reply: [Opendnssec-develop] signed serial > unsigned serial?
jakob at kirei.se
Wed Sep 11 07:26:48 UTC 2013
On 11 sep 2013, at 09:15, "wangguodong" <wanggd at conac.cn> wrote:
> Because in the NEWG TLD applicant Guidebook, the registry's zone file should
> be accessed by a third party.( AGB SPECIFICATION 4,P43)
Is the 3rd party zone access for an unsigned or signed zone?
> So if a third party get an unsigned zone, the unsigned zone's serial is
> higher than the current signed zone(can be dug from the internet), this may
> be a problem.
I don't think is a real problem, but I do agree it might look strange. I also believe the signed zone serial should always be equal or higher than the unsigned version.
> So as this, I think it's better to ensure the signed zone's serial higher
> than the unsigned zone.
More information about the Opendnssec-develop