[Opendnssec-develop] Re: [OpenDNSSEC] #206: Run away zone serial ?

OpenDNSSEC owner-dnssec-trac at kirei.se
Thu Feb 24 09:23:38 UTC 2011


#206: Run away zone serial ?
------------------------------+---------------------------------------------
Reporter:  hostmaster@…       |        Owner:  matthijs
    Type:  defect             |       Status:  assigned
Priority:  major              |    Component:  Unknown 
 Version:  trunk              |   Resolution:          
Keywords:                     |  
------------------------------+---------------------------------------------

Comment (by matthijs):

 There is one function that updates the internal serial (zonedata.c:
 zonedata_update_serial()).
 zd->internal_serial = (prev + update);

 prev and update are determined depending on the <SOA><Serial> value in the
 signer configuration. For the
 datecounter for example (it looks like you are using datecounter):

 prev = zd->internal_serial;
 ...
 soa = (uint32_t) time_datestamp(0, "%Y%m%d", NULL) * 100;
 soa = se_max(zd->inbound_serial, soa);
 if (!DNS_SERIAL_GT(soa, prev)) {
    soa = prev + 1;
 }
 update = soa - prev;

 Furthermore, the internal serial maintained per domain is 0. To me, that
 is a hint that you just started up the signer engine daemon. However, you
 do have a file '1.168.192.in-addr.arpa.state'. There should have been a
 file '1.168.192.in-addr.arpa.denial' as well, that stores the internal
 states of the domains. I am wondering how that file looked like, that
 could give me more insight.

 For now, I have committed a fix in the 1.2. branch that allows any update
 on the first run (regardless of the previous and new serial value).
 Basically, an initialised flag that is set or not.

 Hope this helps.

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/206#comment:3>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC


More information about the Opendnssec-develop mailing list