[Opendnssec-user] time issues
Fredrik Pettai
pettai at nordu.net
Mon Jan 9 21:06:57 UTC 2012
On Jan 9, 2012, at 1:30 PM, Matthijs Mekking wrote:
> On 01/09/2012 12:55 PM, Rickard Bellgrim wrote:
>>> Perhaps I didn't express myself clearly. I don't claim this is due to the ldns bug.
>>> But the zone that was affected by the ldns bug didn't get a working key rollover (it happened during the time OpenDNSSEC was affected by the ldns bug), so the auditor haven't let it thru since then (because the pre-pulished key state was not seen by the auditor).
>>> After that, I noticed the SOA datecounter acceleration in OpenDNSSEC...
>>
>> Ok, so the Auditor will fail each new signed zone. The Signer Engine
>> will then retry, thus also increasing the SOA serial. Correct me if I
>> am wrong here, Matthijs.
>
> That is correct.
>
>> The odd thing here is that it does not increment with 1, but with 397.
>
> That is indeed weird. The serial is maintained per zone (obviously), so
> they can't be intervening with each other. I am curious to see the logs
> with high verbosity (run ods-signerd -vvvvvv [...])
I guess this is what you are looking for:
Jan 9 19:40:17 hidden-master ods-signerd: [data] update serial: in=2012010402 internal=2012014379 out=2012010403 now=1326134417
Jan 9 19:40:17 hidden-master ods-signerd: [data] update serial: 2012010403 + 497 = 2012014876
Do you need more info?
/P
More information about the Opendnssec-user
mailing list