CNAME and other data
Michael Richardson
mcr at sandelman.ottawa.on.ca
Thu Jan 20 16:12:21 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
I'm seeing:
Jan 20 10:50:41 marajade named[6342]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: failed while receiving responses: CNAME and other data
Jan 20 10:50:41 marajade named[6342]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: end of transfer
with:
marajade-[/var/tmp] mcr 1027 %bindversion 127.0.0.1
version.bind. 0 CH TXT "9.3.0"
marajade-[/var/tmp] mcr 1028 %bindversion 205.150.200.254
version.bind. 0 CH TXT "9.3.0s20021115"
There are *no* duplicates that I can find.
(It would be nice if named would log what the conflict is)
dig @205.150.200.254 sandelman.ca. axfr >|n1
(snippet of file inline at bottom)
The only "duplicates" are that the 9.3.0s20021115 is naturally doing
pre-TCR SIG/NXT. I think that bind 9.3. should be tolerant of zones like
that. Or at least provide a more intelligent error message.
I built bind 9.3 on 205.150.200.254, and resigned by zones.
I noticed that I had to edit K*.key -> s/KEY/DNSKEY/.
dnssec-signer complains about the K*.private file, which is confusing.
{I noticed this because my laptop is a stealth secondary for my zone,
and it got upgraded to bind 9.3 sometime in the last month, and the
on-disk copy of the zone finally expired...}
I'm concerned that a pre-9.3.0 secondary may NOW complain that there
is CNAME + NSEC!
Jan 20 11:11:06 bud named[25400]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: failed while receiving responses: CNAME and other data
For instance 9.2.3 says:
Jan 20 11:11:06 bud named[25400]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: failed while receiving responses: CNAME and other data
===============
; <<>> DiG 9.3.0s20021115 <<>> @205.150.200.254 sandelman.ca. axfr
;; global options: printcmd
cooperix.sandelman.ca. 7200 IN CNAME aragorn.sandelman.ca.
cooperix.sandelman.ca. 7200 IN SIG CNAME 1 3 7200 20050219143302 20050120143302 3649 sandelman.ca. kZB1YEZFJ8Uom7KfJ+pqxVIC5AqwZpq/qFUeg23ECLsy7SVQNbLfniRc 8OAYzyQXt+2Ak25R6cM8AiO2tB3UoZmOfk+fx5qMdmrbyS4NPnkCmP0+ hWCgMAjw+OdEEeCg0FM7uXQEiLTTo9zs+rrIZUcp07GF4eqnplqNKhHi JP4=
cooperix.sandelman.ca. 7200 IN NXT cvs.sandelman.ca. CNAME SIG NXT
cooperix.sandelman.ca. 7200 IN SIG NXT 1 3 7200 20050219143302 20050120143302 3649 sandelman.ca. P60ZTJhC3sJI+fPTIYp/wX5GCFCg8RmmfgM4MuFtkKbvXzPK8l5U2n7F kUeKfyyGHK6CTDS6oc/os8YG26s+CXvU626X8xNxeZbqXnuBygOYCI+o 6uecubsmlx7kK4/YXHIWBkffqAx37sOBOG7uHpNMWrj8D9cSFQDe3/mt vM8=
- --
] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [
] mcr @ xelerance.com Now doing IPsec training, see |net architect[
] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQe/YZIqHRg3pndX9AQEb9wQAvL/Uy/SNz5MHzxSRtuK9alyJNzcAsNlC
vT3SIU6Wjc1CRy8JImYwpYCutvSzYSkfvabcxIcAN2lpXaK7VoIiOHCIT0Zs9Yat
0JADONO3rDmYqg6Cl94YouBgGSln0gBFUKgEzUXCyZtFkTSjy4+3PqaP56iLWWwK
pKJGqNehP0Y=
=UfBs
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list