[Opendnssec-develop] [OpenDNSSEC] #70: Auditor complains about wildcard

OpenDNSSEC owner-dnssec-trac at kirei.se
Wed Jan 6 10:44:22 CET 2010

#70: Auditor complains about wildcard
Reporter:  rick@…                |       Owner:  alex                   
    Type:  defect                |      Status:  new                    
Priority:  trivial               |   Component:  Auditor                
 Version:                        |    Keywords:  wildcard auditor escape

 I found a curious few reports in the message log, spewn out by the

 Jan  6 10:50:33 dhcp-45 ods-auditor[30074]: non-DNSSEC RRSet TXT included
 in Output that was not present in Input : *.vanrein.org.      3600    IN
 TXT     "v=spf1 -all"

 Jan  6 10:50:33 dhcp-45 ods-auditor[30074]: Output zone does not contain
 non-DNSSEC RRSet : TXT, *42.vanrein.org.       3600    IN      TXT
 "v=spf1 -all"

 Aside from being the answer to the most difficult question in the world,
 42 is also the hexcode of * so this looks like something maps wrongly

 The auditor ends with

 Jan  6 10:50:34 dhcp-45 ods-signerd: Auditor result: 3

 which may or may not indicate an error; I did not find documentation on
 how to infer if the auditor is happy.

 The input line leading to this was escaped,

 \042    3600    IN      TXT     "v=spf1 -all"

 I suspect a cmdline tool like dig must have inserted it during an AXFR,
 and it is accepted by NSD, so I am assuming this is proper formatting.  If
 not, this is not a bug report at all :) but otherwise it is one.

 Anyway, a simple work-around exists which is hereby documented:  After I
 changed \042 to * it all worked nicely.


Ticket URL: <http://trac.opendnssec.org/ticket/70>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list