[Opendnssec-user] time issues

Rickard Bellgrim rickard at opendnssec.org
Mon Jan 9 11:55:48 UTC 2012


> Perhaps I didn't express myself clearly. I don't claim this is due to the ldns bug.
> But the zone that was affected by the ldns bug didn't get a working key rollover (it happened during the time OpenDNSSEC was affected by the ldns bug), so the auditor haven't let it thru since then (because the pre-pulished key state was not seen by the auditor).
> After that, I noticed the SOA datecounter acceleration in OpenDNSSEC...

Ok, so the Auditor will fail each new signed zone. The Signer Engine
will then retry, thus also increasing the SOA serial. Correct me if I
am wrong here, Matthijs.

The odd thing here is that it does not increment with 1, but with 397.

// Rickard



More information about the Opendnssec-user mailing list