[Opendnssec-user] Number of non-DNSSEC resource records differs

[Matthijs Mekking]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Correct: The auditor does not handle $INCLUDE statements, it is listed
in the KNOWN_ISSUES file.

Best regards,
  Matthijs

On 03/02/2012 05:53 PM, Einar Bjarni Halldórsson wrote:
> Hi,
> 
> We're running ods packages from ports on a FreeBSD 8.1 server, version 1.3.5. Our inbound zone file is segmented with $INCLUDE directives. The auditor seems to be having trouble with this, since I get this in the logs:
> 
> ods-auditor[58671]: Number of non-DNSSEC resource records differs : 2 in /var/opendnssec/tmp/is.inbound, and 89393 in /var/opendnssec/tmp/is.finalized
> 
> I had to turn on partial auditing to get ods to sign the zone at all. Is there a workaround for segmented zone files or is the only choice to use one complete zone file as input to ods?
> 
> .einar
> 
> p.s. Every hour, at 25 minutes past the hour the signerd tries to resign the zone, even though we did not call ods-signer, and fails since we're using serial=keep and the serial hasn't changed. What could be causing this? It introduces unnecessary output in the logs and we'd rather always call ods-signer ourselves when the zone is updated. _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPUfGNAAoJEA8yVCPsQCW53W0IAL6mwph5kWRDfu28qGmKJHDL
KdRalK+VXjO/ikaEmhQe1A5Cbfw6NXTpfoEiTui8H7IZd85ootv7Q25NXVyz/jXG
0JdEFQsxdxPMUlofVYcfSHgR1GEO1jaKRhkY2o3RTjGbo2opBjD3kF4vnVinwtRM
TLXVROTmAnrUS3b+HSmTMXUWTJio4Tt5BE9cKI2Kf7zr6GnIwTn9CLjuHqvx4Af/
+ruo+BfdfEp3/7S8oNM8N2Dv7e0gIQaN7PPeTcP4DF4dPLixbMQ5vvQokH92/FvH
poMb7UI78cn7uVXckwsNwV3kRGHfF4XNSlEzdYGym+/EeFlIKar/BGU3z/f7HN4=
=BMCP
-----END PGP SIGNATURE-----