[Opendnssec-develop] [OpenDNSSEC] #13: "engine: no new signatures, keeping zone" when changing zone parameters

OpenDNSSEC owner-dnssec-trac at kirei.se
Thu Aug 13 09:41:03 UTC 2009

#13: "engine: no new signatures, keeping zone" when changing zone parameters
Reporter:  mattias at nonetwork.se  |       Owner:  jakob  
    Type:  defect                |      Status:  new    
Priority:  minor                 |   Component:  Unknown
 Version:                        |    Keywords:         

 I'm not sure if this is a bug or me doing something wrong.
 But I have obsrevered on several occations the message
 "engine: no new signatures, keeping zone" i the logg when I have expected
 a new zone to be generated. This seams to happen when you don't really
 change any RRs. The changes I have done to the zone then could have been
 either just changing the zone serial in the SOA or zone encryption
 parameters in kasp.xml. Neither of thoose two changes have resulted in a
 new zone even thou I would expect them to.
 The work around for me was to clean the zone reletad files i
 /var/opendnssec/tmp/ and then run the sign command one again.

 Maybe this is two bugs?
 Perhaps ksmutil update should clean tmp if it detects changes for a
 zone(?is this how it works?) and maybe sign_engine should consider
 zoneserial in unsigned zone as a change, even thou it generates its own
 serial in signed zone.

Ticket URL: <http://trac.opendnssec.org/ticket/13>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list