Search Engine: Elastic

Article ID: 130571, created on Apr 4, 2017, last review on Apr 4, 2017

  • Applies to:
  • Operations Automation 7.0


For a DNSSEC-enabled domain in OA, the following error is shown on zone validation or during BIND service start-up:

[root@ns1 ~]# named-checkzone -d /var/named/
loading "" from "/var/named/" class "IN"
/var/named/ no TTL specified; using SOA MINTTL instead
/var/named/ signature has expired
zone loaded serial 281 (DNSSEC signed)


The issue is recognized as POA-110780: Too long expiration date for RRSIG/KSK/ZSK causes BIND validation errors.


There is no impact on DNS resolution for the affected domains by this issue. There is no workarounds to fix the warnings - any zone update triggered from OA will re-write the expiration date of DNSSEC keys.

Contact your TAM/PTA team in order to clarify the status of the issue.

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 0871c0b47b3b86ae3b1af4c2942cd0ce 1941880841f714e458ae4dc3d9f3062d

Email subscription for changes to this article
Save as PDF