reply: [Opendnssec-develop] signed serial > unsigned serial?

wangguodong wanggd at
Wed Sep 11 07:15:46 UTC 2013


I think there is a relationship between the signed zone and unsigned zone. 

Because in the NEWG TLD applicant Guidebook, the registry's zone file should
be accessed by a third party.( AGB SPECIFICATION 4,P43)
So if a third party get an unsigned zone, the unsigned zone's serial is
higher than the current signed zone(can be dug from the internet), this may
be a problem.

So as this, I think it's better to ensure the signed zone's serial higher
than the unsigned zone.


发件人: opendnssec-develop-bounces at
[mailto:opendnssec-develop-bounces at] 代表 Yuri Schaeffer
发送时间: 2013年9月10日 22:38
收件人: opendnssec-develop at
主题: Re: [Opendnssec-develop] signed serial > unsigned serial?

> Should the signed serial always be higher than the unsigned serial?

I do not agree with the reporter that ODS should follow the unsigned serial.
As an admin you explicitly transfer the management responsibility to ODS.
The way you describe it is now sounds like the sanest solution to me. The
serial of an unpublished version of the zone is not relevant at all.


Composed on an actual keyboard: all typos genuine.
Opendnssec-develop mailing list
Opendnssec-develop at

More information about the Opendnssec-develop mailing list