[ldns-users] ldns-verify-zone bug
Willem at NLnetLabs.nl
Wed Nov 21 22:26:14 UTC 2012
The issue is triggered when the last line of a parsed zone is a NSEC3
(or its RRSIG) covering an empty non-terminal. c.test.com in your case.
When the last record would have been the
qd81ag9inqts1ocs7api0pji94k27btr.test.com. NSEC3 or RRSIG record, the
error would not have occurred!
ldns-1.6.13 did not get in this condition, because it had a different
bug that would allow for NSEC3s not covering anything within the zone.
The fix for that bug unfortunately triggered this one.
Thanks again for noticing and reporting!
Op 21-11-12 17:21, Jan-Piet Mens schreef:
>> [vagrant at pdns ~/pdns/regression-tests/ldns-verify-zone]$ ldns-verify-zone test.com
>> original of NSEC3 hashed name could not be found at 81
> I get the same error with 1.6.16, but the zone verifies correctly with
> ldns 1.6.13:
> $ curl -o test.com http:// your url
> $ ldns-verify-zone test.com
> Checking: test.com.
> Checking: _underscore.test.com.
> Checking: c.test.com.
> Checking: b.c.test.com.
> Checking: a.b.c.test.com.
> Checking: *.a.b.c.test.com.
> Checking: counter.test.com.
> Checking: dc.test.com.
> Checking: _tcp.dc.test.com.
> Checking: _double._tcp.dc.test.com.
> Checking: _ldap._tcp.dc.test.com.
> Checking: enum.test.com.
> Checking: server1.test.com.
> Checking: test.test.com.
> Checking: *.test.test.com.
> Checking: www.test.test.com.
> Checking: very-long-txt.test.com.
> Checking: within-server.test.com.
> Checking: www.test.com.
> Zone is verified and complete
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
More information about the ldns-users