[Opendnssec-user] Serial problem after rollover in 2.0.1

Yuri Schaeffer yuri at nlnetlabs.nl
Fri Sep 16 10:07:15 UTC 2016

> We never had this problem with 1.4. From our /etc/opendnssec/kasp.xml:
> <Zone>
>        <PropagationDelay>PT15H</PropagationDelay>
>        <SOA>
>                <TTL>PT86400S</TTL>
>                <Minimum>PT10800S</Minimum>
>                <Serial>datecounter</Serial>
>        </SOA>
> </Zone>
> The kasp.xml has not been touched since December 2015.
> So, there must be something else. Could it be that the migration of the
> database changed it from datacounter to keep?
> Should I update the configuration after the migration?

The log message really seem to suggest 'keep' is used. Can you check the
SOA section of /var/opendnssec/signconf/kvi.nl (or similar path)?

If it says 'keep' in the signconf you should make sure the enforcerd
reads the kasp.xml from the correct location. If it does -something odd
has happend during conversion- you can issue a 'ods-enforcer policy
import' to have the enforcer reread the kasp.xml.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160916/26c8bd6c/attachment.bin>

More information about the Opendnssec-user mailing list