[Opendnssec-user] zone serial has gone backwards
Emil Natan
shlyoko at gmail.com
Wed Jul 16 17:17:20 UTC 2014
The serial calculated by OpenDNSSEC for the signed zone per the
configuration is the unixtime which is lower than the serial number used in
the unsigned zone, that's why the message in the log. You should replace
"unixtime" with "counter" in that case which should actually increase that
number.
Emil
On Wed, Jul 16, 2014 at 7:54 PM, Volker Janzen <voja at voja.de> wrote:
> Hi Emil,
>
> OpenDNSSEC unsigned: 201406716002
> OpenDNSSEC signed: 1405493501
>
> Serial on the slaves has been: 2960748158 (so 1405493501 < 2960748158
> -> backward change)
>
> SignerConfiguration contains
>
> <SOA>
> <TTL>PT3600S</TTL>
> <Minimum>PT3600S</Minimum>
> <Serial>unixtime</Serial>
> </SOA>
>
>
> - Volker
>
>
> On Wed, 16 Jul 2014 12:52:58 +0300, Emil Natan <shlyoko at gmail.com>
> wrote:
> > What is the serial number for the unsigned and signed zones? What is
> > the serial number for the zone on your slave servers? What is the
> > serial configuration for that zone/policy in the kasp.xml file?
> >
> > Emil
> >
> > On Wed, Jul 16, 2014 at 10:21 AM, Volker Janzen wrote:
> > Hi,
> >
> > after some time I made an update to one of my signed zones today,
> > resulting in this log entry:
> >
> > Jul 16 08:51:41 a named[14367]: zone EXAMPLE.COM/IN [2]: zone serial
> > (1405493501/2960748158) has gone backwards
> >
> > How can this happen and how can I fix this? The slave DNS servers are
> > not picking up the new zonefile.
> >
> > Greetings,
> > Volker
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140716/e8148fd6/attachment.htm>
More information about the Opendnssec-user
mailing list