From andrew at etc.gen.nz Thu Aug 2 02:52:55 2007 From: andrew at etc.gen.nz (Andrew Ruthven) Date: Thu, 02 Aug 2007 14:52:55 +1200 Subject: [ldns-users] Assertion error from drill Message-ID: <1186023175.10615.9.camel@dirk.catalyst.net.nz> Gidday, I'm trying to use drill to get the DNSSEC signing of a test zone, but I'm getting an assertion error. This could be due to Bind listening on a non-standard port. Here is what I'm getting: cerberus:~$ drill -p 153 cerberus.live.etc.gen.nz @cerberus.etc.gen.nz drill: rdata.c:195: ldns_rdf_clone: Assertion `rd != ((void *)0)' failed. Aborted cerberus:~$ But using dig works just fine: cerberus:~$ dig -p 153 cerberus.live.etc.gen.nz @cerberus.etc.gen.nz ; <<>> DiG 9.3.4 <<>> -p 153 cerberus.live.etc.gen.nz @cerberus.etc.gen.nz ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13849 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4 ;; QUESTION SECTION: ;cerberus.live.etc.gen.nz. IN A ;; ANSWER SECTION: cerberus.live.etc.gen.nz. 60 IN A 202.154.148.47 ;; AUTHORITY SECTION: live.etc.gen.nz. 5 IN NS cerberus.etc.gen.nz. live.etc.gen.nz. 5 IN NS chimaera.etc.gen.nz. ;; ADDITIONAL SECTION: cerberus.etc.gen.nz. 604800 IN A 10.1.0.1 cerberus.etc.gen.nz. 604800 IN AAAA 2404:130:b1ff:1::2:1 chimaera.etc.gen.nz. 604800 IN A 10.1.0.254 chimaera.etc.gen.nz. 604800 IN AAAA 2404:130:b1ff:1::2:254 ;; Query time: 3 msec ;; SERVER: 10.1.0.1#153(10.1.0.1) ;; WHEN: Thu Aug 2 14:41:48 2007 ;; MSG SIZE rcvd: 192 cerberus:~$ Any ideas? Cheers! -- Andrew Ruthven, Wellington, New Zealand At home: andrew at etc.gen.nz | This space intentionally | left blank. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From jelte at NLnetLabs.nl Thu Aug 2 11:12:51 2007 From: jelte at NLnetLabs.nl (Jelte Jansen) Date: Thu, 02 Aug 2007 13:12:51 +0200 Subject: [ldns-users] Assertion error from drill In-Reply-To: <1186023175.10615.9.camel@dirk.catalyst.net.nz> References: <1186023175.10615.9.camel@dirk.catalyst.net.nz> Message-ID: <46B1BC33.3050402@NLnetLabs.nl> Andrew Ruthven wrote: > Gidday, > > I'm trying to use drill to get the DNSSEC signing of a test zone, but > I'm getting an assertion error. This could be due to Bind listening on > a non-standard port. Here is what I'm getting: > > cerberus:~$ drill -p 153 cerberus.live.etc.gen.nz @cerberus.etc.gen.nz > drill: rdata.c:195: ldns_rdf_clone: Assertion `rd != ((void *)0)' > failed. > Aborted > cerberus:~$ > > Any ideas? > Thanks for reporting this, unfortunately i have not been able to reproduce it (i tried with running a server on a different port, but i actually don't think that's the problem). The packet you get with dig seems pretty normal so i must admit that at this point i do not really have an idea on what rdata the code is missing or falsely presuming present... it's ldns 1.2.0 that you are using? Jelte -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From andrew at etc.gen.nz Thu Aug 2 20:52:25 2007 From: andrew at etc.gen.nz (Andrew Ruthven) Date: Fri, 03 Aug 2007 08:52:25 +1200 Subject: [ldns-users] Assertion error from drill In-Reply-To: <46B1BC33.3050402@NLnetLabs.nl> References: <1186023175.10615.9.camel@dirk.catalyst.net.nz> <46B1BC33.3050402@NLnetLabs.nl> Message-ID: <1186087945.13035.6.camel@dirk.catalyst.net.nz> On Thu, 2007-08-02 at 13:12 +0200, Jelte Jansen wrote: > Andrew Ruthven wrote: > > > > cerberus:~$ drill -p 153 cerberus.live.etc.gen.nz @cerberus.etc.gen.nz > > drill: rdata.c:195: ldns_rdf_clone: Assertion `rd != ((void *)0)' > > failed. > > Aborted > > cerberus:~$ > Thanks for reporting this, unfortunately i have not been able to > reproduce it (i tried with running a server on a different port, but i > actually don't think that's the problem). Ahhh, if I try and query using the IP address it works fine. For example: drill cerberus.live.etc.gen.nz @2404:130:b1ff:1:0:2:1:53 But if I use a hostname for the server to query, it dies with the assertion error. On my AMD64 at work drill dies with a Segmentation fault instead of an assertion error. > The packet you get with dig seems pretty normal so i must admit that at > this point i do not really have an idea on what rdata the code is > missing or falsely presuming present... > > it's ldns 1.2.0 that you are using? Yes, this is 1.2.0. -- Andrew Ruthven, Wellington, New Zealand At home: andrew at etc.gen.nz | This space intentionally | left blank. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From jelte at NLnetLabs.nl Mon Aug 6 12:54:28 2007 From: jelte at NLnetLabs.nl (Jelte Jansen) Date: Mon, 06 Aug 2007 14:54:28 +0200 Subject: [ldns-users] Assertion error from drill In-Reply-To: <1186087945.13035.6.camel@dirk.catalyst.net.nz> References: <1186023175.10615.9.camel@dirk.catalyst.net.nz> <46B1BC33.3050402@NLnetLabs.nl> <1186087945.13035.6.camel@dirk.catalyst.net.nz> Message-ID: <46B71A04.6080200@NLnetLabs.nl> Andrew Ruthven wrote: > On Thu, 2007-08-02 at 13:12 +0200, Jelte Jansen wrote: >> Andrew Ruthven wrote: > > Ahhh, if I try and query using the IP address it works fine. For > example: > > drill cerberus.live.etc.gen.nz @2404:130:b1ff:1:0:2:1:53 > > But if I use a hostname for the server to query, it dies with the > assertion error. > Thanks, that helps a lot, I'll take a look at the code. BTW the working dig example you gave didn't use the ipv6 address but an ipv4 one (10.1.0.1). Do these addresses come from the DNS or are they specified in something like a hosts file? (that would give me more information on where this assertion failure originates). It could be that drill fails to recover from a failure in resolving the ipv6 address. Jelte -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From paul at xelerance.com Tue Aug 7 04:58:10 2007 From: paul at xelerance.com (Paul Wouters) Date: Tue, 7 Aug 2007 00:58:10 -0400 (EDT) Subject: [ldns-users] ldns-key2ds seg fault In-Reply-To: <464B1B8B.4090005@NLnetLabs.nl> References: <20070514121229.63bb073c@tx174.tx.local> <464B1B8B.4090005@NLnetLabs.nl> Message-ID: The key files I have had the following format: $ORIGIN . dnsx.xelerance.com 3600 IN DNSKEY 257 3 5 ( AwEAAc1yA34Y56yizTBIG+NOojCs8H3NtdeV Tzam/rLE2KW9Uw1KugXkKRyjZnSWN7EkEYE9 0UeBHtgqOQ6K5pMhmtyl0kgBa2o7B5F85gBD ielfHSXgWcrgsT9OpxcVafmYjE5NtE98OQZc wW8d7Neu+avFfke0Uwq2g5RFSYyHPpC9ydyC kCNEs7FRr5IUQCUyqfIon9Qy8M7Vqtf58MQX UVWwZLkMu1WtD3FUZ2Rl/PtW9UeeNWSqxLPh 0XoTdSBe1FWhbHvRaBByL/D+Q+SJ+ehoYnKj a6c8Dhg4sfrJ1Wy0z2Wv9pGth7cLCEVNKI9F CBlv8xh+GshBC+r/Ou6/CGM= ) ; key id = 10732 When running ldns-key2ds on this file, you get a segfault. Removing the first line with the $ORIGIN statement resolved the issue. It might further make sense not to write to a file, but to just output the result. Or if you really want to write to a file, make seperate files for sha1 and sha256, so you do not have to