[Pdns-users] PowerDNS 3.0: Can't deal with multi-part NSEC mappings yet
Peter van Dijk
peter.van.dijk at netherlabs.nl
Wed Sep 25 09:00:51 UTC 2013
On Sep 25, 2013, at 10:49 , Fredrik Roubert wrote:
> My ISP is running a slave DNS service, using PowerDNS 3.0 as this is the
> version included in Ubuntu 12.04 LTS. I've already read this post, about
> DNSSEC in 3.0 being "explicitly deprecated":
Yes. This is not the only issue you will run into, and other issues may be more subtle.
> Transferring this DNSSEC signed zone, however, leads my ISP's PowerDNS
> to log error messages like this:
> Sep 25 10:01:07 ns5 pdns: Unable to parse record during incoming AXFR of 'roubert.net' (MOADNSException): Can't deal with multi-part NSEC mappings yet
> So this is clearly something in PowerDNS 3.0 that was fixed in 3.1:
> But what does it mean? What exactly is it in my configuration that makes
> PowerDNS 3.0 unable to handle it? Is it something I could change to make
> PowerDNS 3.0 play along as a slave server?
The only reason we've seen these multi-part mappings in practice is when BIND stores auto-signing metadata in private records with high TYPE numbers. You may be able to get rid of these by changing your BIND configuration - I'm not sure.
If that's not it, check your zone file for any lines containing TYPE in uppercase, or any entry over 255 in http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Pdns-users