[Opendnssec-develop] Serial too large
Rickard Bellgrim
rickard.bellgrim at iis.se
Tue Jun 1 12:41:37 UTC 2010
On 1 jun 2010, at 14.33, Matthijs Mekking wrote:
> Should we increase the serial when doing a rollover, even if the serial
> is set to keep?
No
Updates of the signatures and the zone should only be possible when the serial has increased in the incoming zone when the serial is set to keep. Any changes are thus only done each time you release an updated zone from your provisioning system.
You will thereby also get these warnings when the KASP Enforcer tells the Signer Engine that it should use new keys. Because the Engine tries to fulfill this request, but cannot do that until a new serial arrives.
// Rickard
More information about the Opendnssec-develop
mailing list