move files between generations. Paul From paul at xelerance.com Tue Aug 7 05:08:11 2007 From: paul at xelerance.com (Paul Wouters) Date: Tue, 7 Aug 2007 01:08:11 -0400 (EDT) Subject: [ldns-users] ldns-key2ds output uses wrong value for alg, and gets sha256 wrong In-Reply-To: References: <20070514121229.63bb073c@tx174.tx.local> <464B1B8B.4090005@NLnetLabs.nl> Message-ID: On Tue, 7 Aug 2007, Paul Wouters wrote: ldns-key2ds outputs: dnsx.xelerance.com 3600 IN DS 10732 RSASHA1 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13 While this should be, according to RFC3658 section 2.4 and 2.5 I believe this should be (though that could have been written down a lot better): dnsx.xelerance.com 3600 IN DS 10732 5 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13 Also, the output of ldns-key2ds -1 and ldns-key2ds -2 is identical, so it looks like the -2 option actually doesn't create a sha256 hash, but a sha1 hash. Paul From paul at xelerance.com Tue Aug 7 06:00:36 2007 From: paul at xelerance.com (Paul Wouters) Date: Tue, 7 Aug 2007 02:00:36 -0400 (EDT) Subject: [ldns-users] ldns-read-zone exit code wrong for failure In-Reply-To: References: <20070514121229.63bb073c@tx174.tx.local> <464B1B8B.4090005@NLnetLabs.nl> Message-ID: ldns-read-zone does not return a failure properly, patch below Paul *** ldns-read-zone.c.orig 2007-08-07 00:09:55.000000000 -0400 --- ldns-read-zone.c 2007-08-07 00:10:34.000000000 -0400 *************** *** 86,91 **** --- 86,92 ---- fprintf(stderr, "%s at %d\n", ldns_get_errorstr_by_id(s), line_nr); + exit(EXIT_FAILURE); } fclose(fp); From jelte at NLnetLabs.nl Tue Aug 7 08:23:34 2007 From: jelte at NLnetLabs.nl (Jelte Jansen) Date: Tue, 07 Aug 2007 10:23:34 +0200 Subject: [ldns-users] ldns-key2ds output uses wrong value for alg, and gets sha256 wrong In-Reply-To: References: <20070514121229.63bb073c@tx174.tx.local> <464B1B8B.4090005@NLnetLabs.nl> Message-ID: <46B82C06.50201@NLnetLabs.nl> Paul Wouters wrote: > On Tue, 7 Aug 2007, Paul Wouters wrote: > > ldns-key2ds outputs: > > dnsx.xelerance.com 3600 IN DS 10732 RSASHA1 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13 > > While this should be, according to RFC3658 section 2.4 and 2.5 I believe this should be (though > that could have been written down a lot better): > > dnsx.xelerance.com 3600 IN DS 10732 5 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13 > Hmm, this is a contradiction in different RFCs; RFC3568 indeed specifies that it must be a number: 2.5. Presentation Format of the DS Record The presentation format of the DS record consists of three numbers (key tag, algorithm, and digest type) followed by the digest itself presented in hex: However, RFC4034, which obsoletes 3568, states that: 5.3. The DS RR Presentation Format The Algorithm field MUST be represented either as an unsigned decimal integer or as an algorithm mnemonic specified in Appendix A.1. Now this issue has been raised before, and i am willing to change it, for the sake of compatibility with software that doesn't adhere to 4034. I actually do agree that using a number is better. But i am going to raise this up (again) to be clarified in the update of rfc4034. The reason i left in in so far (and why i am still hesitant to change it) is that it does weed out other software that can only handle the numbers and not the mnemonic... Jelte -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From