[Dnssec-deployment] SOA serial number changes on resigning thoughts

Florian Weimer fweimer at bfk.de
Thu Feb 3 06:47:25 EST 2011


* Jaap Akkerhuis:

> I don't get this. If anything in the zone changes, the serial needs
> to be updated. If you a bit in the zone, the serial needs to be
> updated.

Resolvers do not rely on the serial, so this is not a hard
requirement.  You lose interoperability, but many DNS providers
currently need non-IETF protocols to deal with secondaries anyway.

> This discussions should probly take place in DNSOP or DNSEXT.

I agree.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99


More information about the Dnssec-deployment mailing list