[Opendnssec-user] OpenDNSSEC 2.0.1 - The SOA Serial Number
Yuri Schaeffer
yuri at nlnetlabs.nl
Fri Oct 7 08:01:44 UTC 2016
Hi Mark,
On 06-10-16 17:58, Mark Elkins wrote:
> Oct 6 17:45:01 signer1 ods-signerd: [namedb] zone za cannot keep SOA
> SERIAL from input zone (2016100627): previous output SOA SERIAL is
> 2016100627
> Oct 6 17:45:01 signer1 ods-signerd: [zone] unable to update zone za soa
> serial: Conflict detected
I think it is because your resign interval is 15 minutes and you are
getting XFR's every 15 minutes. There is a chance the signer will have 2
consecutive runs but did not see an XFR in between. The signer will
retry a bit later and no harm was done.
To get rid of this message I would advice to raise the resign interval a
bit. Maybe even to 2*[XFR interval]. Better yet would be to have the
signer keep its own SOA serial. That way it can still refresh signatures
even if you don't get XFRs for some period.
Regards,
Yuri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20161007/025bc691/attachment.bin>
More information about the Opendnssec-user
mailing list