[Opendnssec-develop] [OpenDNSSEC] #46: Vanishing records
OpenDNSSEC
owner-dnssec-trac at kirei.se
Thu Oct 29 11:59:20 UTC 2009
#46: Vanishing records
-------------------+--------------------------------------------------------
Reporter: sion | Owner: matthijs
Type: defect | Status: new
Priority: major | Component: Signer
Version: trunk | Keywords:
-------------------+--------------------------------------------------------
Take a simple zone, e.g.:
;
$ORIGIN tom.
$TTL 86400
@ IN SOA bubbles.tom root.bubbles.tom (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
1 ) ; Negative Cache TTL
;
@ IN NS bubbles
bubbles IN A 10.5.1.110
www IN A 10.5.1.100
www2 IN A 10.5.1.101
www3 IN A 10.5.1.100
www4 IN A 10.5.1.100
www5 IN A 10.5.1.100
www6 IN A 10.5.1.103
and sign it. (We are using NSEC3.)
delete the 3 rows www3 -> www5
call "ods-signer sign tom"
the auditor returns a message along the lines of:
Output zone does not contain non-DNSSEC RRSet : A,
www6.tom.#01186400#011IN#011A#01110.5.1.103
which is correct, the output zone is missing that record.
If we call "ods-signer sign tom" again the problem seems to get fixed.
Note that if we do the same with a large zone, lots of records vanish.
Then if we call sign again a smaller subset of those vanish; until, on
repeating often enough the zone will be correct.
This is with trunk r2363
--
Ticket URL: <http://trac.opendnssec.org/ticket/46>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list