CDS-deletion record "CDS 0 0 0 00" is failing with bind-9.14.9 and bind-9.14.8

Mark Andrews marka at isc.org
Thu Feb 20 18:41:56 UTC 2020


Tom,
     I would run ‘rndc status’ or ‘dig ch txt version.bind @server’ and confirm
that you have restarted named with the new code.  I’ve had hundreds of 'bug
reports’ about non fixed bugs that where operators failing to restart named after
installing the new version.  The new code is in 9.16.0, 9.14.11, and 9.11.16.

I would check that the *only* CDS record is a deletion record is present.
A CDS deletion record and a non CDS deletion record is a error.  Similarly
for CDNSKEY.  A CDS/CDNSKEY deletion record and other CDS/CDNSKEY records
in a RRset make no sense.  You are either deleting all DS records or replacing
all the DS records with the CDS records, or generating a new set of DS records
from the CDNSKEY records.  You can't do both at once.

Mark

> On 21 Feb 2020, at 03:54, Ondřej Surý <ondrej at isc.org> wrote:
> 
> Hi Tom,
> 
>> On 20 Feb 2020, at 17:42, Tom <lists at verreckte-cheib.ch> wrote:
>> 
>> Hi
>> 
>> With 9.16.0, the CDS deletion (https://gitlab.isc.org/isc-projects/bind9/issues/1554) is still not working and is ending with the same error as bind-versions before:
>> 
>> 20-Feb-2020 17:31:25.381 general: error: zone example.com/IN (unsigned): CDS/CDNSKEY consistency checks failed
>> 20-Feb-2020 17:31:25.381 zoneload: error: zone example.com/IN (unsigned): not loaded due to errors.
>> 
>> In which version will this issue be fixed?
> 
> it will be included in the next version when the issue in question gets picked up by a developer,
> be triaged, test written and code fixed.  I can’t really say when this will happen, our developer
> resources are thin and there are more issues that require our attention.  That said - this is open
> source and we happily accept external contributions in a form of merge request in our gitlab instance
> (you need to ask for a permission to fork the project) or as a patch.  This seems to be fairly trivial
> bug that might be a good start if anybody wants to help fix bugs in BIND 9.
> 
> Cheers,
> Ondrej
> --
> Ondřej Surý
> ondrej at isc.org
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org



More information about the bind-users mailing list