-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Fredrik,
Your logs were useful, thanks. It turns out that after a failed audit, the internal serial is not restored properly. I have committed a fix that makes sure the internal serial does not wander off. Best regards, Matthijs On 01/09/2012 10:06 PM, Fredrik Pettai wrote: > On Jan 9, 2012, at 1:30 PM, Matthijs Mekking wrote: >> On 01/09/2012 12:55 PM, Rickard Bellgrim wrote: >>>> Perhaps I didn't express myself clearly. I don't claim this is due to the >>>> ldns bug. >>>> But the zone that was affected by the ldns bug didn't get a working key >>>> rollover (it happened during the time OpenDNSSEC was affected by the ldns >>>> bug), so the auditor haven't let it thru since then (because the >>>> pre-pulished key state was not seen by the auditor). >>>> After that, I noticed the SOA datecounter acceleration in OpenDNSSEC... >>> >>> Ok, so the Auditor will fail each new signed zone. The Signer Engine >>> will then retry, thus also increasing the SOA serial. Correct me if I >>> am wrong here, Matthijs. >> >> That is correct. >> >>> The odd thing here is that it does not increment with 1, but with 397. >> >> That is indeed weird. The serial is maintained per zone (obviously), so >> they can't be intervening with each other. I am curious to see the logs >> with high verbosity (run ods-signerd -vvvvvv [...]) > > I guess this is what you are looking for: > > Jan 9 19:40:17 hidden-master ods-signerd: [data] update serial: > in=2012010402 internal=2012014379 out=2012010403 now=1326134417 > Jan 9 19:40:17 hidden-master ods-signerd: [data] update serial: 2012010403 + > 497 = 2012014876 > > Do you need more info? > > /P > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPDCDQAAoJEA8yVCPsQCW53Y0IAI50hNm+fycwfQWobAsapR7g RAYu51tbclyWiKw7FoxbG4aLoopTcviyWQZfUH3bDPV0271ABaKXi0c+iKzi0q2K 6Z4L4fF5FZZYH6nPvg37ypB+pp0A3AO8nighjMgm3o12tmM1a5IO6atg18SggT4s LB5Gep+Yf/pNLGQeqV8tmp02uxCgJooXXlEaXorARhyo37DB4TUKZIOVRv095gHR N1I7SN4P+RuwpOegCd/e8kBsULjz9+cLbY+qadzux8JMJ3x/sDUBjeyE86K0we8K 5zmb3A5mVYUzurNQC6XEzXPWfJPkQr4zG8kiXOCWDFI3/YHQH363FQo0OG5Fw00= =HYHv -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
