[Opendnssec-user] SOA serial keep behavior

Anirban Mukherjee amukherj at gmail.com
Sun May 2 19:25:11 UTC 2010

Is it correct to expect the following if SOA Serial is set to "keep"
in the concerned policy ?

i) The very first time a zone is signed, the SOA serial of the signed
file will be the same as that of the unsigned file.

ii) Post the first-time signing, if a sign zone command is issued
without incrementing the serial number of the unsigned file, the
signing fails with an error saying that the serial number has not
increased i.e. an attempt to resign a zone fails unless the serial
number has been incremented.


More information about the Opendnssec-user mailing list