-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/09/2012 12:55 PM, Rickard Bellgrim wrote: >> Perhaps I didn't express myself clearly. I don't claim this is due to the >> ldns bug. >> But the zone that was affected by the ldns bug didn't get a working key >> rollover (it happened during the time OpenDNSSEC was affected by the ldns >> bug), so the auditor haven't let it thru since then (because the >> pre-pulished key state was not seen by the auditor). >> After that, I noticed the SOA datecounter acceleration in OpenDNSSEC... > > Ok, so the Auditor will fail each new signed zone. The Signer Engine > will then retry, thus also increasing the SOA serial. Correct me if I > am wrong here, Matthijs.
That is correct. > The odd thing here is that it does not increment with 1, but with 397. That is indeed weird. The serial is maintained per zone (obviously), so they can't be intervening with each other. I am curious to see the logs with high verbosity (run ods-signerd -vvvvvv [...]) Best regards, Matthijs > > // Rickard > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPCt33AAoJEA8yVCPsQCW57a0IAJUK6YIBjjGkEpFdCAKa9xNF INOZxbKXcIWJRE8wrvjj4z8SbZGC09+C/oQ8MaWSzUpCfXYNXjQkeSfQFB6ZdNBI cSHSXng4wqtWu/MWsBZBH/NiiHNlmvvsaJn8Xd+FUdDR9poOq8fsCRxa3xGD3Mu2 VWmMyEYSoc8V0YnCdlbGEqfMClzGqeE31YZ6+tdrCeZSBvdYRc+GPVv7f0h/udH4 qDST55UJMKNYcQdPyRu/UhCGWVt1Xkl+3Tc/tau2sE7wxrMGfCJmLq+6S2GM66Kl Hv+j1WB2UDztKLqDNtHWTRAOVoOiu5qK7Z+NGpcDnYZQxbW//3BObzcc6Jh0qPw= =qK0A -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
