[Opendnssec-user] zone updates ignored?
Gilles Massen
gilles.massen at restena.lu
Tue Nov 23 13:30:27 UTC 2010
Hi Rickard,
>> This is OpenDNSSEC 1.1.2.
>>
>> Is this a known problem / expected behaviour?
>
> I could not replicate this. What data is changing? What serial mode
> do you have?
Apart from the serial (obviously), delegations and glue are
added/removed/changed (this is a TLD zone). Serial format for the input
zone is YYYYmmddnn and serial mode in the policy is datecounter.
> I have tried running with NSEC3+optout and changing only NS or glue.
> Then giving the command ods-signer sign <zone>. But everything works.
> The data gets propagated. I have tried both unixtime and keep mode.
I'm almost sure that I have seen this before but it does not happen all
the time (first time I dismissed it as a user error).
But I think things are a bit worse than I imagined: actually all
modifications since 17/11 were ignored. A few data points:
- the signer recognizes the input file:
Nov 23 13:40:54 opendnssec ods-signerd: set serial to 2010112312
(The unsigned input serial was 2010112311, in the output I still have
2010112304)
- the tmp files .serial, .nssecced, .optout, .sorted, .unsorted are
timestamped to 2010-11-17. A few quick checks indicate that these files
are the ongoing base to the exported file.
So the input serial is taken into consideration, the signatures are
updates if necessary, only the content isn't.
What should I look at in order to keep useful information (before
kicking the temp files)?
Gilles
--
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473
More information about the Opendnssec-user
mailing list