Hi,
I forgot to tell, that I did not find out when the serial got messed up.
I was able to reduce the serial in the unsigned file. I forced signing, this
repaired the signed zone on the (hidden) master. I deleted the zone file on all
slaves and restarted bind. All nodes loaded the correct zone file after this.
Volker
> Am 16.07.2014 um 19:18 schrieb Rick van Rein <[email protected]>:
>
> Hello,
>
>> no I wasn't aware of this. I can't remember a problem serving this SOA style.
>
> The wire format is 32-bit unsigned integer, so you’ve been lucky. More
> accurately, you’ve been using a mildly ignorant tool to read your zone files.
>
>> Can I simply lower the SOA in the unsigned zone, or will this cause problems
>> with OpenDNSSEC?
>
> You should be able to manually insist on “ods-signer sign example.com” and
> see it fall through. Be sure that the transfer gets through though, it’ll
> depend on your style of doing that (I have no experience there). Only in
> problematic cases would you need to wipe tmp files (or clear them).
>
> -Rick
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
