[Opendnssec-user] time issues

Matthijs Mekking matthijs at nlnetlabs.nl
Mon Jan 9 12:30:47 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/09/2012 12:55 PM, Rickard Bellgrim wrote:
>> Perhaps I didn't express myself clearly. I don't claim this is due to the ldns bug.
>> But the zone that was affected by the ldns bug didn't get a working key rollover (it happened during the time OpenDNSSEC was affected by the ldns bug), so the auditor haven't let it thru since then (because the pre-pulished key state was not seen by the auditor).
>> After that, I noticed the SOA datecounter acceleration in OpenDNSSEC...
> 
> Ok, so the Auditor will fail each new signed zone. The Signer Engine
> will then retry, thus also increasing the SOA serial. Correct me if I
> am wrong here, Matthijs.

That is correct.

> The odd thing here is that it does not increment with 1, but with 397.

That is indeed weird. The serial is maintained per zone (obviously), so
they can't be intervening with each other. I am curious to see the logs
with high verbosity (run ods-signerd -vvvvvv [...])

Best regards,
  Matthijs

> 
> // Rickard
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPCt33AAoJEA8yVCPsQCW57a0IAJUK6YIBjjGkEpFdCAKa9xNF
INOZxbKXcIWJRE8wrvjj4z8SbZGC09+C/oQ8MaWSzUpCfXYNXjQkeSfQFB6ZdNBI
cSHSXng4wqtWu/MWsBZBH/NiiHNlmvvsaJn8Xd+FUdDR9poOq8fsCRxa3xGD3Mu2
VWmMyEYSoc8V0YnCdlbGEqfMClzGqeE31YZ6+tdrCeZSBvdYRc+GPVv7f0h/udH4
qDST55UJMKNYcQdPyRu/UhCGWVt1Xkl+3Tc/tau2sE7wxrMGfCJmLq+6S2GM66Kl
Hv+j1WB2UDztKLqDNtHWTRAOVoOiu5qK7Z+NGpcDnYZQxbW//3BObzcc6Jh0qPw=
=qK0A
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list