[Opendnssec-user] time issues

Rickard Bellgrim rickard at opendnssec.org
Thu Jan 5 07:34:37 UTC 2012


> Another question regarding the problems that ldns caused for OpenDNSSEC,
> is it possible to clear/change OpenDNSSECs internal SOA serial ?
>
> I noticed that some zones have gotten "interesting" serials as side-effect of what happened:

That is another code and is not affected by the ldns bug.

> Jan  4 19:11:35 hidden-master ods-auditor[6296]: SOA differs : from 2012010401 to 2065302802
>
> The configuration says it should be type "datecounter", but it doesn't look like a ordinary date any more...

A real date can only be set if the current or inbound serial is lower
then the current date. If that is not the case, than it will just
increase the previous value with one. Have you ever had an inbound
serial with a high value?

To fix this, you can wrap the serial number in the unsigned zone:
http://www.zytrax.com/books/dns/ch9/serial.html

// Rickard



More information about the Opendnssec-user mailing list