[Opendnssec-user] Serial problem after rollover in 2.0.1

Fred.Zwarts F.Zwarts at KVI.nl
Fri Sep 16 07:29:47 UTC 2016


Recently we upgraded to ods 2.01. from 1.4.10. During key roll-overs we 
never needed to update our input zones as long as we used version 1.
This night ods was still in the process of retiring the backup keys, used in 
version 1.4.10, when it started a ZSK key roll-over. After that the signer 
refused to sign zones.
The log file shows messages from the signer each hour, see the attachment.
The fix was easy, we incremented the serial of the input zone.

The log message "If this is the result of a key rollover ..." suggests (at 
least to me) that it is normal that a manual intervention is needed during a 
roll-over, but we are not used to it.
Is this a bug, or is it the intended behavior?
Are there new options to be included in the configuration?
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: signer.txt
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160916/1b437f22/attachment.txt>


More information about the Opendnssec-user mailing list