[Opendnssec-user] Message: Cannot keep input serial 2010070514, output serial 2010070514 is too large. Aborting operation
Carsten Strotmann (Men&Mice)
carsten at menandmice.com
Mon Jul 5 15:13:00 UTC 2010
Hello Rickard,
On 07/ 5/10 03:29 PM, Rickard Bellgrim wrote:
>
> On 5 jul 2010, at 15.18, Carsten Strotmann (Men&Mice) wrote:
>
>> Why is 2010070514 too large? Is this anything to be concerned
>> about
>
> If you use the SOA serial mode "keep", then the output serial must be
> smaller than the input serial. Otherwise will the signer not sign
> your zone. The signer will try each resign period until you have
> updated the SOA serial in the unsigned zone.
>
> // Rickard
ok, that was a misunderstanding on my side. I was thinking that "keep"
means that opendnssec should just not care about the serial, just sign.
Would it be possible to have a serial number mode of "ignore", that will
basically not look at the serial at all but will sign whenever the user
will give a ods-signer sign <zone> command? This would be useful in
cases where the serial is already managed by a different tool/script.
-- Carsten
More information about the Opendnssec-user
mailing list