Hello everybody, opendnssec version 1.4.3
I have KASP policy which set the SOA serial configuration to "keep" (<Serial>keep</Serial>). I rise manually the serial number for the zone to be signed, but when the signer runs, it does not detect the serial number change and logs: Feb 13 13:13:45 catwoman ods-signerd: [namedb] zone test.org cannot keep SOA SERIAL from input zone (2012070503): previous output SOA SERIAL is 2012070503 Feb 13 13:13:45 catwoman ods-signerd: [zone] unable to update zone test.orgsoa serial: Conflict detected Feb 13 13:13:45 catwoman ods-signerd: [zone] If this is the result of a key rollover, please increment the serial in the unsigned zone test.org Feb 13 13:13:45 catwoman ods-signerd: [worker[4]] unable to sign zone test.org: failed to increment serial Feb 13 13:13:45 catwoman ods-signerd: [worker[4]] CRITICAL: failed to sign zone test.org: Conflict detected Feb 13 13:13:45 catwoman ods-signerd: [worker[4]] backoff task [sign] for zone test.org with 60 seconds At that time the unsigned zone has serial - 2012070504 and the zone signed at the previous run has serial - 2012070503. I was able to reproduce the issue with the "lab" KASP policy, just changing the <Serial> parameter to "keep". Running manually "ods-signer sign test.org" detects the increased serial number and the zone is resigned correctly. Can someone please try to reproduce the issue and let me know if it's a bug or misconfiguration at my side. Thanks. ena
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
