[Opendnssec-user] Serial problem after rollover in 2.0.1
Yuri Schaeffer
yuri at nlnetlabs.nl
Fri Sep 16 10:07:15 UTC 2016
> We never had this problem with 1.4. From our /etc/opendnssec/kasp.xml:
>
> <Zone>
> <PropagationDelay>PT15H</PropagationDelay>
> <SOA>
> <TTL>PT86400S</TTL>
> <Minimum>PT10800S</Minimum>
> <Serial>datecounter</Serial>
> </SOA>
> </Zone>
>
> The kasp.xml has not been touched since December 2015.
> So, there must be something else. Could it be that the migration of the
> database changed it from datacounter to keep?
> Should I update the configuration after the migration?
The log message really seem to suggest 'keep' is used. Can you check the
SOA section of /var/opendnssec/signconf/kvi.nl (or similar path)?
If it says 'keep' in the signconf you should make sure the enforcerd
reads the kasp.xml from the correct location. If it does -something odd
has happend during conversion- you can issue a 'ods-enforcer policy
import' to have the enforcer reread the kasp.xml.
Regards,
Yuri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160916/26c8bd6c/attachment.bin>
More information about the Opendnssec-user
mailing list