Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-446

Signed serial always higher as unsigned serial

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Reopened
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.4.1
    • Fix Version/s: future
    • Component/s: Signer
    • Labels:
      None

      Description

      Should we always have the signed serial to be higher than the unsigned serial? We now only do that if the signer has no state about the zone (eg "first run").

      In case of keep: no
      In case of unixtime: I would prefer to use unixtime if possible.
      In case of datecounter: I would prefer to use datecounter if possible.
      In case of counter: We could consider this.

      But that will only happen if the signer reads the unsigned zone, as we only read the unsigned zone if the operator specifically tells us to do with "ods-signer sign <zone>" (or in case of DNS adapters, the master gives us a NOTIFY, or the REFRESH/RETRY timer has triggered).

      So in case of a regular re-sign, we cannot satisfy this requirement.

      Take this as a starting point of the discussion

        Attachments

          Issue Links

          relates to

          Support - Generic support issue type. SUPPORT-73 Sometimes the serial in signed zonefiles is smaller than the serial in unsigned zonefiles

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Activity

              People

              Assignee:
              berry Berry van Halderen
              Reporter:
              matthijs Matthijs Mekking
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: