[Opendnssec-develop] Testing for RC3, found a new zone to test with
Rickard Bellgrim
rickard.bellgrim at iis.se
Thu Jan 21 09:07:59 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi
The ldns 1.6.4 has been released. So now I started to test everything once again. My normal zones just works great, but I found one extra zone in our SVN to test with, all.rr.binary.org.
The Auditor did not like the result. But it looks like ldns is doing it right. The records are present in the signed zone, but with trailing dots in the rdata (which dnsruby seems to believe that they shouldn't).
3: Output zone does not contain non-DNSSEC RRSet : NS, \\.all.rr.binary.org. 60 IN NS ns1.example.com.\000
3: Output zone does not contain non-DNSSEC RRSet : TXT, selector._domainkey.all.rr.binary.org. 60 IN TXT "v=DKIM1; n=Use=20DKIM; p=AwEAAZfbYw8SffZwsbrCLbC+JLErREIF6Yfe9aqsa1Pz6tpGWiLxm9rSL6/YoBvNP3UWX91YDF0JMo6lhu3UIZjITvIwDhx+RJYko9vLzaaJKXGf3ygy6z+deWoZJAV1lTY0Ltx9genboe88CSCHw9aSLkh0obN9Ck8R6zAMYR19ciM/; t=s"
3: Output zone does not contain non-DNSSEC RRSet : SRV, _http._tcp.all.rr.binary.org. 60 IN SRV 0 5 80 ns1.example.com
3: Output zone does not contain non-DNSSEC RRSet : MINFO, all.a{ll.all.rr.binary.org. 60 IN MINFO minfo-rmailbx.example.com minfo-emailbx.example.com
3: Output zone does not contain non-DNSSEC RRSet : PTR, foo.all.rr.binary.org. 60 IN PTR \000\\.ns1.all.rr.org
3: Output zone does not contain non-DNSSEC RRSet : CNAME, \032.foo\..all.rr.binary.org. 60 IN CNAME \\\\\..ns1.all.rr.org
3: Output zone does not contain non-DNSSEC RRSet : DNAME, frobozz.all.rr.binary.org. 60 IN DNAME frobozz-division.acme.example
3: Output zone does not contain non-DNSSEC RRSet : MB, nall.all.rr.binary.org. 60 IN MB mb-madname.\000.example.com
3: Output zone does not contain non-DNSSEC RRSet : A, ns1\..all.rr.binary.org. 60 IN A 10.1.0.52
3: Output zone does not contain non-DNSSEC RRSet : DS, sub.all.rr.binary.org. 60 IN DS 12345 DSA 1 ( 123456789ABCDEF67890123456789ABCDEF67890 )
So it looks to me that the problem is in dnsruby. We can have a release of RC3, but perhaps stating that the auditor has some problems with binary domain names.
Or what do you say Matthijs?
// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBS1gZb+CjgaNTdVjaAQgoKQf9Gb3y8lBkb+JnzviSWDY7aEUpgWlPU7wv
DqwqxfXvB4eXht/uVTze4f9lzNMSWEAwop2zxnGRinTJEutEbBWOi/ilfgxlPAZ9
M7FN6EeVa9ouNq89v6xX5O0EJwQOPuwN3dogTZA2IWkpnqy99gH1yAfOL9RBzDg/
h+hMQ/2HfctTxoJqdhAAhrb+rmsOP6JKogQXkPhX58Qp1T/pkPoXLYlPna/Jg+/l
Jo4/gMjmc56SzrqoevuQLhgmXP5/3PYr68uiyxxXD8gUTWCWdewilppzw6UCsc9G
HRw9EFS4JI/5oRow+JdLv6sSymRuoligAY0TzPOTeQUb8gmW9C3N1A==
=BfnZ
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20100121/8069a198/attachment.htm>
More information about the Opendnssec-develop
mailing list