[Opendnssec-user] KASP serial keep

Jerry Lundström jerry at opendnssec.org
Thu Feb 13 12:52:03 UTC 2014

Hi Email,

On Thu, Feb 13, 2014 at 1:14 PM, Emil Natan <shlyoko at gmail.com> wrote:

> I have KASP policy which set the SOA serial configuration to "keep"
> (<Serial>keep</Serial>). I rise manually the serial number for the zone to
> be signed, but when the signer runs, it does not detect the serial number
> change and
> Running manually "ods-signer sign test.org" detects the increased serial
> number and the zone is resigned correctly.

After you updated the unsigned zone file (first time) did you notify the
Signer of the changes as you did later?

I believe you need to notify the Signer when you make changes to the
unsigned zone file otherwise it will use an already processed zone file and
in that case it can't automatically update the SOA serial since you have

Jerry Lundström - OpenDNSSEC Developer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140213/2c69bb2d/attachment.htm>

More information about the Opendnssec-user mailing list