transfer signed zone

tlarsen at dns-research.com tlarsen at dns-research.com
Sat Jan 18 04:49:03 UTC 2014 

Question in better format.


-------- Original Message --------
Subject: transfer signed zone
From: <tlarsen at dns-research.com>
Date: Fri, January 17, 2014 6:49 pm
To: bind-users at isc.org

Receiving the following lines when transferring from a non-BIND server.
Is there a way to identify the "extra input data"?



Jan 17 17:16:35 had4 named[6497]: running
Jan 17 17:16:35 had4 named[6497]: zone example.com/IN: Transfer started.
Jan 17 17:16:35 had4 named[6497]: transfer of 'example.com/IN' from
10.0.20.22#53: connected using 10.0.20.23#50917
Jan 17 17:16:35 had4 named[6497]: transfer of 'example.com/IN' from
10.0.20.22#53: failed while receiving responses: extra input data
Jan 17 17:16:35 had4 named[6497]: transfer of 'example.com/IN' from
10.0.20.22#53: Transfer completed: 6 messages, 16 records, 2046 bytes,
0.005 secs (409200 bytes/sec)



Here's the dig output.



[root at had4 local]# dig @10.0.20.22 AXFR example.com

; <<>> DiG 9.9.4-P2 <<>> @10.0.20.22 AXFR example.com
; (1 server found)
;; global options: +cmd
example.com.            86400 IN        SOA     ns1.example.com.
hostmaster.example.com. 2014011701 10800 15 604800 10800
example.com.            86400 IN        RRSIG   SOA 8 2 86400
20140417221308 20140116221308 15093 example.com.
alxE/TLfVRML1EAHCiVDEwmaOjaPdowXxfkompXG3MwJ7tDOQcFV2O2+
9F4TlB+l0nbfWi0mk7YWBk+w03God8RnUez9KZwhmrGAgEfWtH6kiO7A
LEwSPgHTS5cfQah8KGAT6o7DMWOdH0ii2EnJNzqi3gt+SR1bSPw8kTNE TOU=
example.com.            86400 IN        NS      ns.example.com.
example.com.            86400 IN        RRSIG   NS 8 2 86400
20140417221308 20140116221308 15093 example.com.
hlkdQhwcElD3bWtsIkySNJuwaXKtiVQaRiZX3IRcK8xU6UHwg4QQOt96
oNFCdCx3TZOROL3rf7OyESdL4YeSlzj9CAMuEzKPPOrcJXyILMJdGymY
JEQxMkrz+YbA9gbZwlA0Agk9bNBa51zQThsQD4bB9y3lTtOvuIcI3cxg 1Qw=
example.com.            10800 IN        NSEC    ns.example.com. NS SOA
RRSIG NSEC
example.com.            10800 IN        RRSIG   NSEC 8 2 10800
20140417221308 20140116221308 15093 example.com.
jGZPr5cSMs8vZaBcrA4ldTxz5J1u13vIimT5oeq6ZPsNODl9GGWjtrjA
a6w6ElUgpHredujLG8GnBQpwOj+6Si110omD0RioVyqtoIzdTxh5PnJw
w7ni5XWV1MpyeDVp1Nl1+CGH8tyGB1DTrVMjTvdUlOWS/fM/FGCvpyAZ WMs=
example.com.            3600  IN        DNSKEY  257 3 8
AwEAAb1H+j4Nt3UNOagcrgeJWjM1HepFd1EmG7mPYVGxhWeeJwVU6zOB
eqwqpazyuFac+o+YG5YN4xk9wjaXcgNZgEnmOVTK2QpWd/f8M/9FKGjv
OiUmTcnccYXli/w7r93Gm14hX52TdBRjtUVMEFqoTypFvTEK46e+DUsf
7/z4sItvaQM/xAhqMXmNJwuPd6HAQviPX6pR6KLz7nR10MoPbMVNUipz
ajGXUb8mTLqbRgdRdxWcJ/KSt5WgykLwGe1jSCpIPF7MDFEh7uaZQUTO
geuieKVZoVWblEK9Bv6I3VBYOx+eAXVrmSxbWz2LZlo8uaY7i6TWN+aB hgwcg+JNUKM=
example.com.            3600  IN        DNSKEY  256 3 8
AwEAAeAVPTRCtLy6aSpJbsdwNMGDmLl218uKYGa0LosgpwIKdMuyp5z4
3E06O4WAR7CMZMeWo0AJ5Ma5zVp8QFkDt77r+FR8pEemNTsFJFF0/yGz
