[Opendnssec-develop] [OpenDNSSEC] #46: Vanishing records

OpenDNSSEC owner-dnssec-trac at kirei.se
Thu Oct 29 11:59:20 UTC 2009

#46: Vanishing records
Reporter:  sion    |       Owner:  matthijs
    Type:  defect  |      Status:  new     
Priority:  major   |   Component:  Signer  
 Version:  trunk   |    Keywords:          
 Take a simple zone, e.g.:

 $ORIGIN tom.
 $TTL 86400
 @       IN      SOA     bubbles.tom root.bubbles.tom (
                               5         ; Serial
                          604800         ; Refresh
                           86400         ; Retry
                         2419200         ; Expire
                           1 )   ; Negative Cache TTL
 @       IN      NS      bubbles
 bubbles IN      A
 www     IN      A
 www2    IN      A
 www3    IN      A
 www4    IN      A
 www5    IN      A
 www6    IN      A

 and sign it. (We are using NSEC3.)

 delete the 3 rows www3 -> www5

 call "ods-signer sign tom"

 the auditor returns a message along the lines of:
 Output zone does not contain non-DNSSEC RRSet : A,

 which is correct, the output zone is missing that record.

 If we call "ods-signer sign tom" again the problem seems to get fixed.

 Note that if we do the same with a large zone, lots of records vanish.
 Then if we call sign again a smaller subset of those vanish; until, on
 repeating often enough the zone will be correct.

 This is with trunk r2363

Ticket URL: <http://trac.opendnssec.org/ticket/46>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list