FW: bind10-devel-20120301 and NSEC3

Spain, Dr. Jeffry A. spainj at countryday.net
Tue Mar 6 16:10:24 UTC 2012 

>> Did b10-auth leave any log message?

> I ran the following commands in bindctl:
> config set Auth/datasources [{"type": "memory", "zones": [{"origin": "countryday.net", "file": "countryday.net.db"}]}]
> config commit
> Below are the related log entries.
> 2012-03-05 22:33:19.046 ERROR [b10-auth.auth] AUTH_CONFIG_UPDATE_FAIL update of configuration failed: Server configuration failed: Failed to open master file: countryday.net.db

I did some work with strace to troubleshoot this. It turns out to be my error that the permissions of the parent directory of the zone file were such that it was not traversable by user bind under which UID b10-auth was running. I also found that the argument to "file" in the configuration command needs to be an absolute path. Thus I moved the file and fixed up the permissions, and the following worked:

config set Auth/datasources [{"type": "memory", "zones": [{"origin": "countryday.net", "file": "/var/bind10-devel/countryday.net.db"}]}]
config commit

There was, however, a different error attempting to load the zone data:
2012-03-06 10:49:57.613 ERROR [b10-cmdctl.cmdctl] CMDCTL_COMMAND_ERROR error in command set_config to module ConfigManager: Server configuration failed: Parse failure for a valid RR at line 1

It is complaining about '$ORIGIN .'. The first several lines of the zone file, produced by the bind9 utility 'named-checkzone -s relative', are as follows:
$ORIGIN .
$TTL 3600       ; 1 hour
countryday.net          IN SOA  ns1.countryday.net. hostmaster.countryday.net. (
                                2012030101 ; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                1209600    ; expire (2 weeks)
                                3600       ; minimum (1 hour)
                                )
                        NS      ns1.countryday.net.
                        NS      ns2.countryday.net.
                        A       66.246.215.247
                        MX      10 smtp.countryday.net.
                        TXT     "v=spf1 ip4:74.203.156.132 ip4:74.203.156.136 ip4:66.246.152.154 ip4:66.246.152.163 ip4:66.216.116.1
51 ip6:2001:4870:20ca:158:948f:5958:a21b:5cba ip6:2001:4870:20ca:168:14c0:57fc:e05e:5975 -all"
$ORIGIN countryday.net.
alexandria              A       74.203.156.140
...

This file does load without errors using b10-loadzone. Thus I see this as a possible bug in the in-memory zone loading process.

Thanks. Jeff.

More information about the bind10-users mailing list