Last Comment Bug 872818 - SOA mismatch, DNSSEC signer refusing to sign SOA 2013051500
: SOA mismatch, DNSSEC signer refusing to sign SOA 2013051500
Product: Infrastructure & Operations
Classification: Other
Component: Infrastructure: Other (show other bugs)
: other
: All All
-- normal (vote)
: ---
Assigned To: Brian Hourigan [:digi]
: Justin Dow [:jabba]
Depends on: 872831 872832 872884 872885 872927 873129
  Show dependency treegraph
Reported: 2013-05-15 16:16 PDT by Dumitru Gherman [:dumitru]
Modified: 2013-06-18 12:29 PDT (History)
2 users (show)
See Also:
Due Date:
QA Whiteboard:
Iteration: ---
Points: ---
Cab Review: ServiceNow Change Request (use flag)


Description User image Dumitru Gherman [:dumitru] 2013-05-15 16:16:07 PDT
15:32 < nagios-scl3> Wed 15:32:38 PDT [587] SOA - is CRITICAL: CRITICAL: Serials for zone differ. Dig shows: 2013051402. Local file shows 2013051500. (

This is true. Running the update named script by hand doesn't return any errors. I reloaded rndc but no change.

limed and atoll were notified and looking at this.
Comment 1 User image Richard Soderberg [:atoll] 2013-05-15 21:17:09 PDT
The SOA mismatch for occurred when the DNSSEC signing process refused to sign the zone. We traced that to an expired ZSK ("zone signing key"), which has been renewed. DNSSEC signing has resumed, and today's updates are now published as expected.
Comment 2 User image Richard Soderberg [:atoll] 2013-05-15 21:33:15 PDT
Bug 872832 was the root cause of the SOA issue, and is now resolved.

Note You need to log in before you can comment on or make changes to this bug.