[Opendnssec-user] Number of non-DNSSEC resource records differs

Einar Bjarni Halldórsson einar at isnic.is
Fri Mar 2 16:53:52 UTC 2012


Hi,

We're running ods packages from ports on a FreeBSD 8.1 server, version 1.3.5. Our inbound zone file is segmented with $INCLUDE directives. The auditor seems to be having trouble with this, since I get this in the logs:

ods-auditor[58671]: Number of non-DNSSEC resource records differs : 2 in /var/opendnssec/tmp/is.inbound, and 89393 in /var/opendnssec/tmp/is.finalized

I had to turn on partial auditing to get ods to sign the zone at all. Is there a workaround for segmented zone files or is the only choice to use one complete zone file as input to ods?

.einar

p.s. Every hour, at 25 minutes past the hour the signerd tries to resign the zone, even though we did not call ods-signer, and fails since we're using serial=keep and the serial hasn't changed. What could be causing this? It introduces unnecessary output in the logs and we'd rather always call ods-signer ourselves when the zone is updated. 


More information about the Opendnssec-user mailing list