[Opendnssec-user] OpenDNSSEC 2.0.1 - The SOA Serial Number

Mark Elkins mje at posix.co.za
Mon Oct 10 19:16:13 UTC 2016


I honestly don't know what will happen. When I run the "EndOfTime" perl
script:

#!/usr/bin/perl
use POSIX;
$ENV{'TZ'} = "GMT";
for ($clock = 2147483641; $clock < 2147483651; $clock++) {
    print ctime($clock);
}

...it works just fine on my 64-bit laptop running Gentoo

I'm told the above script rolls to 1900 on 32 bit machines.

Which begs the question, how much (if anything) will OpenDNSSEC break on
around Tue Jan 19 03:14:07 2038 GMT ?



On 10/10/2016 18:54, Mark Elkins wrote:
> I'm afraid after changing the resign interval - everything broke.
> I've restarted everything with "datecounter" and [AI]XFR an unsigned
> zone that is only regenerated every 30 minutes. Also use a 30 minutes
> resign in KASP. Everything currently working.
> 
> I want "datecounter" because "unixtime" ends (hopefully) within my
> lifetime - January 19, 2038 03:14:08 GMT - and its getting uncomfortably
> close.
> 
> On 07/10/2016 10:01, Yuri Schaeffer wrote:
>> Hi Mark,
>>
>> On 06-10-16 17:58, Mark Elkins wrote:
>>> Oct  6 17:45:01 signer1 ods-signerd: [namedb] zone za cannot keep SOA
>>> SERIAL from input zone  (2016100627): previous output SOA SERIAL is
>>> 2016100627
>>> Oct  6 17:45:01 signer1 ods-signerd: [zone] unable to update zone za soa
>>> serial: Conflict detected
>>
>> I think it is because your resign interval is 15 minutes and you are
>> getting XFR's every 15 minutes. There is a chance the signer will have 2
>> consecutive runs but did not see an XFR in between. The signer will
>> retry a bit later and no harm was done.
>>
>> To get rid of this message I would advice to raise the resign interval a
>> bit. Maybe even to 2*[XFR interval]. Better yet would be to have the
>> signer keep its own SOA serial. That way it can still refresh signatures
>> even if you don't get XFRs for some period.
>>
>> Regards,
>> Yuri
>>
>>
>>
>> _______________________________________________
>> Opendnssec-user mailing list
>> Opendnssec-user at lists.opendnssec.org
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>>
> 
> 
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> 

-- 
Mark James ELKINS  -  Posix Systems - (South) Africa
mje at posix.co.za       Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4230 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20161010/1ac30d7f/attachment.bin>


More information about the Opendnssec-user mailing list