To:
dnssec@cafax.se
From:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date:
Tue, 15 Oct 2002 20:22:40 -0400
In-reply-to:
Your message of "Tue, 15 Oct 2002 08:43:41 PDT." <200210151543.g9FFhfI12082@boreas.isi.edu>
Sender:
owner-dnssec@cafax.se
Subject:
Re: troubleshooting...
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Bill" == Bill Manning <bmanning@isi.edu> writes:
Bill> with the existant tools, there is the possiblity that one may
Bill> resign a zone w/o changing the serial number.
Bill> one of the common troubleshooting methods is to ensure that
Bill> all authoritative servers has the same serial number.
Bill> in this case, the serial number is the same, its the signatures
Bill> that are distinct. My current thought is to check the expiration
Bill> time of the the signatures to detect varience in zones, and not
Bill> depend on a difference between serial numbers.
It seems reasonable.
A tool is needed to download all of the signatures, concatenate them, run a
hash over it and emit Bubble-Babble. That way one can talk that over the phone if
necessary.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPayxTYqHRg3pndX9AQGz7wQA72PB8YtHEaLW/84Q1c1MBOU5BB5sSFRY
0byhDZcH/0aB9T6HVTlbKPN4WE4eAPQiyC7iuwJZdjJTvEZo7tHiO0KIiS39790l
/APAE6dvVs3cbJ7KNTnchFUiM3/volLZFaWrpJS9bql96ujZjAr5uOuGlsKeRJBI
KR3QW69eRFM=
=62tY
-----END PGP SIGNATURE-----