[Pdns-users] API-RECTIFY set to 1 but zone does not rectify

Pieter Lexis pieter.lexis at powerdns.com
Mon Nov 13 09:28:43 UTC 2017 

Hi Eric,

On Sun, 12 Nov 2017 07:44:26 -0500
Eric Beck <ericbeck at cadns.ca> wrote:

Pushing this back to the mailinglist, please keep it there :).

> sorry, I realized that I hadn't included my version ... feel free to
> update my post or include this in
> 
> version 4.1.0-rc2  Centos 7
> 
> yum list installed | grep pdns
> pdns.x86_64                        4.1.0-0.1.rc2.1pdns.el7
> @powerdns-auth-41
> pdns-backend-mysql.x86_64          4.1.0-0.1.rc2.1pdns.el7
> @powerdns-auth-41
> 
> .... I should have perhaps submitted this as a bug
> 
> I also have an update to my pdns-users post .... I was testing this with
> a zone that was not secured.  I thought perhaps it was a bug related to
> the fact that perhaps the rectification would only work on a domain that
> was already DNSSEC secured instead of on any zone.  So I tried it also
> with another zone which is DNSSEC secured, (NSEC3PARAM, 1 0 1 ab).
> There is a further bug in that if you have API-RECTIFY set to 1 in the
> domainmetadata table for a secured zone with the NSEC3PARM set, there is
> an error with the API.  I'll send it to you here, (I've changed the key
> and domain name for security).
> 
> 
> curl -v -X PATCH --data @/home/centos/curl/change.domain.ca -H
> 'X-API-Key: ............................'
> http://127.0.0.1:8081/api/v1/servers/localhost/zones/domain.ca |jq .
> 
> ------------------- copy output from curl API -----------------------
> * About to connect() to 127.0.0.1 port 8081 (#0)
> *   Trying 127.0.0.1...
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
> Current
>                                  Dload  Upload   Total   Spent    Left
> Speed
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>     0* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
> > PATCH /api/v1/servers/localhost/zones/domain.ca HTTP/1.1
> > User-Agent: curl/7.29.0
> > Host: 127.0.0.1:8081
> > Accept: */*
> > X-API-Key: ............................
> > Content-Length: 255
> > Content-Type: application/x-www-form-urlencoded
> >  
> } [data not shown]
> * upload completely sent off: 255 out of 255 bytes
> 100   255    0     0  100   255      0     25  0:00:10  0:00:10 --:--:--
>     0< HTTP/1.1 500 Internal Server Error
> < Connection: close
> < Content-Length: 21
> < Content-Type: text/plain; charset=utf-8
> < Server: PowerDNS/4.1.0-rc2
> <
> { [data not shown]
> 100   276  100    21  100   255      2     25  0:00:10  0:00:10 --:--:--
>     0
> * Closing connection 0
> parse error: Invalid numeric literal at line 1, column 9
> -------------------- end copy output from curl API ------------------

You send Content-Type: application/x-www-form-urlencoded, but the API only accepts application/json.

> So I too off the API-RECTIFY and then put the curl command in a shell
> script with the pdnsutil rectify-zone command after it and it was fine.
> As I said I haven't tried this with a zone that is secured, but doesn't
> have the NSEC3 set.  I also didn't try it with a zone with NSEC3 set,
> and set to NARROW.

Can you check that the zone actually has keys as well?

> Sorry I didn't put this in as a bug.  I should have really.  If you want
> I can do that, but I'm thinking you have all the info now from my
> testing, so it seems redundant at this point.

If this really is a bug, which I doubt at this moment (but I did not attempt to reproduce this), a step-by-step way to reproduce this would really help.

Best regards,

Pieter
-- 
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com

More information about the Pdns-users mailing list