[Opendnssec-user] time issues
matthijs at nlnetlabs.nl
Mon Jan 9 12:30:47 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 01/09/2012 12:55 PM, Rickard Bellgrim wrote:
>> Perhaps I didn't express myself clearly. I don't claim this is due to the ldns bug.
>> But the zone that was affected by the ldns bug didn't get a working key rollover (it happened during the time OpenDNSSEC was affected by the ldns bug), so the auditor haven't let it thru since then (because the pre-pulished key state was not seen by the auditor).
>> After that, I noticed the SOA datecounter acceleration in OpenDNSSEC...
> Ok, so the Auditor will fail each new signed zone. The Signer Engine
> will then retry, thus also increasing the SOA serial. Correct me if I
> am wrong here, Matthijs.
That is correct.
> The odd thing here is that it does not increment with 1, but with 397.
That is indeed weird. The serial is maintained per zone (obviously), so
they can't be intervening with each other. I am curious to see the logs
with high verbosity (run ods-signerd -vvvvvv [...])
> // Rickard
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Opendnssec-user