DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnssec@cafax.se
From: Bill Manning <bmanning@isi.edu>
Date: Tue, 15 Oct 2002 08:43:41 -0700 (PDT)
Sender: owner-dnssec@cafax.se
Subject: troubleshooting...


	with the existant tools, there is the possiblity that one may
	resign a zone w/o changing the serial number. 

	one of the common troubleshooting methods is to ensure that 	
	all authoritative servers has the same serial number.

	in this case, the serial number is the same, its the signatures
	that are distinct.  My current thought is to check the expiration
	time of the the signatures to detect varience in zones, and not
	depend on a difference between serial numbers.

	is this realistic?
	
-- 
--bill

Follow-Ups:
- Re: troubleshooting...
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: troubleshooting...
  - From: Edward Lewis <edlewis@arin.net>

Prev by Date: Re: root zone signing and key lengths/lifetimes
Next by Date: Re: troubleshooting...
Prev by thread: Re: root zone signing and key lengths/lifetimes
Next by thread: Re: troubleshooting...
Index(es):
- Date
- Thread

Home | Date list | Subject list