Wrong length of Serial Number

Mark Andrews Mark_Andrews at isc.org
Fri Jun 17 13:52:46 UTC 2005


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Alex,
> 
> Alex Tang wrote:
> | Hi everybody
> |
> | I have a domain which is using a wrong serial number in SOA.
> |
> | 20050610001
> 
> There are no wrong numbers. Putting the date into the serial number is just
> a convention for people with to many domains to keep them consistent.

	Actually there are wrong numbers.  The serial number is defined
	to be between 0 and 4294967295 inclusive.  Any number outside
	that range is just plain wrong.
 
> A problem might be long integer overflow. Your primary bind 9 nameserver
> takes care of that. That is why it reports a different number to its slaves.

	Actually it will reject the zone as will a modern BIND 8.
	
> | the length of serial number is longer than the definition in RFC1912=20
> |
> | when I query the domain SOA record from other name server, it shows the =
> | serial number is
> | 2870740817
> |
> |
> | I want to modify to the serial with correct length
> |
> | e.g 2005061001
> 
> Good idea. You never know what next version of bind will do with this number.
> 
> |
> | Does it has any problem in domain query by other name server after =
> | modify to correct length=20
> |
> | or should I modify it with
> |
> | 2870740818 in the SOA record.
> 
> No!
> 
> If you stay with 20050610001 and make it 20050617001 then your
> nameserver will show 2870747818 to its slaves. That is perfectly
> allright.

	No.  You are depending upon implementation specific behaviour.
	The only correct thing is to start using a number that is
	in range.  If dig (or any other tool) is reporting the
	serial as 2870740818, when querying the server then you
	should replace the serial with 2870740819 and reload.
 
> Other nameservers, resolvers will not look at your SOA record. They are not
> interested in your version number.
> 
> Your own slaves, machines that copy your zonefile, will look at your serial
> number. Only if this number ist bigger than the number they have stored in
> their slave.zone file then they will load your new zone file.
> 
> If you really want to change to different numbering then change your primary
> zone file. Then restart bind.
> 
> Now on your slaves simply delete the slave.zone file and restart their bind.
> 
> If you are afraid then edit the slave.zone file and make it serial number 42
> then restart the slave bind. It will come up with 42 as long as it cannot loa
> d
> the new zone file. As soon as it sees your new zone file it will update.

	Unless you are still running a slaves which are over 10
	years old there is no need to touch the slaves.  All modern
	nameservers handle serial number rollover just fine.

	From BIND 4.

8.1          (vixie    15-Dec-94):      /* sequence-space arithmetic */
8.1          (vixie    15-Dec-94): #define SEQ_GT(a,b)  ((int32_t)((a)-(b)) > 0)

	As the other reply said.  Just set the serial to 1 and wait
	for the slaves to catchup then encode the current date.

	1 falls within 2870740818 and (2870740818 + 2^31-1) % 2^32

		2870740818..4294967295,0..723257169

	If you had next years date you would fix it by setting the
	value to 4153545347 then, after waiting for the slaves to
	catch up, to 2005061700.

		(2006061700 + 2^31-1) % 2^32 = 4153545347

	Mark
 
> | Please help
> |
> | thx very much
> |
> | Alex Tang
> |
> |
> - --
> Peter and Karin Dambier
> Public-Root
> Graeffstrasse 14
> D-64646 Heppenheim
> +49-6252-671788 (Telekom)
> +49-6252-599091 (O2 Genion)
> +1-360-226-6583-9738 (INAIC)
> mail: peter at peter-dambier.de
> http://iason.site.voila.fr
> http://www.kokoom.com/iason
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> 
> iD8DBQFCsrZkPGG/Vycj6zYRAh/dAJ9HcBvfkjZ49RVQ877uYhVxNYsokACfYQVr
> Kc+lzBaTd1c5NHhYQVnJp94=
> =Wpo4
> -----END PGP SIGNATURE-----
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list