[Opendnssec-user] Problem replacing CNAME in 1.4.0a2.

Fred Zwarts (KVI) F.Zwarts at KVI.nl
Thu Jun 28 09:42:23 UTC 2012

We currently use OpenDNSSEC 1.4.0a2 in a Linux SLES11SP2 x86_64 environment.

In one of the zones we had a CNAME record :

sms.kvi.nl.    CNAME  srv002.kvi.nl.

For several reasons we changed the it in a new version of the zone file 

sms.kvi.nl.          A

Of course, also the SOA serial was updated.

Now the signer refused to sign the new zone file. In the systemlog we saw 
the messages:

Jun 28 11:15:40 kvivs13 ods-signerd: [rrset] CNAME and other data at the 
same name: <sms.kvi.nl,CNAME>
Jun 28 11:15:40 kvivs13 ods-signerd: [adapter] unable to read file: zonefile 
contains errors
Jun 28 11:15:40 kvivs13 ods-signerd: [tools] unable to read zone KVI.nl: 
adapter failed (Conflict detected)
Jun 28 11:15:40 kvivs13 ods-signerd: [worker[1]] backoff task [read] for 
zone KVI.nl with 480 seconds

We checked and double-checked, but there is no CNAME anymore for sms.kvi.nl 
in the unsigned zone.
We could work around this problem, by first deleting all records for 
sms.kvi.nl, sign the zone, introduce the new records for sms.kvi.nl and sign 
the zone again (each time, of course, incrementing the SOA serial).

I suspect that this is a bug in the code. I could not find it in the 
archives of this mailing list, nor in the KNOWN_ISSUES list, so I think it 
is worthwhile to mention it here.


More information about the Opendnssec-user mailing list