On Jan 9, 2012, at 1:30 PM, Matthijs Mekking wrote: > On 01/09/2012 12:55 PM, Rickard Bellgrim wrote: >>> Perhaps I didn't express myself clearly. I don't claim this is due to the >>> ldns bug. >>> But the zone that was affected by the ldns bug didn't get a working key >>> rollover (it happened during the time OpenDNSSEC was affected by the ldns >>> bug), so the auditor haven't let it thru since then (because the >>> pre-pulished key state was not seen by the auditor). >>> After that, I noticed the SOA datecounter acceleration in OpenDNSSEC... >> >> Ok, so the Auditor will fail each new signed zone. The Signer Engine >> will then retry, thus also increasing the SOA serial. Correct me if I >> am wrong here, Matthijs. > > That is correct. > >> The odd thing here is that it does not increment with 1, but with 397. > > That is indeed weird. The serial is maintained per zone (obviously), so > they can't be intervening with each other. I am curious to see the logs > with high verbosity (run ods-signerd -vvvvvv [...])
I guess this is what you are looking for: Jan 9 19:40:17 hidden-master ods-signerd: [data] update serial: in=2012010402 internal=2012014379 out=2012010403 now=1326134417 Jan 9 19:40:17 hidden-master ods-signerd: [data] update serial: 2012010403 + 497 = 2012014876 Do you need more info? /P _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
