[Opendnssec-user] Number of non-DNSSEC resource records differs

Jerry Lundström jerry at opendnssec.org
Fri Mar 2 17:13:59 UTC 2012


Hi Einar,

On 2 mar 2012, at 17:53, "Einar Bjarni Halldórsson" <einar at isnic.is> wrote:

> I had to turn on partial auditing to get ods to sign the zone at all. Is there a workaround for segmented zone files or is the only choice to use one complete zone file as input to ods?

I am unsure if the Auditor can handle include but since it is
deprecated and removed in next version (1.4) you might want to use a
different software if you wish to validate your zone before pushing it
out.

> p.s. Every hour, at 25 minutes past the hour the signerd tries to resign the zone, even though we did not call ods-signer, and fails since we're using serial=keep and the serial hasn't changed. What could be causing this? It introduces unnecessary output in the logs and we'd rather always call ods-signer ourselves when the zone is updated.

Have you set resalting to every 1 hour?

It would help to ser the logs and the configure files (conf.xml /
kasp.xml / zonelist.xml).

You can send them offlist or make a support issue on our JIRA and we
will take a look at it.

https://wiki.opendnssec.org/display/DOCS/Reporting+bugs

https://issues.opendnssec.org/

Cheers,
Jerry



More information about the Opendnssec-user mailing list