[Opendnssec-user] time issues

Matthijs Mekking matthijs at nlnetlabs.nl
Tue Jan 10 11:28:16 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Fredrik,

Your logs were useful, thanks.
It turns out that after a failed audit, the internal serial is not
restored properly. I have committed a fix that makes sure the internal
serial does not wander off.

Best regards,
  Matthijs

On 01/09/2012 10:06 PM, Fredrik Pettai wrote:
> On Jan 9, 2012, at 1:30 PM, Matthijs Mekking wrote:
>> On 01/09/2012 12:55 PM, Rickard Bellgrim wrote:
>>>> Perhaps I didn't express myself clearly. I don't claim this is due to the ldns bug.
>>>> But the zone that was affected by the ldns bug didn't get a working key rollover (it happened during the time OpenDNSSEC was affected by the ldns bug), so the auditor haven't let it thru since then (because the pre-pulished key state was not seen by the auditor).
>>>> After that, I noticed the SOA datecounter acceleration in OpenDNSSEC...
>>>
>>> Ok, so the Auditor will fail each new signed zone. The Signer Engine
>>> will then retry, thus also increasing the SOA serial. Correct me if I
>>> am wrong here, Matthijs.
>>
>> That is correct.
>>
>>> The odd thing here is that it does not increment with 1, but with 397.
>>
>> That is indeed weird. The serial is maintained per zone (obviously), so
>> they can't be intervening with each other. I am curious to see the logs
>> with high verbosity (run ods-signerd -vvvvvv [...])
> 
> I guess this is what you are looking for:
> 
> Jan  9 19:40:17 hidden-master ods-signerd: [data] update serial: in=2012010402 internal=2012014379 out=2012010403 now=1326134417
> Jan  9 19:40:17 hidden-master ods-signerd: [data] update serial: 2012010403 + 497 = 2012014876
> 
> Do you need more info?
> 
> /P
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPDCDQAAoJEA8yVCPsQCW53Y0IAI50hNm+fycwfQWobAsapR7g
RAYu51tbclyWiKw7FoxbG4aLoopTcviyWQZfUH3bDPV0271ABaKXi0c+iKzi0q2K
6Z4L4fF5FZZYH6nPvg37ypB+pp0A3AO8nighjMgm3o12tmM1a5IO6atg18SggT4s
LB5Gep+Yf/pNLGQeqV8tmp02uxCgJooXXlEaXorARhyo37DB4TUKZIOVRv095gHR
N1I7SN4P+RuwpOegCd/e8kBsULjz9+cLbY+qadzux8JMJ3x/sDUBjeyE86K0we8K
5zmb3A5mVYUzurNQC6XEzXPWfJPkQr4zG8kiXOCWDFI3/YHQH363FQo0OG5Fw00=
=HYHv
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list