[Opendnssec-develop] [OpenDNSSEC] #165: Patch: Incrementing SOA in the signer engine
OpenDNSSEC
owner-dnssec-trac at kirei.se
Wed Aug 4 14:13:43 UTC 2010
#165: Patch: Incrementing SOA in the signer engine
--------------------+-------------------------------------------------------
Reporter: vanrein | Owner: matthijs
Type: defect | Status: new
Priority: major | Component: Signer
Version: 1.1.1 | Keywords:
--------------------+-------------------------------------------------------
When we decide to sign a domain, it stops being published directly, and
instead goes through OpenDNSSEC. If this happens, several of the SOA
numbering disciplines for the signer use a SOA value that is not higher
than the value for the unsigned zone. As a result, the authoritative name
servers don't pick up on the fact that OpenDNSSEC signed the zone.
The attached patch fixes the SOA numbering discipline in such a way that
the outgoing SOA will always be more than the incoming, to circumvent this
problem. A similar problem exists when going back from signed to
unsigned, but that cannot be resolved in OpenDNSSEC.
--
Ticket URL: <http://trac.opendnssec.org/ticket/165>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list