[Pdns-users] pdns/gmysql/slave for signed zone: records being mangled
Mark Huizer
xaa+powerdns at dohd.org
Sun Jan 23 22:46:16 UTC 2011
Hello there,
I recently switched a machine from bind to PowerDNS, and 99% works like a charm.
My only issue is with a slave zone that uses DNSSEC. After changing the length of the content field in the database (DNSKEY didn't fit otherwise), I'm left with an issue with RRSIG records.
If I take a look at the content in the database, I see this:
NSEC 5 3 86400 20110222021543 20110123021543 17462 verweg.com. W1WljyRcpbNl8kFEKAecpFXVr9lLi6i0I9DoFOvmPKMtDjfwrGLk4V1X9sWdet
u/ohYFKdyap5wPcKuIPK87l0fYA4+rJCKsJyx3npDdYiH9D1nB6pIh43pWL+da
3dMd341Jqf6s8BVr39CfkzmVdzVpN7qkODc7TnQk92cHAUE=
If I then query the nameserver:
# DIG RRSIG @ns.example.com someentry.example.com
NSEC 5 3 86400 20110322021443 20110223021443 17462 verweg.com. W1WljyRcpbNl8kFEKAecpFXVr9lLi6i0I9DoFOvmPKMtDjfwrGLk4V1X9sWdet
u/ohYFKdyap5wPcKuIPK87l0fYA4+rJCKsJyx3npDdYiH9D1nB6pIh43pWL+da
3dMd341Jqf6s8BVr39CfkzmVdzVpN7qkODc7TnQk92cHAUEA
To make a long story short: the last character is converted from = to A
I tried looking for it, but it's hard to find the right query for this, so I can't tell for sure if my search was inconclusive or not. But my question is... where can I start looking for a solution for this problem? What can I do? Has anyone seen something like this?
Perhaps some relevant info:
FreeBSD 8 jail
mysql 5.1.54 (from ports)
powerdns 2.9.22 (from ports)
Greetings and thanks in advance for any help
Mark
More information about the Pdns-users
mailing list