Hi,
When using a serial policy of keep, opendnssec can get into a state from which it never recovers without human intervention. Say you use unsigned serials of YYYYMMDDHH. The second time you sign within the same hour, you will get: Sep 20 01:23:30 signer01 ods-signerd: [namedb] cannot keep SOA SERIAL from input zone (2012092001): previous output SOA SERIAL is 2012092001 Sep 20 01:23:30 signer01 ods-signerd: [adapter] unable to add rr to zone XXX: failed to replace soa serial rdata (Conflict detected) I'd prefer that specifying "keep" means "yes I know the serial might not increase, just continue. But the real problem is that when you reach the next hour, and your unsigned serial moved to 2012092002, the current sign job for 2012092001 is still partially done within opendnssec, and it will not update the soa serial from the new unsigned zone, so again it aborts, hour after hour, until a human cleans up the files in signed/* and tmp/* Paul _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
