[Pdns-users] pdns/gmysql/slave for signed zone: records being mangled
bert hubert
bert.hubert at netherlabs.nl
Tue Jan 25 07:32:36 UTC 2011
After some off-list discussion, we found that Mark runs 2.9.22, which indeed
has 'padding' issues on base64 RRSIG records.
In any case, slaving a DNSSEC zone to 2.9.22 is of little use since while it
can serve DNSSEC records (albeit slightly damaged as above), 2.9.22 does not
do any DNSSEC processing.
Mark, you may have a (lot) more success with the PowerDNSSEC prereleases as
actively being developed on http://www.powerdnssec.org.
Good luck!
Bert
On Mon, Jan 24, 2011 at 08:11:28AM +0100, bert hubert wrote:
> On Sun, Jan 23, 2011 at 11:46:16PM +0100, Mark Huizer wrote:
> > NSEC 5 3 86400 20110222021543 20110123021543 17462 verweg.com. W1WljyRcpbNl8kFEKAecpFXVr9lLi6i0I9DoFOvmPKMtDjfwrGLk4V1X9sWdet
> > u/ohYFKdyap5wPcKuIPK87l0fYA4+rJCKsJyx3npDdYiH9D1nB6pIh43pWL+da
> > 3dMd341Jqf6s8BVr39CfkzmVdzVpN7qkODc7TnQk92cHAUE=
> >
> > If I then query the nameserver:
> >
> > # DIG RRSIG @ns.example.com someentry.example.com
> > NSEC 5 3 86400 20110322021443 20110223021443 17462 verweg.com. W1WljyRcpbNl8kFEKAecpFXVr9lLi6i0I9DoFOvmPKMtDjfwrGLk4V1X9sWdet
> > u/ohYFKdyap5wPcKuIPK87l0fYA4+rJCKsJyx3npDdYiH9D1nB6pIh43pWL+da
> > 3dMd341Jqf6s8BVr39CfkzmVdzVpN7qkODc7TnQk92cHAUEA
> >
> > To make a long story short: the last character is converted from = to A
>
> What does the master server say when you query it with 'dig'? Can I query
> it?
>
> Probably not relevant, but needed to be sure where the problem is.
>
> Bert
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
More information about the Pdns-users
mailing list