> I've left the signer running for a couple of days to observe it's > behavior. This morning it attempted to add an updated SOA RRSIG to the > zone, but this never made it into the output zonefile. However, I can > see the newly added RRSIG in the .backup file in /var/opendnssec/tmp > (attached).
You should not add the RRSIG yourself. These will be created by the system. Could you perhaps explain what you were trying to achieve? So that I can help you in the right way. > According to the attached log snippets, ods-signerd isn't writing the > zone because it believes the serial hasn't changed. In fact the backup > file is showing the internal serial as the original serial from when I > manually signed the zone (2011120700). It does not increase the serial unless there is a change in the zone. Maybe since the RRSIG was dropped, the zone is treated as unchanged. > When the problem first became apparent, I also replicated the KASP and > softhsm keystore to our backup signer which is running an identical > environment, signing has been proceeding normally here. Could you think of anything that would make them different? // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
