[Opendnssec-user] zone updates ignored?

Gilles Massen gilles.massen at restena.lu
Tue Nov 23 11:18:31 UTC 2010


Hello,

I have an almost delegation only zone that is regularly updated, but
configured with NSEC3+optout and only a handful DS records, so that the
DNSSEC-relevant data stays pretty much unchanged.

So the signer concludes correctly:

Nov 23 11:10:54 opendnssec ods-signerd: No new signatures, keeping zone

But there are a lot of other changes (starting with the serial, but also
other records) which have changed, but as no auditor (bad) and zone
export (very bad) is triggered, these changes don't propagate. If
something happens to the signatures, this works as expected.

This is OpenDNSSEC 1.1.2.

Is this a known problem / expected behaviour?

Best regards,
Gilles

-- 
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473



More information about the Opendnssec-user mailing list