[Opendnssec-user] zone serial has gone backwards

Volker Janzen voja at voja.de
Wed Jul 16 16:54:02 UTC 2014


Hi Emil,

OpenDNSSEC unsigned: 201406716002
OpenDNSSEC signed: 1405493501

Serial on the slaves has been: 2960748158 (so 1405493501 < 2960748158
-> backward change)

SignerConfiguration contains

                <SOA>
                        <TTL>PT3600S</TTL>
                        <Minimum>PT3600S</Minimum>
                        <Serial>unixtime</Serial>
                </SOA>


-  Volker


On Wed, 16 Jul 2014 12:52:58 +0300, Emil Natan <shlyoko at gmail.com>
wrote:
> What is the serial number for the unsigned and signed zones? What is
> the serial number for the zone on your slave servers? What is the
> serial configuration for that zone/policy in the kasp.xml file?
> 
> Emil
> 
> On Wed, Jul 16, 2014 at 10:21 AM, Volker Janzen  wrote:
>  Hi,
> 
>  after some time I made an update to one of my signed zones today,
> resulting in this log entry:
> 
>  Jul 16 08:51:41 a named[14367]: zone EXAMPLE.COM/IN [2]: zone serial
> (1405493501/2960748158) has gone backwards
> 
>  How can this happen and how can I fix this? The slave DNS servers are
> not picking up the new zonefile.
> 
>  Greetings,
>    Volker





More information about the Opendnssec-user mailing list