To:
Bill Manning <bmanning@isi.edu>
Cc:
edlewis@arin.net (Edward Lewis), dnssec@cafax.se
From:
Mark.Andrews@isc.org
Date:
Wed, 16 Oct 2002 07:08:24 +1000
In-reply-to:
Your message of "Tue, 15 Oct 2002 10:51:52 MST." <200210151751.g9FHpqq01475@boreas.isi.edu>
Sender:
owner-dnssec@cafax.se
Subject:
Re: troubleshooting...
> % > the sig validity periods are different, then I want to be > % > able to use that to troubleshoot. The fix is to correct > % > the problem (increment the serial) and resign. Would like > % > to verify that these steps are the appropriate in identifing > % > this particular problem. > % > % This is part of where I think DNSSEC hasn't been simplified enough > % just yet. E.g., when I'm running a registry zone (new term, meaning > % a zone a'la 192.in-addr.arpa or .nl) I will constantly be resigning > % it just because of the new key sets being streamed in. The gotcha is > % that I still need to 'vi' the file to alter that stinkin' serial > % number even though I'm not altering the original zone file - and > % that's just counter-intuitive. Grumble. I'm going to go over there > % and sit on that rock for a a while and sulk. > > bingbingbing... before we bolt a > "no user serviceable parts inside" plate on > the secured DNS, you might want to take away > my need for the 'vi' monkeywrench. > > > % Edward Lewis +1-703-227-9854 > > > -- > --bill Automatically incrementing the serial number if there is a change when re-signing the zone is listed as item to be addressed. Mark -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org