[Opendnssec-user] SOA version number decremented!
Rick van Rein
rick at openfortress.nl
Wed Mar 2 22:53:13 UTC 2016
Harvard,
The breakdown of your "backup" files is probably where things went awry;
the SOA values are stored there. The signer started counting from what
it thought was good, and your slaves are not picking it up.
Since (1) your RRSIG won't expire in a day and (2) you have a date-based
SOA numbering scheme, I would suggest running "ods-signer sign" manually
on the zone that is in despair, tomorrow. Or otherwise force the serial
number up with --serial (but don't let it go beyond today's range if you
want things to return to normal by tomorrow).
Good luck,
-Rick
More information about the Opendnssec-user
mailing list