I think this is what is happening to me now....
I test upgraded an nsd prerelease, and the package change made the /etc/nsd dir no longer world readable. As a result, ods-signer could no longer read the zone. It died while keeping some state in /var/opendnssec/ This was logged: Feb 11 22:34:39 nohats ods-signerd: [adapter] unable to read file /etc/nsd/openswan.org: Unable to open file After I fixed it, I got: Feb 11 22:35:07 nohats ods-auditor[1667]: Auditor started Feb 11 22:35:07 nohats ods-auditor[1667]: Auditor starting on openswan.org Feb 11 22:35:07 nohats ods-auditor[1667]: SOA differs : from 2012021102 to 2012020607 Feb 11 22:35:07 nohats ods-auditor[1667]: Auditing openswan.org zone : NSEC SIGNED Feb 11 22:35:07 nohats ods-auditor[1667]: SOA serial has decreased - used to be 2012020613 but is now 2012020607 Feb 11 22:35:07 nohats ods-auditor[1667]: Finished auditing openswan.org zone Feb 11 22:35:07 nohats ods-signerd: [tools] audit failed for zone openswan.org Feb 11 22:35:07 nohats ods-signerd: [worker[1]] backoff task [read] for zone openswan.org with 60 seconds I can guarantee you my serials do not decrease. My money is on the auditor comparing the old saved state in /var/opendnssec/ with the newer serial, assuming it just made that state file, concluding a serial warp back in time, and aborting. If so, it should really clean out those state files and start from scratch, instead of bailing out. Paul _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
