[Opendnssec-user] problem with the auditor when upgrading from 1.1.1 to 1.2.1

Mathieu Arnold mat at mat.cc
Wed May 18 11:24:56 UTC 2011 

Hi,

I have a mostly delegation zone (notaires.fr) with the following excerpt
(all that concerns paris.notaires.fr is in there) :

paris.notaires.fr.                            86400 IN MX       50
mta1a.mail.zscaler.net.
paris.notaires.fr.                            86400 IN MX       50
mta1b.mail.zscaler.net.
paris.notaires.fr.                            86400 IN MX       100
mta1c.mail.zscaler.net.
adl.paris.notaires.fr.                        86400 IN NS
ns0.coltfrance.com.
adl.paris.notaires.fr.                        86400 IN NS
ns1.coltfrance.com.
casagrande-labrousse.paris.notaires.fr.       86400 IN NS
ns1.lerelaisinternet.com.
casagrande-labrousse.paris.notaires.fr.       86400 IN NS
ns2.lerelaisinternet.com.
certif.paris.notaires.fr.                     86400 IN A
193.149.96.242
cridon.paris.notaires.fr.                     86400 IN A
193.149.97.197
eternis.paris.notaires.fr.                    86400 IN A
193.149.119.161
glm.paris.notaires.fr.                        86400 IN NS
ns2.domicile.fr.
glm.paris.notaires.fr.                        86400 IN NS
ns3.domicile.fr.
intranot.paris.notaires.fr.                   86400 IN A
212.121.182.58
ldap.paris.notaires.fr.                       86400 IN A
212.121.182.57
mail.paris.notaires.fr.                       86400 IN NS
ns1.francenet.fr.
mail.paris.notaires.fr.                       86400 IN NS
ns2.francenet.fr.
mail.paris.notaires.fr.                       86400 IN NS
ns3.francenet.fr.monassier-et-associes.paris.notaires.fr.      86400 IN NS
ns1.lsv.fr.
monassier-et-associes.paris.notaires.fr.      86400 IN NS
ns3.proximit.fr.
moreldarleux-duboys-hurel.paris.notaires.fr.  86400 IN NS       ns1.lsv.fr.
moreldarleux-duboys-hurel.paris.notaires.fr.  86400 IN NS
ns3.proximit.fr.
transfert.paris.notaires.fr.                  86400 IN A
193.149.97.194
urn.paris.notaires.fr.                        86400 IN A
193.149.97.194
www.paris.notaires.fr.                        86400 IN A
193.149.119.186


which is fine as far as I can tell. (It was generated through
named-compilezone.)

but the auditor seems to think otherwise :
$ /usr/local/bin/ods-auditor -z notaires.fr
Auditor started
Auditor starting on notaires.fr
6: SOA differs : from 1305712977 to 1305649900
6: Auditing notaires.fr zone : NSEC3 SIGNED
3: Glue should not be signed : eternis.paris.notaires.fr, A
3: Glue should not be signed : ldap.paris.notaires.fr, A
6: Finished auditing notaires.fr zone
Auditor found errors - check log for details
*** Error code 3

I don't really understand why it believes that those are glues (they are
not referenced anywhere else in the zone) and I don't really understand why
those two are the only ones considered bad as they are not the only A under
paris.notaires.fr.

Have I uncovered a bug, or is there something wrong I can't see ?

Regards,

-- 
Mathieu Arnold

More information about the Opendnssec-user mailing list