jelte at NLnetLabs.nl Tue Aug 7 12:12:22 2007 From: jelte at NLnetLabs.nl (Jelte Jansen) Date: Tue, 07 Aug 2007 14:12:22 +0200 Subject: [ldns-users] ldns-key2ds seg fault In-Reply-To: References: <20070514121229.63bb073c@tx174.tx.local> <464B1B8B.4090005@NLnetLabs.nl> Message-ID: <46B861A6.3060105@NLnetLabs.nl> Paul Wouters wrote: > The key files I have had the following format: > > $ORIGIN . > When running ldns-key2ds on this file, you get a segfault. > > Removing the first line with the $ORIGIN statement resolved the issue. > Thanks, this has been fixed in the repository and will be included in 1.2.1 and 1.3.0 > It might further make sense not to write to a file, but to just output the > result. Or if you really want to write to a file, make seperate files for > sha1 and sha256, so you do not have to move files between generations. > Makes sense, but this will not happen in the 1.2 branch. I'll think about it some more and add it to the list for 1.3. Jelte -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From jelte at NLnetLabs.nl Tue Aug 7 12:13:39 2007 From: jelte at NLnetLabs.nl (Jelte Jansen) Date: Tue, 07 Aug 2007 14:13:39 +0200 Subject: [ldns-users] ldns-read-zone exit code wrong for failure In-Reply-To: References: <20070514121229.63bb073c@tx174.tx.local> <464B1B8B.4090005@NLnetLabs.nl> Message-ID: <46B861F3.7080008@NLnetLabs.nl> Paul Wouters wrote: > ldns-read-zone does not return a failure properly, patch below > > line_nr); > + exit(EXIT_FAILURE); > } > fclose(fp); > Thanks, committed for 1.2.1 and 1.3 Jelte -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From jelte at NLnetLabs.nl Tue Aug 7 12:15:16 2007 From: jelte at NLnetLabs.nl (Jelte Jansen) Date: Tue, 07 Aug 2007 14:15:16 +0200 Subject: [ldns-users] ldns-key2ds output uses wrong value for alg, and gets sha256 wrong In-Reply-To: References: <20070514121229.63bb073c@tx174.tx.local> <464B1B8B.4090005@NLnetLabs.nl> Message-ID: <46B86254.1050302@NLnetLabs.nl> Paul Wouters wrote: > On Tue, 7 Aug 2007, Paul Wouters wrote: > > Also, the output of ldns-key2ds -1 and ldns-key2ds -2 is identical, so it looks like the -2 > option actually doesn't create a sha256 hash, but a sha1 hash. > Fixed (again, for 1.2.1 and 1.3), (*if* SHA256 is available, otherwise it'll report an error and exit with a failure code) Jelte -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From paul at xelerance.com Tue Aug 7 14:49:41 2007 From: paul at xelerance.com (Paul Wouters) Date: Tue, 7 Aug 2007 10:49:41 -0400 (EDT) Subject: [ldns-users] ldns-key2ds output uses wrong value for alg, and gets sha256 wrong In-Reply-To: <46B82C06.50201@NLnetLabs.nl> References: <20070514121229.63bb073c@tx174.tx.local> <464B1B8B.4090005@NLnetLabs.nl> <46B82C06.50201@NLnetLabs.nl> Message-ID: On Tue, 7 Aug 2007, Jelte Jansen wrote: > > dnsx.xelerance.com 3600 IN DS 10732 RSASHA1 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13 > > > > While this should be, according to RFC3658 section 2.4 and 2.5 I believe this should be (though > > that could have been written down a lot better): > > > > dnsx.xelerance.com 3600 IN DS 10732 5 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13 > However, RFC4034, which obsoletes 3568, states that: > > 5.3. The DS RR Presentation Format > > > > The Algorithm field MUST be represented either as an unsigned decimal > integer