[Opendnssec-user] zone serial has gone backwards

Rick van Rein rick at openfortress.nl
Wed Jul 16 17:18:19 UTC 2014


Hello,

> no I wasn't aware of this. I can't remember a problem serving this SOA style.

The wire format is 32-bit unsigned integer, so you’ve been lucky.  More accurately, you’ve been using a mildly ignorant tool to read your zone files.

> Can I simply lower the SOA in the unsigned zone, or will this cause problems with OpenDNSSEC?

You should be able to manually insist on “ods-signer sign example.com” and see it fall through.  Be sure that the transfer gets through though, it’ll depend on your style of doing that (I have no experience there).  Only in problematic cases would you need to wipe tmp files (or clear them).

-Rick


More information about the Opendnssec-user mailing list