reply: [Opendnssec-develop] signed serial > unsigned serial?

Jakob Schlyter jakob at kirei.se
Wed Sep 11 09:26:48 CEST 2013


On 11 sep 2013, at 09:15, "wangguodong" <wanggd at conac.cn> wrote:

> Because in the NEWG TLD applicant Guidebook, the registry's zone file should
> be accessed by a third party.( AGB SPECIFICATION 4,P43)

Is the 3rd party zone access for an unsigned or signed zone?

> So if a third party get an unsigned zone, the unsigned zone's serial is
> higher than the current signed zone(can be dug from the internet), this may
> be a problem.

I don't think is a real problem, but I do agree it might look strange. I also believe the signed zone serial should always be equal or higher than the unsigned version.

> So as this, I think it's better to ensure the signed zone's serial higher
> than the unsigned zone.

I agree.


	jakob



More information about the Opendnssec-develop mailing list