[Opendnssec-user] Re: OpenDNSSEC 1.3.0b1
Tom Hendrikx
tom at whyscream.net
Wed Mar 23 21:02:56 UTC 2011
On 23/03/11 15:46, Rickard Bellgrim wrote:
> Version 1.3.0b1 of OpenDNSSEC has now been released.
> * Signer Engine: Simpler serial maintenance, reduces the number of conflicts. Less chance to hit a ‘cannot update: serial too small’ error message..
I just upgraded to 1.3.0b1 (from 1.2.1), and after the restart I'm
seeing some interesting stuff in my logging:
2011-03-23T21:44:04+0100 [ods-auditor] Auditor started
2011-03-23T21:44:04+0100 [ods-auditor] Auditor starting on example.nl
2011-03-23T21:44:04+0100 [ods-auditor] SOA differs : from 1 to 2011032300
2011-03-23T21:44:04+0100 [ods-auditor] Auditing example.nl zone : NSEC3
SIGNED
2011-03-23T21:44:05+0100 [ods-auditor] SOA serial has decreased - used
to be 2011032302 but is now 2011032300
2011-03-23T21:44:05+0100 [ods-auditor] Finished auditing example.nl zone
2011-03-23T21:44:05+0100 [ods-signerd] [worker[1]] backoff task [read]
for zone example.nl with 480 seconds
The unsigned zone file has serial '1' (to remind me that the serial is
controlled by opendnssec), the signed/published zone file has 2011032302
(serial=datecounter in kasp.xml)
It seems to me as if serial=datecounter was simplified to use today's
date, but does not account for the serial updates that already have been
done on the same day. I'll wait and see if it gets resolved by itself
when the date changes to 20110324...
Regards,
Tom
More information about the Opendnssec-user
mailing list