[Opendnssec-user] zone serial has gone backwards
Emil Natan
shlyoko at gmail.com
Wed Jul 16 17:23:57 UTC 2014
You can lower the SOA serial for the unsigned zone and that will fix the
issue with the log message in OpenDNSSEC, but I presume that will not
automatically fix the problem with your slaves. Of course you can remove
manually that zone on the slaves and reload which will make the slave
transfer the zone.
Another option is to replace "unixtime" with "counter" as I already
mentioned in my previous email.
Emil
On Wed, Jul 16, 2014 at 8:10 PM, Volker Janzen <voja at voja.de> wrote:
> Hi,
>
> no I wasn't aware of this. I can't remember a problem serving this SOA
> style.
>
> Can I simply lower the SOA in the unsigned zone, or will this cause
> problems with OpenDNSSEC?
>
>
> Volker
>
>
> > Am 16.07.2014 um 18:56 schrieb Rick van Rein <rick at openfortress.nl>:
> >
> > Hi,
> >
> >> OpenDNSSEC unsigned: 201406716002
> >> OpenDNSSEC signed: 1405493501
> >
> > You are aware that the unsigned value is over 2^32, right?
> >
> > Also, there is no guarantee that the signer always outputs a higher
> value than what it receives as its input. The SOA serial synchronisation
> is between a pair of client and server, it is not a global value.
> >
> > -Rick
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140716/121f2d04/attachment.htm>
More information about the Opendnssec-user
mailing list