[Opendnssec-user] Absent ZSK in zone signed with OpenDNSSEC

Matthijs Mekking matthijs at NLnetLabs.nl
Fri Apr 16 07:16:36 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Sebastian,

Thanks for the catch. I have committed a change to trunk and
OpenDNSSEC-1.1 branch. The quicksorter will now default to class IN.

Best regards,

Matthijs

Sebastian Castro wrote:
> During this process, I found what it seems to be a bug with quicksorter:
> If the first line of the zone doesn't contain a class, quicksorter fails
> with a 'No class' error, breaking the signing process.
> 
> 
> # head /var/opendnssec/unsigned/co.nz.zone
> ; zone co.nz built at Wed Aug 19 10:04:38 2009
> $TTL 86400
> @	SOA	loopback.dns.net.nz. soa.nzrs.net.nz. 2010030514 900 300 604800 3600
> co.nz.	NS	ns1.dns.net.nz.
> co.nz.	NS	ns2.dns.net.nz.
> co.nz.	NS	ns3.dns.net.nz.
> 
> quicksorter will complain
> 
> # /usr/local/opendnssec/libexec/opendnssec/quicksorter -o co.nz. -f
> /var/opendnssec/unsigned/co.nz.zone -w /var/opendnssec/tmp/co.nz.sorted
> -m 3600 -t 3600
> /var/opendnssec/unsigned/co.nz.zone:3: No class
> 
> If I add the class for the SOA record, everything works fine
> 
> Should quicksorter assume class=IN by default?
> 
> Cheers

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJLyA7SAAoJEA8yVCPsQCW5WPQIAKvkQ/5+LknZtiR2ivLcjYgu
2ABAoqfzuqoqP+3CGYPWeooCLwsPMVHUKWcBPZRaWSbAB1ymkWGGfNBgIzuiAOAu
tGd2yfPTgxWQWIJ/pfOjjtP0BZHQqfLuOaHKNORCXhMk3RbUAJHJNQqXNclefT3O
m3rNvQUoHvWtmCWbSSEyO/DnMhbPDXnLpdpaiUeMm/bweDo7az6hLrIu8UxpYRE5
rOnmCcpoL6WyppwONHcDDkBsH8/sC9YEjBgR7LNPtNjFX/ZOxMpFNiRU4XZjwybM
y+PvNSvxlDMi+9dJOICydUkiAOzELy29NV2l71G+WpRAlVdl5lgqWyLg/TWP/cs=
=OJHz
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list