-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/16/2011 09:43 AM, Miek Gieben wrote: > Hello, > > I'm getting these lines in the logs while trying to sign: > > signertest ods-signerd: [data] cannot keep SOA SERIAL from input zone > (2011032205): output SOA SERIAL is 2011032205 > signertest ods-signerd: [zone] unable to update > signertest ods-signerd: [worker[2]] unable to sign serial: failed to > increment zone nl: failed to increment serial > > But the setting is 'keep': > > $ ods-ksmutil policy export -p default | grep Serial > <Serial>keep</Serial> > > I'm I doing something wrong here?
Hi Miek, The 'keep' value tells the signer that the operator manually updates the serial in the unsigned zone file. If the signer is triggered to sign, it should increment the outbound serial. However, with <Serial>keep</Serial> it MUST use the serial from the input zone to increment the outbound serial. If that value is not greater than the outbound serial, the signer is unable to sign the zone. Best regards, Matthijs > > grtz, > > -- > Miek > > > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOSiP1AAoJEA8yVCPsQCW5h6UIAL6Zya14dQVgVG/+xC81Rtv9 4NYABdvg8xq9y645qo8Vpsgpwn7TsV+6v+MzmumfuAHnyxldb4TCjj1sK61l3xPL e+DXQ9Zi3PB9L/dU38f7dAz4BAjXldcwHVkQTaPDFku31C5fVb9D4N48wZKw/xuG BgqIE57aHhXn4KiPmYyr3mraQjpDk3OB7exEhh/3j2p75mixsq1Clr7Ix7/z2QsK B9FYmiKLDpsuQjiMPHyP8+yefr7J0W+mumVl0c035JxHGFkMf/fnY6nkaiA3FiLU BtwDi0hN8k/ZlHcVcMz1Z4lnSo3SrcIzQvTbdUVSc4HQP01ZKVsSvw0JwH+kns4= =tMI+ -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