or as an algorithm mnemonic specified in Appendix A.1. So perhaps an option to ldns-key2ds would be useful to choose? Perhaps even refusing to run with a default option to make the user more aware he needs to make a choice? Paul From jelte at NLnetLabs.nl Wed Aug 8 08:29:17 2007 From: jelte at NLnetLabs.nl (Jelte Jansen) Date: Wed, 08 Aug 2007 10:29:17 +0200 Subject: [ldns-users] ldns-key2ds output uses wrong value for alg, and gets sha256 wrong In-Reply-To: References: <20070514121229.63bb073c@tx174.tx.local> <464B1B8B.4090005@NLnetLabs.nl> <46B82C06.50201@NLnetLabs.nl> Message-ID: <46B97EDD.9040702@NLnetLabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Wouters wrote: >> >> The Algorithm field MUST be represented either as an unsigned decimal >> integer or as an algorithm mnemonic specified in Appendix A.1. > > So perhaps an option to ldns-key2ds would be useful to choose? > Perhaps even refusing to run with a default option to make the user > more aware he needs to make a choice? > nah, i'll change it to numeric. Apparently enough other people don't follow the rfc to warrant that :) IMHO making this an option is stretching it somewhat. Although it would make for a nice manpage entry. Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuX7d4nZCKsdOncURAoF7AJ9SPyBdUunLLsGCbp/d2f+zbpmu6gCglmjz Q1M6meuSuOkp7JaibSkd0zE= =xTIN -----END PGP SIGNATURE----- From paul at xelerance.com Wed Aug 8 13:06:37 2007 From: paul at xelerance.com (Paul Wouters) Date: Wed, 8 Aug 2007 09:06:37 -0400 (EDT) Subject: [ldns-users] ldns-key2ds output uses wrong value for alg, and gets sha256 wrong In-Reply-To: <46B97EDD.9040702@NLnetLabs.nl> References: <20070514121229.63bb073c@tx174.tx.local> <464B1B8B.4090005@NLnetLabs.nl> <46B82C06.50201@NLnetLabs.nl> <46B97EDD.9040702@NLnetLabs.nl> Message-ID: On Wed, 8 Aug 2007, Jelte Jansen wrote: > > So perhaps an option to ldns-key2ds would be useful to choose? > > Perhaps even refusing to run with a default option to make the user > > more aware he needs to make a choice? > > > > nah, i'll change it to numeric. Apparently enough other people don't > follow the rfc to warrant that :) I meant to choose between sha1 and sha256 :) Paul From jelte at NLnetLabs.nl Wed Aug 8 13:17:23 2007 From: jelte at NLnetLabs.nl (Jelte Jansen) Date: Wed, 08 Aug 2007 15:17:23 +0200 Subject: [ldns-users] ldns-key2ds output uses wrong value for alg, and gets sha256 wrong In-Reply-To: References: <20070514121229.63bb073c@tx174.tx.local> <464B1B8B.4090005@NLnetLabs.nl> <46B82C06.50201@NLnetLabs.nl> <46B97EDD.9040702@NLnetLabs.nl> Message-ID: <46B9C263.3090506@NLnetLabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Wouters wrote: > On Wed, 8 Aug 2007, Jelte Jansen wrote: > >>> So perhaps an option to ldns-key2ds would be useful to choose? >>> Perhaps even refusing to run with a default option to make the user >>> more aware he needs to make a choice? >>> >> nah, i'll change it to numeric. Apparently enough other people don't >> follow the rfc to warrant that :) > > I meant to choose between sha1 and sha256 :) > err, didn't you just submit a bug about that exact command-line argument (-1/-2) the other day? it was already there, just broken, but fixed now. Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGucJj4nZCKsdOncURAs+qAJ9vT2HV8jMsuhHkX5/f8gze7FaJWQCfRGLD gdMwhFAmX95XJyahYrMLdf4= =0C00 -----END PGP SIGNATURE-----