NSD 2.1.2, secondary, signed zones
Erik Rozendaal
erik at NLnetLabs.nl
Fri Oct 15 21:26:13 UTC 2004
Wesley Griffin wrote:
> named-xfer _is_ axfer-ing the zone. It doesn't, obviously, understand
> the new DNSSEC RR types, so it is storing the zone with the RRs in
> unknown RR format. You can see the file that named-xfer writes here:
> <http://www.netsec.tislabs.com/conf/buddy/netsec.tislabs.com>.
The problem here is that the record being transferred is unknown and
below the zone cut. So named-xfer tries to comment it out, because it
shouldn't exist. Unfortunately, it only comments out the first line
resulting in a syntax error.
There is a patch for named-xfer somewhere. But this was one of the main
reasons to implement our own AXFR client because DNSSEC will not work
without an DNSSEC aware AXFR client.
> Is NSD just not parsing the zone properly? Is named-xfer doing some
> wrong? Am I trying to be too cutting-edge? :)
Yes, you are trying to be too cutting-edge, but it will help us find and
fix bugs, so please continue :)
Erik
More information about the nsd-users
mailing list