[Opendnssec-user] Problem replacing CNAME in 1.4.0a2.
Fred Zwarts (KVI)
F.Zwarts at KVI.nl
Thu Jun 28 09:42:23 UTC 2012
We currently use OpenDNSSEC 1.4.0a2 in a Linux SLES11SP2 x86_64 environment.
In one of the zones we had a CNAME record :
sms.kvi.nl. CNAME srv002.kvi.nl.
For several reasons we changed the it in a new version of the zone file
into:
sms.kvi.nl. A 129.125.37.29
Of course, also the SOA serial was updated.
Now the signer refused to sign the new zone file. In the systemlog we saw
the messages:
Jun 28 11:15:40 kvivs13 ods-signerd: [rrset] CNAME and other data at the
same name: <sms.kvi.nl,CNAME>
Jun 28 11:15:40 kvivs13 ods-signerd: [adapter] unable to read file: zonefile
contains errors
Jun 28 11:15:40 kvivs13 ods-signerd: [tools] unable to read zone KVI.nl:
adapter failed (Conflict detected)
Jun 28 11:15:40 kvivs13 ods-signerd: [worker[1]] backoff task [read] for
zone KVI.nl with 480 seconds
We checked and double-checked, but there is no CNAME anymore for sms.kvi.nl
in the unsigned zone.
We could work around this problem, by first deleting all records for
sms.kvi.nl, sign the zone, introduce the new records for sms.kvi.nl and sign
the zone again (each time, of course, incrementing the SOA serial).
I suspect that this is a bug in the code. I could not find it in the
archives of this mailing list, nor in the KNOWN_ISSUES list, so I think it
is worthwhile to mention it here.
Fred.Zwarts.
More information about the Opendnssec-user
mailing list