trouble with dnssec signed zone on secondary.

Thu Jan 6 01:11:55 UTC 2005

Hi, 

This is only somewhat related to nsd, but someone else must have hit it. 
I am having trouble AXFRing a signed zone -- named-xfer v.latest does not
recognise the file format and writes a zone file that zonec barfs on. 

This is what is written:

; BIND version named 8.4.5-REL Wed Jan  5 19:58:17 MET 2005
; BIND version mansaxel at foot.snowman.sunet.se:/local/src/bind8/src/bin/named
; zone 'se'   first transfer
; from [212.247.7.226].53 (local [130.242.94.50].33741) using AXFR at Thu
Jan  6 01:13:59 2005
; TSIG verified: key xfer-sunet.tsig.ns.se..
$ORIGIN .
se      3600    IN      SOA     dnssec.nic.se. dnssec-registry.nic-se.se. (
                2005010518 7200 3600 2419200 7200 )
        3600    IN      TYPE46  \# 86 (
0006050100000e1041e5512241dc16a285ac0273

65009256304e04d767b1f91e8887e4b675dd471d66a0404d

c1049c17996d4b0d5c80157322e66c44e9ff5e7f5822db53
                                400884b69bd899671c34dba12311e30ca5cc )
        3600    IN      NS      dnssec-1.ns.se.
        3600    IN      NS      dnssec-2.ns.se.
        3600    IN      NS      dnssec-5.ns.se.
        3600    IN      NS      dnssec-6.ns.se.
        3600    IN      TYPE46  \# 86 (
0002050100000e1041e3109241d9d61285ac0273

650051e77ca6b64c030ec5f9b8124515c4883329b77c27fc

88a58519e91f81e37177317799b91d50863b5dada34e132b
                                064ae71b2f84499bd9abebdecf4c99317f6a )
        3600    IN      TXT
"<http://www.nic-se.se/domaner/ompekning.shtml>"
        3600    IN      TXT     "Read instructions before sending requests
of update"
        3600    IN      TYPE46  \# 86 (
0010050100000e1041e3109241d9d61285ac0273

6500247f32e69ba86f1d32e800112cac6869fe50c9924c1b

30fa5f74a05b0f2b9b7d88aae0ca0bf8e44e119dd2d7dc82
                                bb09bae1f898def4f177f61dcc6269887888 )
        7200    IN      TYPE47  \# 27 (
0d30303338356b726f617469656e027365000007
                                22008000000380 )
        7200    IN      TYPE46  \# 86 (
002f050100001c2041e3109241d9d61285ac0273

6500a5484993c2d65c63766aa72e446e47f8ec40f0ed8ce2

0181f02492fafdfe0fd695b26a510ffa0c3d5cce90e618f3
                                c3f85c198d2b81c703d82bdcbe8e7c46437c )
        3600    IN      TYPE48  \# 70 (
010003050103baccdb8ee97a7cbf97834dd7b71e

1d15011f71a3e98e50bc5e02ac0c12907346d64944dda0e6

add2ff3c37b037971ca4bfeee9e7879298531bf36999791c
                                d01d )
        3600    IN      TYPE48  \# 70 (
010003050103bcdb90e4b0390922098086851ee4

17a1ad213eb57699f89506c584baa166a36e8c6fb492d001

e6135d3fbd6480142c840c70ad0e3dd781ad749bb9a59622
                                ad01 )
        3600    IN      TYPE48  \# 134 (
0101030501039f60682c22ac957844be27d25643

fc5974af76b1954ddad4d79497839b90e0210334a9fbc2dc

277a4f7ba71d07fba5342ff217f7a8fff9d3214456db6218

f54be1cb66dca1616b26c91b3ff5fc01a409daa618fca601

c555bdd048082c75eb982eb12b0ae5f17bd23f999baaf834
                                1b0533252220f2e23242873d0136a560cc2f )
        3600    IN      TYPE46  \# 150 (
0030050100000e1041e3109241d9d61259610273

650099fb69877c598595ea408696721c323faa86978e6b12

700d908b32c5c0d268c2cf0b9a85ac5a4db30028b4ef0d22

52fd591f0ce7221d222b9d14da6d475e6d98bdd9f6bd42ed

0dfe317352dad1689cb18d5fd100a80f2298091e9105e6b0

cf7d2dacf9f861deeea0ea58bf89e583b93fc561e584fff4
                                7e9a7bb5071a5ef15e92 )
        3600    IN      TYPE46  \# 86 (
0030050100000e1041e3109241d9d61285ac0273

65003a260306e08b66f013a2c5c34aeacb141f94e786b737

9c7d2f771c947ffb18f126c6da42fcb0046d417d657e28a9
                                cc218204fe9ca265e729ce3bdd6dd6e58d91 )
$ORIGIN se.
00385kroatien   3600    IN      NS      ns1.surf-town.net.
        3600    IN      NS      ns2.surf-town.net.
        3600    IN      NS      ns3.surf-town.net.
; Ignoring extra info about 00385kroatien.se, invalid after NS delegation.
;       7200    IN      TYPE47  \# 19 (
06303037746132027365000006200000000003 )
; Ignoring extra info about 00385kroatien.se, invalid after NS delegation.
;       7200    IN      TYPE46  \# 86 (
002f050200001c2041e3109241d9d61285ac0273

650053a108f27f7368a2413266a450cdf52a0627a46da90a

ec18d743991acbbea051eacea609b0b5ffb256740673f305
                                312e3f5b1a174535b1f76563649b89e6c636 )
$ORIGIN se.
007ta2  3600    IN      NS      ns1.b-one.nu.
        3600    IN      NS      ns2.b-one.nu.
; Ignoring extra info about 007ta2.se, invalid after NS delegation.
;       7200    IN      TYPE47  \# 24 (
0b3030383030696e6b6a65740273650000062000
                                00000003 )
; Ignoring extra info about 007ta2.se, invalid after NS delegation.
;       7200    IN      TYPE46  \# 86 (
002f050200001c2041e3109241d9d61285ac0273

650008e4b4a54dc37ab227513dd8ae347a08b50a1cf17328

a1880ae3e7dfa29c4ba28a76dbe2bd46bb6fd741bd377d65
                                9dce6a90ce15bac7e415817c3ba8a04dbb60 )
<snip>
And this is the debug output from zonec: 
	(ignore the axfr issues -- they are known and fixed..) 

foot#/usr/local/sbin/nsdc update
Warning: AXFR for se failed
zone se needs rebuilding...
rebuilding the database....
zonec: reading zone "se".
 ERR: Line 66 in secondary/se: Unrecognized RR type
'650053a108f27f7368a2413266a450cdf52a0627a46da90a'
 ERR: Line 67 in secondary/se: Unrecognized RR type
'ec18d743991acbbea051eacea609b0b5ffb256740673f305'
 ERR: Line 68 in secondary/se: Unterminated parentheses
zonec: processed 20 RRs in "se".

zonec: done with 3 errors.
/etc/nsd/nsd.db is unmodified

The errors are quite obvious; named-xfer does not correctly comment out
records it does not understand; but how do I get a named-xfer that will 
fetch the data correctly (and not complain about rren 47 and 46 above 
delegation) for zonec to compile? 

Regards, 
-- 
Måns Nilsson         Systems Specialist
+46 70 681 7204         KTHNOC
                        MN1334-RIPE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20050106/a761464b/attachment.bin>