[Opendnssec-user] Problem with salt length 0 in OpenDNSSec 2.1.11
Erik P. Ostlyngen
erik.ostlyngen at norid.no
Fri Oct 28 06:15:41 UTC 2022
Hi,
I've just updated my testlab to use the 2.1.11 version of OpenDNSSec.
So that I can try out the Salt Length="0" configuration. Initially,
the configuration seems to work as expected, the signed zone gets an
NSEC3PARAM record with value '1 0 0 -'.
However, after I restart the signer, I get the following errors
repeated for each of my zones:
ods-signerd[179661]: [zone] corrupted backup file zone sj: read
nsec3parameters error
ods-signerd[179661]: [engine] unable to recover zone sj from backup,
performing full sign
The nsec3param record in the tmp/sj.backup2 file looks fine to me
('sj. 0 IN NSEC3PARAM 1 0 0 -'). So I wonder if this might be a
problem with the code reading the .backup2 file, as it seem to be
confused by the no salt '-' syntax?
Erik Østlyngen
Norid AS
More information about the Opendnssec-user
mailing list