<div dir="auto">Thank you Mukund,Jim and Alan to look my issue.<div dir="auto"><br></div><div dir="auto">We are seeing the issue only when sshfp fingerprint value less than 4 characters.</div><div dir="auto"><br></div><div dir="auto">It is working fine value with >=4 characters.</div><div dir="auto"><br></div><div dir="auto">Ex: <a href="http://test3.ramesh-sshfp.com">test3.ramesh-sshfp.com</a> SSHFP 1 1 aaaa ---- WORKING FINE</div><div dir="auto"><br></div><div dir="auto">I am guessing there is bug in bind and posted in bugs list .</div><div dir="auto"><br></div><div dir="auto">Regards,</div><div dir="auto">Ramesh</div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, 31 Jan 2019, 7:14 pm rams <<a href="mailto:bramesh80@gmail.com">bramesh80@gmail.com</a> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Hi,<br></div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>I have setup sshfp records as follows in bind zone file:</div><div><br></div><div><div><a href="http://test1.ramesh-sshfp.com" target="_blank" rel="noreferrer">test1.ramesh-sshfp.com</a>. 86400 IN SSHFP 1 1 aa</div><div><a href="http://test2.ramesh-sshfp.com" target="_blank" rel="noreferrer">test2.ramesh-sshfp.com</a>. 86400 IN SSHFP 1 1 00</div></div><div><br></div><div>Successfully started bind but when queried for domain test1 and test2 , returning malformed error and no answer. If fingerprint value wrong then bind should validate and should not start. Is it expected behavior? Kindly confirm.</div><div><br></div><div>Bind responses</div><div><div>[qa][root@regression-bind-useast1a01-01 zones]# dig @localhost <a href="http://test2.ramesh-sshfp.com" target="_blank" rel="noreferrer">test2.ramesh-sshfp.com</a>. sshfp</div><div>;; Warning: Message parser reports malformed message packet.</div><div><br></div><div>; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost <a href="http://test2.ramesh-sshfp.com" target="_blank" rel="noreferrer">test2.ramesh-sshfp.com</a>. sshfp</div><div>; (2 servers found)</div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49768</div><div>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0</div><div>;; WARNING: Messages has 55 extra bytes at end</div><div><br></div><div>;; QUESTION SECTION:</div><div>;<a href="http://test2.ramesh-sshfp.com" target="_blank" rel="noreferrer">test2.ramesh-sshfp.com</a>. IN SSHFP</div><div><br></div><div>;; Query time: 0 msec</div><div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div><div>;; WHEN: Thu Jan 31 13:29:18 2019</div><div>;; MSG SIZE rcvd: 107</div><div><br></div><div>[qa][root@regression-bind-useast1a01-01 zones]# dig @localhost <a href="http://test1.ramesh-sshfp.com" target="_blank" rel="noreferrer">test1.ramesh-sshfp.com</a>. sshfp</div><div>;; Warning: Message parser reports malformed message packet.</div><div><br></div><div>; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost <a href="http://test1.ramesh-sshfp.com" target="_blank" rel="noreferrer">test1.ramesh-sshfp.com</a>. sshfp</div><div>; (2 servers found)</div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23302</div><div>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0</div><div>;; WARNING: Messages has 55 extra bytes at end</div><div><br></div><div>;; QUESTION SECTION:</div><div>;<a href="http://test1.ramesh-sshfp.com" target="_blank" rel="noreferrer">test1.ramesh-sshfp.com</a>. IN SSHFP</div><div><br></div><div>;; Query time: 0 msec</div><div>;; SERVER: 127.0.0.1#53(127.0.0.1)</div><div>;; WHEN: Thu Jan 31 13:29:23 2019</div><div>;; MSG SIZE rcvd: 107</div><div><br></div><div>[qa][root@regression-bind-useast1a01-01 zones]#</div></div><div><br></div><div>Regards,</div><div>Ramesh</div></div></div></div>
</div></div>
</blockquote></div>