Ticket #533 (closed defect: fixed)

Opened 11 months ago

Last modified 9 months ago

AXFR of pre-signed zones

Reported by: anon Owned by: ahu
Priority: normal Milestone:
Component: auth Version: 3.1
Severity: normal Keywords: axfr
Cc:

Description

AXFR of pre-signed zones results in duplicate RRSIG records and corrupted NSEC3PARAM record - proposed fix attached.

Attachments

presigned-axfr Download (1.3 KB) - added by anon 11 months ago.
proposed fix for AXFR of pre-signed zones

Change History

Changed 11 months ago by anon

proposed fix for AXFR of pre-signed zones

Changed 11 months ago by peter

  • status changed from new to closed
  • resolution set to invalid

Hello,

I don't fully get what the problem is here - are you slaving a presigned zone while you your slave also has keys for it? This is currently considered a misconfiguration. Your patch, however, destroys actual presigned usage.

Closing ticket as invalid; I suggest sending pdns-users an email with your full setup details and an explanation of your issues, so that we may help you further.

Changed 11 months ago by peter

  • status changed from closed to reopened
  • resolution invalid deleted

Reading pdns-dev and discussing with Ruben on IRC cleared up the issue for me. Not sure the patch has the right approach but it does not seem wrong :) Reopening!

Changed 11 months ago by anon

I could not find the duplicate RRSIGs and/or NSEC3PARAM's when i'm AXFR'ing from the signing master.

I did find that an any query to a pre-signed slave results in duplicate ANY records. I've tried to create a patch for this:  https://github.com/Habbie/powerdns/pull/45.diff

Changed 9 months ago by peter

  • status changed from reopened to closed
  • resolution set to fixed

As far as I can tell, this has been resolved in r2709 and surrounding commits.

Note: See TracTickets for help on using tickets.