[Opendnssec-user] problem with the auditor when upgrading from 1.1.1 to 1.2.1
Göran Bengtson
goeran at chalmers.se
Wed May 18 12:25:57 UTC 2011
On Wed, 18 May 2011, Mathieu Arnold wrote:
> From: Mathieu Arnold <mat at mat.cc>
> To: "opendnssec-user at lists.opendnssec.org"
> <opendnssec-user at lists.opendnssec.org>
> Message-ID: <33BBAFBCA75F7C7B08516175 at ogg.in.absolight.net>
> Date: Wed, 18 May 2011 13:24:56 +0200
> Subject: [Opendnssec-user] problem with the auditor when upgrading from 1.1.1
> to 1.2.1
>
> Hi,
>
> I have a mostly delegation zone (notaires.fr) with the following excerpt
> (all that concerns paris.notaires.fr is in there) :
>
> paris.notaires.fr. 86400 IN MX 50
> mta1a.mail.zscaler.net.
> paris.notaires.fr. 86400 IN MX 50
> mta1b.mail.zscaler.net.
> paris.notaires.fr. 86400 IN MX 100
> mta1c.mail.zscaler.net.
> adl.paris.notaires.fr. 86400 IN NS
> ns0.coltfrance.com.
> adl.paris.notaires.fr. 86400 IN NS
> ns1.coltfrance.com.
> casagrande-labrousse.paris.notaires.fr. 86400 IN NS
> ns1.lerelaisinternet.com.
> casagrande-labrousse.paris.notaires.fr. 86400 IN NS
> ns2.lerelaisinternet.com.
> certif.paris.notaires.fr. 86400 IN A
> 193.149.96.242
> cridon.paris.notaires.fr. 86400 IN A
> 193.149.97.197
> eternis.paris.notaires.fr. 86400 IN A
> 193.149.119.161
> glm.paris.notaires.fr. 86400 IN NS
> ns2.domicile.fr.
> glm.paris.notaires.fr. 86400 IN NS
> ns3.domicile.fr.
> intranot.paris.notaires.fr. 86400 IN A
> 212.121.182.58
> ldap.paris.notaires.fr. 86400 IN A
> 212.121.182.57
> mail.paris.notaires.fr. 86400 IN NS
> ns1.francenet.fr.
> mail.paris.notaires.fr. 86400 IN NS
> ns2.francenet.fr.
> mail.paris.notaires.fr. 86400 IN NS
> ns3.francenet.fr.monassier-et-associes.paris.notaires.fr. 86400 IN NS
> ns1.lsv.fr.
> monassier-et-associes.paris.notaires.fr. 86400 IN NS
> ns3.proximit.fr.
> moreldarleux-duboys-hurel.paris.notaires.fr. 86400 IN NS ns1.lsv.fr.
> moreldarleux-duboys-hurel.paris.notaires.fr. 86400 IN NS
> ns3.proximit.fr.
> transfert.paris.notaires.fr. 86400 IN A
> 193.149.97.194
> urn.paris.notaires.fr. 86400 IN A
> 193.149.97.194
> www.paris.notaires.fr. 86400 IN A
> 193.149.119.186
>
>
> which is fine as far as I can tell. (It was generated through
> named-compilezone.)
>
> but the auditor seems to think otherwise :
> $ /usr/local/bin/ods-auditor -z notaires.fr
> Auditor started
> Auditor starting on notaires.fr
> 6: SOA differs : from 1305712977 to 1305649900
> 6: Auditing notaires.fr zone : NSEC3 SIGNED
> 3: Glue should not be signed : eternis.paris.notaires.fr, A
> 3: Glue should not be signed : ldap.paris.notaires.fr, A
> 6: Finished auditing notaires.fr zone
> Auditor found errors - check log for details
> *** Error code 3
>
> I don't really understand why it believes that those are glues (they are
> not referenced anywhere else in the zone) and I don't really understand why
> those two are the only ones considered bad as they are not the only A under
> paris.notaires.fr.
>
> Have I uncovered a bug, or is there something wrong I can't see ?
Just for the record. I've seen this too with 1.2.1 for a zone wih >30000 RRs
but I have not yet isolated it in a smaller zone.
>
> Regards,
>
> --
> Mathieu Arnold
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
/ Göran Bengtson
Chalmers
More information about the Opendnssec-user
mailing list