[Opendnssec-user] Problem replacing CNAME in 1.4.0a2.

Matthijs Mekking matthijs at nlnetlabs.nl
Thu Jun 28 13:12:15 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Fred,

Thanks for the files, I could reproduce them with those. I created a
ticket for this:

	https://issues.opendnssec.org/browse/OPENDNSSEC-290

I found the bug and fixed it in trunk, r6468.

Best regards,
  Matthijs


On 06/28/2012 11:42 AM, Fred Zwarts (KVI) wrote:
> We currently use OpenDNSSEC 1.4.0a2 in a Linux SLES11SP2 x86_64 
> environment.
> 
> In one of the zones we had a CNAME record :
> 
> sms.kvi.nl.    CNAME  srv002.kvi.nl.
> 
> For several reasons we changed the it in a new version of the zone
> file into:
> 
> sms.kvi.nl.          A       129.125.37.29
> 
> Of course, also the SOA serial was updated.
> 
> Now the signer refused to sign the new zone file. In the systemlog
> we saw the messages:
> 
> Jun 28 11:15:40 kvivs13 ods-signerd: [rrset] CNAME and other data
> at the same name: <sms.kvi.nl,CNAME> Jun 28 11:15:40 kvivs13
> ods-signerd: [adapter] unable to read file: zonefile contains
> errors Jun 28 11:15:40 kvivs13 ods-signerd: [tools] unable to read
> zone KVI.nl: adapter failed (Conflict detected) Jun 28 11:15:40
> kvivs13 ods-signerd: [worker[1]] backoff task [read] for zone
> KVI.nl with 480 seconds
> 
> We checked and double-checked, but there is no CNAME anymore for 
> sms.kvi.nl in the unsigned zone. We could work around this problem,
> by first deleting all records for sms.kvi.nl, sign the zone,
> introduce the new records for sms.kvi.nl and sign the zone again
> (each time, of course, incrementing the SOA serial).
> 
> I suspect that this is a bug in the code. I could not find it in
> the archives of this mailing list, nor in the KNOWN_ISSUES list, so
> I think it is worthwhile to mention it here.
> 
> Fred.Zwarts.
> 
> _______________________________________________ Opendnssec-user
> mailing list Opendnssec-user at lists.opendnssec.org 
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJP7FgvAAoJEA8yVCPsQCW5pOEIAN0rF/AvvWrbHOA9Os9mjKbc
OGKrraq2GWjvUzkYRXvcrjsoahTNzJP0NRBrQPs4rNN+mSZOALrQrn7uUQCpX/Ao
jNsUoattzzXrQxFL4SzWw6P/E+srkGhQ+1txeuvOo6xbv8oes0XDhTYwzuwj+xMN
9r/gr4NNyknxcCT1x+vpfwGBIZnGufrYq3JZzQYCv3z85blK60kIhrDmUHx/9Mv0
a4MOgAuBdfEiWb8ol4fBC6MYUZm//Gpf/hPmBgg/3i2DtOyHogoGL6jiIzNsL7a0
603xCQFSn29+R93BM6JIyOmLe+3bsVDo4udRFs2wYXRDSkjupJ6iCENbuNVoFs0=
=QF8r
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list