[Opendnssec-develop] Serial too large
Rickard Bellgrim
rickard.bellgrim at iis.se
Wed Jun 2 13:43:21 UTC 2010
On 2 jun 2010, at 15.27, Rick Zijlker wrote:
> I still don't understand how the output serial can be 'too large'? It was 1000 and still is 1000.
The update command from the Enforcer triggers the Signer Engine to re-read the configuration but also to resort the unsigned zone.
You get different code path for the regular resign and the update command:
RESORT (update command will set this action):
492 if self.zone_config.soa_serial == "keep" and \
493 self.compare_serial(ser_out, ser_in) <= 0:
494 syslog.syslog(syslog.LOG_ERR, "Cannot keep input serial " + str(ser_in) +\
495 ", output serial " + str(ser_out) +\
496 " is too large. Aborting operation")
RESIGN:
558 if self.compare_serial(prev_serial, soa_serial) <= 0:
559 syslog.syslog(syslog.LOG_ERR,
560 "Error: serial setting is set to 'keep', but input "
561 "serial has not increased. Aborting sign operation "
562 "for " + self.zone_name)
More information about the Opendnssec-develop
mailing list