[Opendnssec-user] confusing error messages
Matthijs Mekking
matthijs at NLnetLabs.nl
Tue Aug 16 08:01:57 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/16/2011 09:43 AM, Miek Gieben wrote:
> Hello,
>
> I'm getting these lines in the logs while trying to sign:
>
> signertest ods-signerd: [data] cannot keep SOA SERIAL from input zone (2011032205): output SOA SERIAL is 2011032205
> signertest ods-signerd: [zone] unable to update
> signertest ods-signerd: [worker[2]] unable to sign serial: failed to increment zone nl: failed to increment serial
>
> But the setting is 'keep':
>
> $ ods-ksmutil policy export -p default | grep Serial
> <Serial>keep</Serial>
>
> I'm I doing something wrong here?
Hi Miek,
The 'keep' value tells the signer that the operator manually updates the
serial in the unsigned zone file.
If the signer is triggered to sign, it should increment the outbound
serial. However, with <Serial>keep</Serial> it MUST use the serial from
the input zone to increment the outbound serial. If that value is not
greater than the outbound serial, the signer is unable to sign the zone.
Best regards,
Matthijs
>
> grtz,
>
> --
> Miek
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOSiP1AAoJEA8yVCPsQCW5h6UIAL6Zya14dQVgVG/+xC81Rtv9
4NYABdvg8xq9y645qo8Vpsgpwn7TsV+6v+MzmumfuAHnyxldb4TCjj1sK61l3xPL
e+DXQ9Zi3PB9L/dU38f7dAz4BAjXldcwHVkQTaPDFku31C5fVb9D4N48wZKw/xuG
BgqIE57aHhXn4KiPmYyr3mraQjpDk3OB7exEhh/3j2p75mixsq1Clr7Ix7/z2QsK
B9FYmiKLDpsuQjiMPHyP8+yefr7J0W+mumVl0c035JxHGFkMf/fnY6nkaiA3FiLU
BtwDi0hN8k/ZlHcVcMz1Z4lnSo3SrcIzQvTbdUVSc4HQP01ZKVsSvw0JwH+kns4=
=tMI+
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list