11 Jan 26 22:50:00 arrakeen systemd-sysctl[598]: Couldn't write '1' to 'net/ipv4/conf/pacserve/mc_forwarding', ignoring: No such file or directory Jan 26 22:50:00 arrakeen kernel: [ 0.000000] Linux version 6.1.0-18-amd64 (debian-kernel(a)lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) Jan 26 22:50:00 arrakeen kernel: [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-6.1.0-18-amd64 root=LABEL=SSDROOT ro intremap=off reboot=cold raid=noautodetect quiet [...] Jan 26 22:50:11 arrakeen Tor[3150]: Received local state file with skewed time (/var/lib/tor/state): It seems that our clock is behind by 15 days, 23 hours, 23 minutes, or that theirs is ahead. Tor requires an accurate clock to work: please check your time, timezone, and date settings. [...] Jan 26 22:50:12 arrakeen vnstatd[2450]: Info: Latest database update is in the future (db: 2024-02-12 13:00:00 > now: 2024-01-26 22:50:12). Giving the system clock up to 5 minutes to sync before continuing. [...] Jan 26 22:59:48 arrakeen ntpd[3104]: IO: new interface(s) found: waking up resolver Feb 12 21:38:02 arrakeen ntpd[3104]: CLOCK: time stepped by 1463893.399700 Feb 12 21:38:02 arrakeen ntpd[3104]: CLOCK: time changed from 2024-01-26 to 2024-02-12 So I guess the power cut messed with the computer date in a way or another, and this is probably the thing that got timer to be purged. Maybe I should make sure knotd starts after ntpd ^^ Regards, -- Bastien