NSD 2.1.2, secondary, signed zones

Erik Rozendaal erik at NLnetLabs.nl
Fri Oct 15 21:26:13 UTC 2004

Wesley Griffin wrote:
> named-xfer _is_ axfer-ing the zone. It doesn't, obviously, understand
> the new DNSSEC RR types, so it is storing the zone with the RRs in
> unknown RR format. You can see the file that named-xfer writes here:
> <http://www.netsec.tislabs.com/conf/buddy/netsec.tislabs.com>.

The problem here is that the record being transferred is unknown and 
below the zone cut. So named-xfer tries to comment it out, because it 
shouldn't exist. Unfortunately, it only comments out the first line 
resulting in a syntax error.

There is a patch for named-xfer somewhere. But this was one of the main 
reasons to implement our own AXFR client because DNSSEC will not work 
without an DNSSEC aware AXFR client.

> Is NSD just not parsing the zone properly? Is named-xfer doing some
> wrong? Am I trying to be too cutting-edge? :)

Yes, you are trying to be too cutting-edge, but it will help us find and 
fix bugs, so please continue :)


More information about the nsd-users mailing list