You can lower the SOA serial for the unsigned zone and that will fix the issue with the log message in OpenDNSSEC, but I presume that will not automatically fix the problem with your slaves. Of course you can remove manually that zone on the slaves and reload which will make the slave transfer the zone. Another option is to replace "unixtime" with "counter" as I already mentioned in my previous email.
Emil On Wed, Jul 16, 2014 at 8:10 PM, Volker Janzen <[email protected]> wrote: > Hi, > > no I wasn't aware of this. I can't remember a problem serving this SOA > style. > > Can I simply lower the SOA in the unsigned zone, or will this cause > problems with OpenDNSSEC? > > > Volker > > > > Am 16.07.2014 um 18:56 schrieb Rick van Rein <[email protected]>: > > > > Hi, > > > >> OpenDNSSEC unsigned: 201406716002 > >> OpenDNSSEC signed: 1405493501 > > > > You are aware that the unsigned value is over 2^32, right? > > > > Also, there is no guarantee that the signer always outputs a higher > value than what it receives as its input. The SOA serial synchronisation > is between a pair of client and server, it is not a global value. > > > > -Rick > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user >
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
