[Opendnssec-user] Diagnosing syntax error in zone file

Ted Folkman tfolkman at lettersblogatory.com
Mon Sep 12 00:58:26 UTC 2016


Hello,

I am a new opendnssec user looking for help solving what seems like a 
syntax error in my zone file that is preventing ods-signerd from reading 
the file and signing the zone.

I use Debian 8.5 and have installed the bind9 (1:9.9.5.dfsg-9+deb8u6), 
opendnssec (1:1.4.6-6), and softhsm (1.3.7-2+deb8u1) packages from the 
Debian Jessie repository.

The zonefile is attached.

When I run named-checkzone, the output is as follows, which leads me to 
believe the syntax of the zone file is fine:

zone lettersblogatory.com/IN: 'lettersblogatory.com' found SPF/TXT 
record but no SPF/SPF record found, add matching type SPF record
zone lettersblogatory.com/IN: loaded serial 2016091110
OK

Here are the relevant lines from syslog:

Sep 11 20:27:50 panda ods-signerd: [namedb] zone lettersblogatory.com 
unable to use unixtime as serial: 1473640070 does not increase 
2016091110. Serial set to 2016091111
Sep 11 20:27:50 panda ods-signerd: [adapter] error parsing RR at line 37 
(Syntax error, could not parse the RR's rdata): 
201608._domainkey#011#011#011#011IN#011TXT#011"v=DKIM1; k=rsa; s=email; 
""p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG1m0o2ShF92gB0BFcbOSyHm84c3UDYptHoHs9diQxHp4Hl8oHIHcS4uKIWRluzFYSPFKzpQKkaIrjHhttps://panda.blogatory.com/roundcube/?_task=mail&_action=compose&_id=157614925157d5f9460031e#pJ4manINdKE5K/TKkHc4k3PDPdcs7y0zzYfF0eIkHQCVgFskgeuGnPIF4NaNSKQygpBj2aWu60XIcaF6R+HzRv1xmY0F+gAmZ+XPxBs2K0Wcos/G15rLpWn4cT93JNS""XHawRN4SwaRSQ+E3thJ+9i1KBC2ryYcOEf9gvFLWJorlbsw9YEKEpZxceY/ulhoCWuK8Y526IGhXHpNLzi44N2WY8JWpSu3Edm+K62tqItS9K3RaeUUjXyXoNc4zZAFgzAA9IBOwIDAQAB"
Sep 11 20:27:50 panda ods-signerd: [adapter] error reading RR at line 43 
(Syntax error, could not parse the RR's rdata): 
_dmarc#011#011#011#011#011#011IN#011TXT#011"v=DMARC1; p=none; fo=1; 
rua=mailto:postmaster at lettersblogatory.com"
Sep 11 20:27:50 panda ods-signerd: [tools] unable to read zone 
lettersblogatory.com: adapter failed (General error)
Sep 11 20:27:50 panda ods-signerd: [worker[1]] CRITICAL: failed to sign 
zone lettersblogatory.com: General error
Sep 11 20:27:50 panda ods-signerd: [worker[1]] backoff task [read] for 
zone lettersblogatory.com with 960 seconds


Is there some difference between the syntax rules for BIND and 
opendnssec? Any help would be greatly appreciated. I have not been able 
to find an answer in the documentation or via Google.

Thank you!
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: zonefile.txt
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160911/98e4eeba/attachment.txt>


More information about the Opendnssec-user mailing list