[Opendnssec-user] Message: Cannot keep input serial 2010070514, output serial 2010070514 is too large. Aborting operation
Rickard Bellgrim
rickard.bellgrim at iis.se
Mon Jul 5 17:08:05 UTC 2010
Which is the keep mode. If you want to push out a new zone, then update the serial. Name servers will only fetch the zone if the serial have increased.
5 jul 2010 kl. 17:13 skrev "Carsten Strotmann (Men&Mice)" <carsten at menandmice.com>:
> Hello Rickard,
>
> On 07/ 5/10 03:29 PM, Rickard Bellgrim wrote:
>>
>> On 5 jul 2010, at 15.18, Carsten Strotmann (Men&Mice) wrote:
>>
>>> Why is 2010070514 too large? Is this anything to be concerned
>>> about
>>
>> If you use the SOA serial mode "keep", then the output serial must be
>> smaller than the input serial. Otherwise will the signer not sign
>> your zone. The signer will try each resign period until you have
>> updated the SOA serial in the unsigned zone.
>>
>> // Rickard
>
> ok, that was a misunderstanding on my side. I was thinking that "keep"
> means that opendnssec should just not care about the serial, just sign.
>
> Would it be possible to have a serial number mode of "ignore", that will
> basically not look at the serial at all but will sign whenever the user
> will give a ods-signer sign <zone> command? This would be useful in
> cases where the serial is already managed by a different tool/script.
>
> -- Carsten
More information about the Opendnssec-user
mailing list