Serial numbers for inline signing
Thomas Schulz
schulz at adi.com
Wed Dec 18 15:17:15 UTC 2013
I have a question about the serial number as modified by inline signing.
I have a static zone, adi.com, that I am setting up for dnssec. I added
inline-signing yes;
key-directory "dnssec";
auto-dnssec maintain;
to my named.conf file after generating the keys and then did a rndc restart.
After that I did a
rndc signing -nsec3param 1 0 10 aef7db3a adi.com
to switch to nsec3. Checking the resulting serial number, I find that it is
2013120423. The serial number in the static zone file is 2013120400.
Why did it bump it up to 23? I expected something like 02.
Tom Schulz
Applied Dynamics Intl.
schulz at adi.com
More information about the bind-users
mailing list