[Opendnssec-develop] [OpenDNSSEC] #70: Auditor complains about wildcard
OpenDNSSEC
owner-dnssec-trac at kirei.se
Wed Jan 6 09:44:22 UTC 2010
#70: Auditor complains about wildcard
---------------------------------+------------------------------------------
Reporter: rick@… | Owner: alex
Type: defect | Status: new
Priority: trivial | Component: Auditor
Version: | Keywords: wildcard auditor escape
---------------------------------+------------------------------------------
Hello,
I found a curious few reports in the message log, spewn out by the
auditor:
Jan 6 10:50:33 dhcp-45 ods-auditor[30074]: non-DNSSEC RRSet TXT included
in Output that was not present in Input : *.vanrein.org. 3600 IN
TXT "v=spf1 -all"
Jan 6 10:50:33 dhcp-45 ods-auditor[30074]: Output zone does not contain
non-DNSSEC RRSet : TXT, *42.vanrein.org. 3600 IN TXT
"v=spf1 -all"
Aside from being the answer to the most difficult question in the world,
42 is also the hexcode of * so this looks like something maps wrongly
somewhere.
The auditor ends with
Jan 6 10:50:34 dhcp-45 ods-signerd: Auditor result: 3
which may or may not indicate an error; I did not find documentation on
how to infer if the auditor is happy.
The input line leading to this was escaped,
\042 3600 IN TXT "v=spf1 -all"
I suspect a cmdline tool like dig must have inserted it during an AXFR,
and it is accepted by NSD, so I am assuming this is proper formatting. If
not, this is not a bug report at all :) but otherwise it is one.
Anyway, a simple work-around exists which is hereby documented: After I
changed \042 to * it all worked nicely.
Cheers,
-Rick
--
Ticket URL: <http://trac.opendnssec.org/ticket/70>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list