ISC Bind as secondary to Windows Server: bad bitmap error on named xfer.

Stoffel, John (TAI) John.Stoffel at toshiba.com
Tue May 11 22:02:46 UTC 2021 

Tony,
Thank you for your help.  I was going *insane* trying to figure out where this was coming from, and I had literally just pulled down the source to look at the code.  So now it looks like I need to find and kill any and all  NXT records in my domain.  Sigh...  So it's part of the DNSSEC setup, and it's not clear how to do an 'fsck' like scan on a Windows DNS server to look for problems like this.  

But trawling through my DNS tool on windows (which sucks... btw) I don't see any NXT records, though I see a ton of NSEC3 records.  Does anyone have a clue how I can try to find these bad record(s)?  I can do the following on my Linux secondary:

   dig AXFR foo.com @xxx.xxx.xxx.xxx > /tmp/foo.com

And it does dump some errors too, which hopefully will give me an idea of where my crappy bad record is located, and no use hiding crap:

www.cisco.toshiba.com.  3600    IN      CNAME   redirect.toshiba.com.
www.cisco.toshiba.com.  3600    IN      RRSIG   CNAME 8 4 3600 20210517093721 20210507083721 38628 t
oshiba.com. OEmGkGWSPtbjlCGVt5Ejkgncg2wRcbnfCMSm2By6Fl4gN8R1uXx/ucdN hVrdiiP8BHWTIte/fvoMrMXbMHxarPJ
C6zJn9HHdC9o2dwBoGpknTwJM DYsy8wA5byhT9f8RVLi0WxLDmncWl2vJcZM6wsKfJ5HWAklGh9YxhOar nCM=
;; Got bad packet: bad bitmap
16358 bytes
46 98 80 00 00 01 00 97 00 00 00 00 07 74 6f 73          F............tos
68 69 62 61 03 63 6f 6d 00 00 fc 00 01 08 63 69          hiba.com......ci
74 69 62 61 6e 6b c0 0c 00 05 00 01 00 00 0e 10          tibank..........
00 0b 08 72 65 64 69 72 65 63 74 c0 0c c0 1d 00          ...redirect.....
2e 00 01 00 00 0e 10 00 9f 00 05 08 03 00 00 0e          ................
10 60 a2 39 51 60 94 fc 41 96 e4 07 74 6f 73 68          .`.9Q`..A...tosh
69 62 61 03 63 6f 6d 00 83 b6 df 32 9f d9 2a 54          iba.com....2..*T
65 16 1b 28 09 ac aa b3 41 f0 85 60 e6 e2 18 ae          e..(....A..`....

-----Original Message-----
From: Tony Finch <fanf2 at hermes.cam.ac.uk> On Behalf Of Tony Finch
Sent: Tuesday, May 11, 2021 5:24 PM
To: Stoffel, John (TAI) <John.Stoffel at toshiba.com>
Cc: bind-users at lists.isc.org
Subject: Re: ISC Bind as secondary to Windows Server: bad bitmap error on named xfer.

Stoffel, John (TAI) <John.Stoffel at toshiba.com> wrote:

> failed while receiving responses: bad bitmap
>
> None of my googling has given me any hints on what this error could be.

I had to look at the source, which told me it's to do with NXT records which are super obsolete, so I wonder what weird stuff is in the zone that might cause this.

(The NXT record was a predecessor of NSEC; NXT was badly designed so it is unable to support all possible DNS RR types, which is why it needed
replacing.)

$ rg 'bad bitmap'
lib/dns/result.c:137:	"bad bitmap",	     /*%< 94 DNS_R_BADBITMAP */
$ rg BADBITMAP
lib/dns/include/dns/result.h:132:#define DNS_R_BADBITMAP		(ISC_RESULTCLASS_DNS + 94)
lib/dns/rdata/generic/nxt_30.c:154:		return (DNS_R_BADBITMAP);
lib/dns/result.c:137:	"bad bitmap",	     /*%< 94 DNS_R_BADBITMAP */
lib/dns/result.c:278:	"DNS_R_BADBITMAP",

Tony.
--
f.anthony.n.finch  <dot at dotat.at>  https://urldefense.com/v3/__https://dotat.at/__;!!BiNunAf9XXY-!VH-JqRCMfVb-2Su9Du-D3OA4DlJi6q3lXIg4s9pjD9fwN1atleDmzsKASzloojK1C1WS$
Viking, North Utsire, South Utsire: Southerly or southeasterly 3 to 5 becoming variable 2 to 4, then northerly 5 to 7 later in Viking and northern North Utsire. Moderate or rough in Viking and northern North Utsire, slight or moderate elsewhere. Showers, fog patches. Moderate or good, occasionally very poor.

More information about the bind-users mailing list