reply: [Opendnssec-develop] signed serial > unsigned serial?

Jakob Schlyter jakob at
Wed Sep 11 07:26:48 UTC 2013

On 11 sep 2013, at 09:15, "wangguodong" <wanggd at> wrote:

> Because in the NEWG TLD applicant Guidebook, the registry's zone file should
> be accessed by a third party.( AGB SPECIFICATION 4,P43)

Is the 3rd party zone access for an unsigned or signed zone?

> So if a third party get an unsigned zone, the unsigned zone's serial is
> higher than the current signed zone(can be dug from the internet), this may
> be a problem.

I don't think is a real problem, but I do agree it might look strange. I also believe the signed zone serial should always be equal or higher than the unsigned version.

> So as this, I think it's better to ensure the signed zone's serial higher
> than the unsigned zone.

I agree.


More information about the Opendnssec-develop mailing list