On Jan 9, 2012, at 11:25 , Rickard Bellgrim wrote: >> This SOA drift started to occur again then auditor don't like the zone due >> to ldns bug affected zone. > > This is not the previous ldns bug and the Auditor does not give an > error. This line is just an info message. > > It is indeed a strange behavior of the SOA serial. Could you tell us > more about your setup?
What conf do you need to see? > Is the system only signing a single zone? No > Are you signing multiple zones, but only a single zone have the problem? Yes, multiple, but only a few got bad by the ldns bug incident... >> Jan 4 20:48:53 hidden-master ods-auditor[9934]: SOA differs : from >> 2012010402 to 2012010404 >> Jan 5 12:56:07 hidden-master ods-auditor[10443]: SOA differs : from >> 2012010402 to 2012010500 >> Jan 5 12:56:08 hidden-master ods-auditor[8937]: SOA differs : from >> 2012010402 to 2012010500 >> Jan 5 12:56:08 hidden-master ods-auditor[19982]: SOA differs : from >> 2012010402 to 2012010500 >> Jan 5 13:06:02 hidden-master ods-auditor[19565]: SOA differs : from >> 2012010402 to 2012010500 >> Jan 6 20:49:32 hidden-master ods-auditor[13302]: SOA differs : from >> 2011121300 to 2012010600 >> Jan 6 20:49:32 hidden-master ods-auditor[11034]: SOA differs : from >> 2011121302 to 2012010600 >> Jan 6 20:49:32 hidden-master ods-auditor[22569]: SOA differs : from >> 2011121300 to 2012010600 > > The inbound serial was decreased. How come? First I removed audit so the zone was let thru, just to check what would happen, and it got signed with that strange SOA datecounter. Then I stopped OpenDNSSEC, removed all the tmpfiles + the signed zone and restarted OpenDNSSEC. After that the datecounter got back to normal datecounting again. And finally, I re-enabled the auditor again. (This zone was never published outside of OpenDNSSEC, so the SOA decrease doesn't really matter.) > It is also strange that > the outbound serial is the same in some cases. Aren't these log > messages from multiple zones? Sorry, a cut & paste error... > The Auditor does not log an audit in a single line. Each audit > produces multiple lines, which can be mixed up since they are not > tagged with the zone name. Only the first message is tagged. A feature request maybe: that lines get tagged with zone name for easy grep:ing? >> Jan 8 00:14:33 hidden-master ods-auditor[14179]: SOA differs : from >> 2012010402 to 2012011197 >> Jan 8 00:16:38 hidden-master ods-auditor[25128]: SOA differs : from >> 2012010402 to 2012011594 >> Jan 8 00:20:33 hidden-master ods-auditor[16118]: SOA differs : from >> 2012010402 to 2012011991 >> Jan 8 00:28:33 hidden-master ods-auditor[17482]: SOA differs : from >> 2012010402 to 2012012388 >> Jan 8 00:44:33 hidden-master ods-auditor[28203]: SOA differs : from >> 2012010402 to 2012012785 >> Jan 8 01:16:34 hidden-master ods-auditor[14082]: SOA differs : from >> 2012010402 to 2012013182 >> Jan 8 02:16:39 hidden-master ods-auditor[8155]: SOA differs : from >> 2012010402 to 2012013579 >> Jan 8 03:16:40 hidden-master ods-auditor[27955]: SOA differs : from >> 2012010402 to 2012013976 >> Jan 8 04:16:39 hidden-master ods-auditor[12804]: SOA differs : from >> 2012010402 to 2012014373 >> Jan 8 05:16:41 hidden-master ods-auditor[25100]: SOA differs : from >> 2012010402 to 2012014770 >> Jan 8 06:16:43 hidden-master ods-auditor[15671]: SOA differs : from >> 2012010402 to 2012015167 >> Jan 8 07:16:46 hidden-master ods-auditor[9411]: SOA differs : from >> 2012010402 to 2012015564 >> Jan 8 08:16:48 hidden-master ods-auditor[15142]: SOA differs : from >> 2012010402 to 2012015961 >> Jan 8 09:16:50 hidden-master ods-auditor[15927]: SOA differs : from >> 2012010402 to 2012016358 >> Jan 8 10:16:52 hidden-master ods-auditor[29363]: SOA differs : from >> 2012010402 to 2012016755 >> Jan 8 11:16:55 hidden-master ods-auditor[6845]: SOA differs : from >> 2012010402 to 2012017152 >> Jan 8 12:16:56 hidden-master ods-auditor[7580]: SOA differs : from >> 2012010402 to 2012017549 >> Jan 8 13:16:58 hidden-master ods-auditor[23128]: SOA differs : from >> 2012010402 to 2012017946 >> Jan 8 14:13:58 hidden-master ods-auditor[9620]: SOA differs : from >> 2012010402 to 2012018343 >> Jan 8 14:14:00 hidden-master ods-auditor[16325]: SOA differs : from >> 2012010402 to 2012010801 >> Jan 8 14:14:59 hidden-master ods-auditor[171]: SOA differs : from >> 2012010402 to 2012018740 >> Jan 8 14:17:02 hidden-master ods-auditor[1802]: SOA differs : from >> 2012010402 to 2012019137 >> Jan 8 14:21:03 hidden-master ods-auditor[16026]: SOA differs : from >> 2012010402 to 2012019534 >> Jan 8 14:29:03 hidden-master ods-auditor[18635]: SOA differs : from >> 2012010402 to 2012019931 >> Jan 8 14:45:04 hidden-master ods-auditor[27469]: SOA differs : from >> 2012010402 to 2012020328 >> Jan 8 15:17:05 hidden-master ods-auditor[12833]: SOA differs : from >> 2012010402 to 2012020725 >> Jan 8 16:17:05 hidden-master ods-auditor[28069]: SOA differs : from >> 2012010402 to 2012021122 >> Jan 8 17:17:03 hidden-master ods-auditor[15089]: SOA differs : from >> 2012010402 to 2012021519 >> Jan 8 18:17:06 hidden-master ods-auditor[9696]: SOA differs : from >> 2012010402 to 2012021916 >> Jan 8 19:17:08 hidden-master ods-auditor[24329]: SOA differs : from >> 2012010402 to 2012022313 >> Jan 8 20:17:08 hidden-master ods-auditor[10180]: SOA differs : from >> 2012010402 to 2012022710 > > These values are really strange. Yep, I know... /P_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
