[Opendnssec-user] Diagnosing syntax error in zone file

Ted Folkman tfolkman at lettersblogatory.com
Mon Sep 12 01:00:58 UTC 2016


Hello,

I am a new opendnssec user looking for help solving what seems like a 
syntax error in my zone file that is preventing ods-signerd from reading 
the file and signing the zone.

I use Debian 8.5 and have installed the bind9 (1:9.9.5.dfsg-9+deb8u6), 
opendnssec (1:1.4.6-6), and softhsm (1.3.7-2+deb8u1) packages from the 
Debian Jessie repository.

The zonefile is attached.

When I run named-checkzone, the output is as follows, which leads me to 
believe the syntax of the zone file is fine:

zone lettersblogatory.com/IN: 'lettersblogatory.com' found SPF/TXT 
record but no SPF/SPF record found, add matching type SPF record
zone lettersblogatory.com/IN: loaded serial 2016091110
OK

Here are the relevant lines from syslog:

Sep 11 20:27:50 panda ods-signerd: [namedb] zone lettersblogatory.com 
unable to use unixtime as serial: 1473640070 does not increase 
2016091110. Serial set to 2016091111
Sep 11 20:27:50 panda ods-signerd: [adapter] error parsing RR at line 37 
(Syntax error, could not parse the RR's rdata): 
201608._domainkey#011#011#011#011IN#011TXT#011"v=DKIM1; k=rsa; s=email; 
""p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG1m0o2ShF92gB0BFcbOSyHm84c3UDYptHoHs9diQxHp4Hl8oHIHcS4uKIWRluzFYSPFKzpQKkaIrjHhttps://panda.blogatory.com/roundcube/?_task=mail&_action=compose&_id=157614925157d5f9460031e#pJ4manINdKE5K/TKkHc4k3PDPdcs7y0zzYfF0eIkHQCVgFskgeuGnPIF4NaNSKQygpBj2aWu60XIcaF6R+HzRv1xmY0F+gAmZ+XPxBs2K0Wcos/G15rLpWn4cT93JNS""XHawRN4SwaRSQ+E3thJ+9i1KBC2ryYcOEf9gvFLWJorlbsw9YEKEpZxceY/ulhoCWuK8Y526IGhXHpNLzi44N2WY8JWpSu3Edm+K62tqItS9K3RaeUUjXyXoNc4zZAFgzAA9IBOwIDAQAB"
Sep 11 20:27:50 panda ods-signerd: [adapter] error reading RR at line 43 
(Syntax error, could not parse the RR's rdata): 
_dmarc#011#011#011#011#011#011IN#011TXT#011"v=DMARC1; p=none; fo=1; 
rua=mailto:postmaster at lettersblogatory.com"
Sep 11 20:27:50 panda ods-signerd: [tools] unable to read zone 
lettersblogatory.com: adapter failed (General error)
Sep 11 20:27:50 panda ods-signerd: [worker[1]] CRITICAL: failed to sign 
zone lettersblogatory.com: General error
Sep 11 20:27:50 panda ods-signerd: [worker[1]] backoff task [read] for 
zone lettersblogatory.com with 960 seconds


Is there some difference between the syntax rules for BIND and 
opendnssec? Any help would be greatly appreciated. I have not been able 
to find an answer in the documentation or via Google.

Thank you!
-------------- next part --------------
$TTL 300
$ORIGIN lettersblogatory.com.

@	IN	SOA	ns1.linode.com.	hostmaster.lettersblogatory.com. (
					2016091110	; serial
					1200		; refresh from master
					300		; retry interval for refresh from master
					1209600		; expiry in case master has downtime
					300		; negative cache
					)


;	Nameservers

	IN	NS	ns1.linode.com.
	IN	NS	ns2.linode.com.
	IN	NS	ns3.linode.com.
	IN	NS	ns4.linode.com.
	IN	NS	ns5.linode.com.

;	Address records

@	IN	A	45.33.79.32
@	IN	AAAA	2600:3c03::f03c:91ff:fe79:3e83

;	Canonical name for CDN

static	IN	CNAME	d3hrmjjaud62qc.cloudfront.net.

;	Mail exchange records

@	IN	MX	10 panda.blogatory.com.

;	SPF, DKIM and DMARC records for mail authentication

@						IN	TXT	"v=spf1 mx include:amazonses.com -all"
201608._domainkey				IN	TXT	"v=DKIM1; k=rsa; s=email; ""p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG1m0o2ShF92gB0BFcbOSyHm84c3UDYptHoHs9diQxHp4Hl8oHIHcS4uKIWRluzFYSPFKzpQKkaIrjHpJ4manINdKE5K/TKkHc4k3PDPdcs7y0zzYfF0eIkHQCVgFskgeuGnPIF4NaNSKQygpBj2aWu60XIcaF6R+HzRv1xmY0F+gAmZ+XPxBs2K0Wcos/G15rLpWn4cT93JNS""XHawRN4SwaRSQ+E3thJ+9i1KBC2ryYcOEf9gvFLWJorlbsw9YEKEpZxceY/ulhoCWuK8Y526IGhXHpNLzi44N2WY8JWpSu3Edm+K62tqItS9K3RaeUUjXyXoNc4zZAFgzAA9IBOwIDAQAB"
5kmwzc7asqraaryyq6prtzntaufweds3._domainkey	IN	TXT	"5kmwzc7asqraaryyq6prtzntaufweds3.dkim.amazonses.com"
5z3i2im7mdtswirg42ffjmnm2rqdwlcz._domainkey	IN	TXT	"5z3i2im7mdtswirg42ffjmnm2rqdwlcz.dkim.amazonses.com"
ubowohqscso3mricgqj7bvaaxtgvybh7._domainkey	IN	TXT	"ubowohqscso3mricgqj7bvaaxtgvybh7.dkim.amazonses.com"

_amazonses					IN	TXT	"leND/hWoVD5S2JW/1HjP+CNZEA83S390KyA+OlxqpGk="
_dmarc						IN	TXT	"v=DMARC1; p=none; fo=1; rua=mailto:postmaster at lettersblogatory.com"


More information about the Opendnssec-user mailing list