5UjvIrTkAgkqRQRiFucS2JmYCXv5YfVINr/0bk7oY9EV8rnno44bZc92 OT6MIk7X
example.com.            3600  IN        RRSIG   DNSKEY 8 2 3600
20140417221308 20140116221308 21961 example.com.
S67jOAEUEL15uylQ4y6kno7naCR0wvsHJq74ZFHlDrfHHAHXaiDO3nxM
ikmn+kv6mULsdH6xddCwvtLmDaYokF4zsIJGdQmyXqCCg8y4A4SsivaO
uM+oO1AoXLKKo3XqNEq95gg4e70yj5FNrEk9c4zi0uT2TEOItBsZ9Y/T
8Gl2RDnLrjHf5YOO3py9SM/btwjZcu18TOJBWb9fbdYtKvntmG8tFlld
McefBwn0QJ9REmy4oXf00LKXG2xZ2E20m887j3KLzY1pYIp1GZgaRwJZ
ssfreEwQpcSoz1DD4MKAU0At3uCa7O8IcWx6VonhF0pZW+PzMVQGOriN 9bXLUg==
example.com.            3600  IN        RRSIG   DNSKEY 8 2 3600
20140417221308 20140116221308 15093 example.com.
KwBcvyQYmX7qDZaQfrS931Fyrf1B8z/PFsXX+hYTQ1y7dIhHIEtN0WBR
vyuyson0VA8PrEeUnEvWZrQL+z0Z1h9tpuFQqVWqFyBLooZATk/psPW0
7DcgXMBZ1JEq/srfJQye2MDX/iT5/+hWUJiOW+dcnIVZg2lOaehaKSQv faE=
ns.example.com.         86400 IN        A       192.168.0.1
ns.example.com.         86400 IN        RRSIG   A 8 3 86400
20140417221308 20140116221308 15093 example.com.
0KgiOQwgavCWFxd5bFTtBEMXfO4yzwC8BeKYPSMqPHSdcIsLBMF7wUAR
YV193/OM6mTJF9vRzdlUro9kfmFBnX3xC0jVkpcpj1YVP6pTGeB8KGSk
OdfC6+H658KscB2eq/XcvFtE4VktU3QPZOW8zj4GquNpNR79fan/Idh2 OXA=
ns.example.com.         10800 IN        NSEC    example.com. A RRSIG
NSEC
ns.example.com.         10800 IN        RRSIG   NSEC 8 3 10800
20140417221308 20140116221308 15093 example.com.
Tf+bAbucKKVh7HoBaE2xZNb1yxyON/x5JCPRJs9ybFi1a5eE26Thi1L0
+mrIpZVwTIwPJSfKqKO2MZePqB0fXWBq0M1HPslRbW9pjb+K+IqNSi/k
ybSshxj/fdkhown/a0wPZ2w0XAYY5Q8x3sc2UO2+GD8nJReAcNkO3hWe tKs=
example.com.            86400 IN        SOA     ns1.example.com.
hostmaster.example.com. 2014011701 10800 15 604800 10800
example.com.            86400 IN        RRSIG   SOA 8 2 86400
20140417221308 20140116221308 15093 example.com.
alxE/TLfVRML1EAHCiVDEwmaOjaPdowXxfkompXG3MwJ7tDOQcFV2O2+
9F4TlB+l0nbfWi0mk7YWBk+w03God8RnUez9KZwhmrGAgEfWtH6kiO7A
LEwSPgHTS5cfQah8KGAT6o7DMWOdH0ii2EnJNzqi3gt+SR1bSPw8kTNE TOU=
;; Query time: 10 msec
;; SERVER: 10.0.20.22#53(10.0.20.22)
;; WHEN: Fri Jan 17 18:44:36 EST 2014
;; XFR size: 15 records (messages 7, bytes 2291)








Here's the config:


options {
        directory "/opt/local";
        pid-file "server.pid";
        dnssec-enable yes;
        version "SNIP";

};


zone "z1.example.com" IN {
   type master;
        file "z1.example.com.db";
};

zone "example.com" IN {
   type slave;
        file "secondary.example.com.db";
        masters {10.0.20.22; };
};


logging {

        channel dnssec {
                file "dnssec" versions 10 size 500k;
                severity debug 3;
                print-category no;
                print-severity yes;
                print-time yes;
        };


        category dnssec {dnssec; };
        category default {default_syslog; };
};

More information about the bind-users mailing list