[bind10-dev] bind10-1.0.0-beta auth server answers SERVFAIL for an empty non-terminal due to "Unexpected covering NSEC3 found" error
fujiwara at jprs.co.jp
fujiwara at jprs.co.jp
Tue Jan 22 09:05:06 UTC 2013
JPRS's BIND 10 test using JP zone found another BIND 10 bug.
BIND 10 auth server sometimes answers SERVFAIL when querying empty
non-terminals.
I made a small test zone and reproduced the phenomena.
Test zone: tld.
parameter: RSASHA256, 2048bit, NSEC3 Optout (-3 001122 -H 1 -A)
sign tool: BIND 9.8.3-P4 dnssec-keygen and dnssec-signzone
I attached tld zone file (tld.signed.gz).
Load the zone file to BIND 10 auth server and query "c.c.tld A",
you can see SERVFAIL answer and BIND 10 error message.
ERROR [b10-auth.auth/80537] AUTH_PROCESS_FAIL message processing failure: Unexpected covering NSEC3 found for c.c.tld.
BIND 9 answers empty, NO ERROR answer.
--
Kazunori Fujiwara, JPRS <fujiwara at jprs.co.jp>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tld.signed.gz
Type: application/octet-stream
Size: 5879 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20130122/71c1055a/attachment-0001.obj>
More information about the bind10-dev
mailing list