BIND 9.7.0.rc1 TYPE=ANY query
João Damas
joao at bondis.org
Fri Dec 18 16:35:22 UTC 2009
Posting to bind-workers because this is not yet a final release
BIND 9.7.0rc1 does not seem to get the ANY query handled properly.
In v<9.7 the ANY query would also get BIND to print the DNSKEY RRset.
The queries below are against a non-production server. You can see the keys are in the zone (the AXFR at the bottom shows them) but the response to the ANY does not provide them (it provides everything else).
Additionally, the zone has been configure in named.conf as:
zone "c-l-i.net" IN {
type master;
auto-dnssec maintain;
update-policy local;
file "/opt/local/named/admin/gen-zones/c-l-i.net/c-l-i.net";
};
and there is no signing going on, neither automatically nor after issuing an rndc sign command to the server. The zone is meant to be signed with NSEC, not NSEC3, but I hope this was meant to work for any DNSSEC zone type.
The log does show:
18-Dec-2009 17:15:30.176 received control channel command 'sign c-l-i.net'
18-Dec-2009 17:15:30.176 zone c-l-i.net/IN/localnets: reconfiguring zone keys
but nothing much seems to be going on: no journal file, no new RRs in the zone
What's up?
Joao
$ dig @server c-l-i.net. any +dnssec
; <<>> DiG 9.7.0rc1 <<>> @server c-l-i.net. any +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1874
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 14
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;c-l-i.net. IN ANY
;; ANSWER SECTION:
c-l-i.net. 300 IN TXT "v=spf1 mx ~all"
c-l-i.net. 300 IN SOA ns.c-l-i.net. hostmaster.c-l-i.net. 2009121801 43200 7200 1209600 7200
c-l-i.net. 300 IN NS ns1.isc-sns.net.
c-l-i.net. 300 IN NS ns.c-l-i.net.
c-l-i.net. 300 IN NS ns2.isc-sns.com.
c-l-i.net. 300 IN NS borg.c-l-i.net.
c-l-i.net. 300 IN MX 10 shuttle.c-l-i.net.
c-l-i.net. 300 IN MX 20 borg.c-l-i.net.
c-l-i.net. 300 IN NAPTR 20 0 "S" "SIP+D2U" "" _sip._udp.c-l-i.net.
;; Query time: 1 msec
;; WHEN: Fri Dec 18 17:23:47 2009
;; MSG SIZE rcvd: 1027
$ dig @server c-l-i.net. axfr +dnssec
; <<>> DiG 9.7.0rc1 <<>> @server c-l-i.net. axfr +dnssec
; (1 server found)
;; global options: +cmd
c-l-i.net. 300 IN SOA ns.c-l-i.net. hostmaster.c-l-i.net. 2009121801 43200 7200 1209600 7200
c-l-i.net. 300 IN TXT "v=spf1 mx ~all"
c-l-i.net. 300 IN DNSKEY 256 3 5 BEAAAAPE6qVo7IfI+iGqLzPpPjZHw7xyHh5TIeCllyQlT+o1LH//EWD7 lku3a27u8H1vgQQOyumpeqBy08Ew1E5PIlQRLMD30V+IPd4jVzKyuZrv hl1AGVrrcrATUGC3uBdG5umwaHNinRo3OInMIESIRnLhPo6kt8tgGfOy 4EnkTH+moQ==
c-l-i.net. 300 IN DNSKEY 257 3 5 BEAAAAPcHhhH7sLrtAhl0kXrhBF90QAVWdTd502Rsr2vggAs967kYMBt 6fFqVRH9qqHPklQ9bmSbQBfGy8YoND3eefo3sbX4wY0uy8nZj42b4FD3 e28h7RktObicDr3jxVBuaAkGNe73SfZKGBhiqqs0fs4s/ttDW2GPZ4p/ pDi34f+MeXWdBWy5OA14fHDWA5pqxN1OJkA0HvyO7QTTnfWm2TzJLAUK IGYv0ZwZ8tcUJBuYD0EycGwp0DWaBmjAdIEFk1vhkDNbMHvKMOXUL0pt 1sGvpnx9o7KZVR6ySBcdKJyYajxx+SsitT5lZVYQlb+pMjpdztLBaMV7 6CT0HWuZjg3X
c-l-i.net. 300 IN NS ns.c-l-i.net.
c-l-i.net. 300 IN NS ns1.isc-sns.net.
c-l-i.net. 300 IN NS ns2.isc-sns.com.
c-l-i.net. 300 IN NS borg.c-l-i.net.
c-l-i.net. 300 IN MX 10 shuttle.c-l-i.net.
c-l-i.net. 300 IN MX 20 borg.c-l-i.net.
c-l-i.net. 300 IN NAPTR 20 0 "S" "SIP+D2U" "" _sip._udp.c-l-i.net.
... <snip>
c-l-i.net. 300 IN SOA ns.c-l-i.net. hostmaster.c-l-i.net. 2009121801 43200 7200 1209600 7200
;; Query time: 1 msec
;; WHEN: Fri Dec 18 17:23:50 2009
;; XFR size: 47 records (messages 1, bytes 1523)
More information about the bind-workers
mailing list