[Opendnssec-user]Signed zone file loses RRs
=?us-ascii?B?wfXLtg==?=
shuoleo at 126.com
Wed Sep 19 06:26:18 UTC 2012
Hi Matthijs,
I'm using OpenDNSSEC1.3.10 for test purpose, and using <NotifyCommand> with a script to do the afterwards work. And
I'm not using Audit which is not recommended.
But I have found out that sometimes the signed and raw zone file 's RRs do not match.
The attachment called ods_call_by_opendnssec.sh is the script called by <NotifyCommand>, you can see clearly what we
do after signing work ends, and when the validation failed, there seems nothing we can do to make up for it, I have
tried to call 'ods-signer sign %zone' but somethings more weird occurs, it seems the processes are there, but no output
generated, so I need your opinion.
The attachment called validateZoneData.sh is the scripted used for compare signed file with the raw one in case it
lacks RRs. Our raw zone file is lowercase and signed zone file is uppercase.
The last file is a log generated by ods_call_by_opendnssec.sh, you can see that tld test4 's validation are failed
because the NS RRs does not match with the unsigned file.
I have found the same problem in OpenDNSSEC1.4.a2 and I would like to help if needed.
Thanks.
Best regards,
Stuart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120919/660cb1f1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ods_call_by_opendnssec.sh
Type: application/octet-stream
Size: 1651 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120919/660cb1f1/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: zonefile.log
Type: application/octet-stream
Size: 2926 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120919/660cb1f1/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: validateZoneData.sh
Type: application/octet-stream
Size: 1169 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120919/660cb1f1/attachment-0002.obj>
More information about the Opendnssec-user
mailing list