[Opendnssec-user] Opendnssec signer Y2K bug?

Tom Hendrikx tom at whyscream.net
Fri Dec 23 10:17:39 UTC 2011 

On 12/23/2011 10:04 AM, Miek Gieben wrote:
> [ Quoting<tom at whyscream.net>  at 00:49 on Dec 23 in "Re: [Opendnssec-user..." ]
>> On 22-12-11 21:03, Tom Hendrikx wrote:
>>> Inception date is 20111222193749 (2011-12-22 19:37:49), so expiration
>>> should be around 20120101193749 (2012-01-01 19:37:49). But the signer
>>> decided to bring up 20121231193749 (2012-12-31 19:37:49), which is
>>> almost a year off.
>>>
>>> Or maybe I just screwed up, and fail to see my own mistake?
>
> Wild, wild guess... Is this machine 32 or 64 bits?
>

My tests yesterday were all on 64bit machines, except for the one 
running ods which is 32bit.

The public zone that was having these similar issues, was .be (since 
this seems to be a software bug and no operator fuckup, I don't see why 
I shouldn't be naming them).

When checking today, I cannot reproduce the drill bug on any machine. 
however, on another 32 bit machine, the weird data was in the local 
(unbound) resolver cache.

Verbatim output from yesterday:

$ drill -t -D soa be @brussels.ns.dns.be.
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 211
;; flags: qr aa rd ; QUERY: 1, ANSWER: 2, AUTHORITY: 8, ADDITIONAL: 0
;; QUESTION SECTION:
;; be.  IN      SOA

;; ANSWER SECTION:
be.     86400   IN      SOA     m.ns.dns.be. tech.dns.be. 1008783674
3600 1800 2419200 600
be.     86400   IN      RRSIG   SOA 8 1 86400 20121231224814
20111222214814 55608 be.
oDdkwchTRKHgBLVyG+pm/tcmErIAHsQJT2ND4Tn+y5D9lU7xVNxr5OozmUiKFNfDFlgDnZS54xEmdUaxdF1TDJ0Zh8YH/RUzt16TxgTk6ZA2KkjyJoqLKKFPixli9unq5iEwjXi4IVfntnf8WuAgA86bZntVCMEaXZIFPlWHkMI=


$ dig +dnssec +tcp soa be @brussels.ns.dns.be.

; <<>> DiG 9.8.1 <<>> +dnssec +tcp soa be @brussels.ns.dns.be.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55335
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 8, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;be.                            IN      SOA

;; ANSWER SECTION:
be.                     86400   IN      SOA     m.ns.dns.be.
tech.dns.be. 1008783713 3600 1800 2419200 600
be.                     86400   IN      RRSIG   SOA 8 1 86400
20120101224910 20111222214910 55608 be.
nDK3wWYX6duwvwvHz4YSPUTYqqIwc0NUhYYrhC1kymbpPGb9om0xBhRS
ifauZA7VALeRGUjSGdGlo3Jkcv4g1BSP/j+yYnmAPOrJijKuFOQzXgzN
L0xS1wTqL2zsZRlLxhZju3LOYJJhdN//O3hXjVpzCiDY3Uut3jGC6rMh ImY=

--
Tom

More information about the Opendnssec-user mailing list