[Opendnssec-develop] [OpenDNSSEC] #190: Auditor does not handle case correctly

OpenDNSSEC owner-dnssec-trac at kirei.se
Sun Oct 31 11:21:04 UTC 2010 

#190: Auditor does not handle case correctly
-----------------------------------------------------+----------------------
Reporter:  Marc Dequènes (Duck) <duck@…>             |       Owner:  alex   
    Type:  defect                                    |      Status:  new    
Priority:  major                                     |   Component:  Auditor
 Version:  trunk                                     |    Keywords:         
-----------------------------------------------------+----------------------
 If i understand well what is going on, the auditor is lost when zone name
 contains upper case letters, and perhaps also when the zone name case does
 not match the in-zone case.

 This results in the following error:
 {{{
 Oct 31 12:11:02 Orfeo ods-auditor[29604]: Auditing
 F.1.8.0.8.A.7.0.1.0.0.2.ip6.arpa zone : NSEC3 SIGNED
 Oct 31 12:11:02 Orfeo ods-auditor[29606]: RRSet
 (f.1.8.0.8.a.7.0.1.0.0.2.ip6.arpa, SOA) failed verification : Signature
 failed to cryptographically verify, tag = 63717
 Oct 31 12:11:02 Orfeo ods-auditor[29606]: RRSet
 (f.1.8.0.8.a.7.0.1.0.0.2.ip6.arpa, NS) failed verification : Signature
 failed to cryptographically verify, tag = 63717
 Oct 31 12:11:02 Orfeo ods-auditor[29606]: RRSet
 (f.1.8.0.8.a.7.0.1.0.0.2.ip6.arpa, MX) failed verification : Signature
 failed to cryptographically verify, tag = 63717
 Oct 31 12:11:02 Orfeo ods-auditor[29606]: RRSet
 (f.1.8.0.8.a.7.0.1.0.0.2.ip6.arpa, TXT) failed verification : Signature
 failed to cryptographically verify, tag = 63717
 Oct 31 12:11:02 Orfeo ods-auditor[29606]: RRSet
 (f.1.8.0.8.a.7.0.1.0.0.2.ip6.arpa, RRSIG) failed verification : No RRSet
 to verify, tag = 4816
 Oct 31 12:11:02 Orfeo ods-auditor[29606]: RRSet
 (f.1.8.0.8.a.7.0.1.0.0.2.ip6.arpa, RRSIG) failed verification : No RRSet
 to verify, tag = 63717
 Oct 31 12:11:02 Orfeo ods-auditor[29604]: SOA differs : from 2010103100 to
 2010103101
 Oct 31 12:11:02 Orfeo ods-auditor[29604]: Number of non-DNSSEC resource
 records differs : 21 in
 /var/lib/opendnssec/tmp/F.1.8.0.8.A.7.0.1.0.0.2.ip6.arpa.unsorted, and 24
 in /var/lib/opendnssec/tmp/F.1.8.0.8.A.7.0.1.0.0.2.ip6.arpa.finalized
 }}}

 After playing with case with no good result, I ended up deleting the zone,
 and recreating it with a lower case name and lowering everything the in-
 zone zone name too. It works now, but it is quite annoying as it breaks
 publishing the zone even when using the partial auditor mode.

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/190>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC

More information about the Opendnssec-develop mailing list