TSIG for the Xfrin module?

JINMEI Tatuya / 神明達哉 jinmei at isc.org
Mon Dec 12 18:59:05 UTC 2011


At Sat, 10 Dec 2011 03:10:13 +0000,
"Spain, Dr. Jeffry A." <spainj at countryday.net> wrote:

> > Yes, that's another known bug.  But that aside, this seems strange to me...I thought it couldn't happen for a transfer from a BIND 9 master.  It might be a bug in BIND 10.  If you can reproduce it, can you apply the patch (which will fix the log format error) and see which RR causes the log?
> 
> I rebuilt my bind10 server, including the patch you supplied. The log message in question now reads as follows:
> 
> 2011-12-09 21:46:27.811 WARN  [b10-xfrin.libxfrin] LIBXFRIN_DIFFERENT_TTL multiple data with different TTLs (0, 3600) on jaspain.net./IN. Adjusting 3600 -> 0.
> 
> Copied below is the jaspain.net. zone file as transferred from the
> master followed by the zone data from the bind10 localhost. Note the
> record "jaspain.net. 0 IN RRSIG TYPE65534" with a TTL of zero on the
> master, and that the bind10 server has adjusted this TTL to 3600.

Ah, okay, thanks.  That's a BIND 10's bug.

> jaspain.net.            3600    IN      RRSIG   SOA
> jaspain.net.            0       IN      RRSIG   TYPE65534

It should distinguish RRSIGs for different covered types.

I've created a ticket for this:
http://bind10.isc.org/ticket/1502

While it's weird, however, this shouldn't be a critical problem for
your experiments because the RRSIG TTLs won't affect validation
results (unless you heavily rely on the 0-TTL of that particular RRSIG
for some other reason).

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.



More information about the bind10-users mailing list