[Opendnssec-develop] signed serial > unsigned serial?
sion at nominet.org.uk
Tue Sep 10 13:58:04 UTC 2013
What is the use-case? So long as the serial in the published zone is
always increasing then we are okay surely...
On 10/09/13 14:01, Matthijs Mekking wrote:
> Should the signed serial always be higher than the unsigned serial?
> I have written my thoughts down here:
> As a reaction to the report SUPPORT-73. My initial thoughts:
> Should we always have the signed serial to be higher than the unsigned
> serial? We now only do that if the signer has no state about the zone
> (eg "first run").
> In case of keep: no.
> In case of unixtime: I would prefer to use unixtime if possible.
> In case of datecounter: I would prefer to use datecounter if possible.
> In case of counter: We could consider this.
> But that will only happen if the signer reads the unsigned zone, as we
> only read the unsigned zone if the operator specifically tells us to do
> with "ods-signer sign <zone>" (or in case of DNS adapters, the master
> gives us a NOTIFY, or the REFRESH/RETRY timer has triggered).
> So in case of a regular re-sign, we cannot satisfy this requirement.
> Take this as a starting point of the discussion and I like your thoughts
> on this, whether we should accept this feature request or stick to the
> current behavior.
> Best regards,
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
More information about the Opendnssec-develop