[Opendnssec-user] Message: Cannot keep input serial 2010070514, output serial 2010070514 is too large. Aborting operation

Rickard Bellgrim rickard.bellgrim at iis.se
Mon Jul 5 17:08:05 UTC 2010

Which is the keep mode. If you want to push out a new zone, then update the serial. Name servers will only fetch the zone if the serial have increased.

5 jul 2010 kl. 17:13 skrev "Carsten Strotmann (Men&Mice)" <carsten at menandmice.com>:

> Hello Rickard,
> On 07/ 5/10 03:29 PM, Rickard Bellgrim wrote:
>> On 5 jul 2010, at 15.18, Carsten Strotmann (Men&Mice) wrote:
>>> Why is 2010070514 too large? Is this anything to be concerned
>>> about
>> If you use the SOA serial mode "keep", then the output serial must be
>> smaller than the input serial. Otherwise will the signer not sign
>> your zone. The signer will try each resign period until you have
>> updated the SOA serial in the unsigned zone.
>> // Rickard
> ok, that was a misunderstanding on my side. I was thinking that "keep" 
> means that opendnssec should just not care about the serial, just sign.
> Would it be possible to have a serial number mode of "ignore", that will 
> basically not look at the serial at all but will sign whenever the user 
> will give a ods-signer sign <zone> command? This would be useful in 
> cases where the serial is already managed by a different tool/script.
> -- Carsten

More information about the Opendnssec-user mailing list