AXFR of pre-signed zones #533

Closed
Habbie opened this Issue Apr 26, 2013 · 5 comments

Projects

None yet

1 participant

@Habbie
Member
Habbie commented Apr 26, 2013

AXFR of pre-signed zones results in duplicate RRSIG records and corrupted NSEC3PARAM record - proposed fix attached.

@Habbie Habbie was assigned Apr 26, 2013
@Habbie Habbie closed this Apr 26, 2013
@Habbie
Member
Habbie commented Apr 26, 2013

Attachment 'proposed fix for AXFR of pre-signed zones' (presigned-axfr) https://gist.github.com/5466774

@Habbie
Member
Habbie commented Apr 26, 2013

Author: peter
Hello,

I don't fully get what the problem is here - are you slaving a presigned zone while you your slave also has keys for it? This is currently considered a misconfiguration. Your patch, however, destroys actual presigned usage.

Closing ticket as invalid; I suggest sending pdns-users an email with your full setup details and an explanation of your issues, so that we may help you further.

@Habbie
Member
Habbie commented Apr 26, 2013

Author: peter
Reading pdns-dev and discussing with Ruben on IRC cleared up the issue for me. Not sure the patch has the right approach but it does not seem wrong :) Reopening!

@Habbie
Member
Habbie commented Apr 26, 2013

Author: anon
I could not find the duplicate RRSIGs and/or NSEC3PARAM's when i'm AXFR'ing from the signing master.

I did find that an any query to a pre-signed slave results in duplicate ANY records.
I've tried to create a patch for this:
https://github.com/Habbie/powerdns/pull/45.diff

@Habbie
Member
Habbie commented Apr 26, 2013

Author: peter
As far as I can tell, this has been resolved in r2709 and surrounding commits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment