Re: troubleshooting...

[Bill Manning <bmanning@isi.edu>]

% At 8:43 -0700 10/15/02, Bill Manning wrote:
% >
% >	is this realistic?
% 
% No.
% 
% Oh, perhaps you would like a reason.

	ours is not to reason why...  But the reason is useful.
% 
% bad idea:  If the master reloads with out updating the serial number, 
% we'll have a master and slave agreeing on serial number and not 
% contents.  This is broken, let's not further the damage along by 
% "covering it up."

	not covering up,  in this case, the only things that changed
	was the zone was re-signed.  same keys, same serial,  etc... 
	the only diffs were the sigs.  :)

% Using signature validity periods to mark the newerness of data isn't 
% very reliable.  It might be that the periods are shortened reversibly 
% in advance of a major change in something.

	true, but if the only distinction in the zone data is that
	the sig validity periods are different, then I want to be 
	able to use that to troubleshoot.   The fix is to correct
	the problem (increment the serial) and resign.  Would like
	to verify that these steps are the appropriate in identifing
	this particular problem.


% At 8:43 -0700 10/15/02, Bill Manning wrote:
% >	with the existant tools, there is the possiblity that one may
% >	resign a zone w/o changing the serial number.
% >
% >	one of the common troubleshooting methods is to ensure that
% >	all authoritative servers has the same serial number.
% >
% >	in this case, the serial number is the same, its the signatures
% >	that are distinct.  My current thought is to check the expiration
% >	time of the the signatures to detect varience in zones, and not
% >	depend on a difference between serial numbers.
% >
% >	is this realistic?
% >
% >--
% >--bill
% 
% -- 
% -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
% Edward Lewis                                          +1-703-227-9854
% ARIN Research Engineer
% 


-- 
--bill