-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/04/2014 11:54 PM, Mark Andrews wrote: > In message <545954b0.8080...@offerman.com>, "Adrian (Aad) Offerman" > writes: > > named keeps refusing my zone file in which I included a DANE > record: > > [root]# named-checkzone offerman.com db.offerman.com > db.offerman.com:59: _443._tcp.offerman.com: bad owner name > (check-names) db.offerman.com:60: _443._tcp.offerman.com: bad owner > name (check-names) zone offerman.com/IN: loaded serial 2014110103 > OK [root]# > > This appears to be caused by the underscores used in the > port/protocol combination. > > Here's what the record looks like: > > _443._tcp IN TLSA 3 0 1 > a66939453856cd6b0f78427eb38d3a9921cfb8bab928d24017a172647e323ce > >> Well that isn't a valid TLSA record. It has a bad hex encoding. >> There are 63 hex digits. Just an error in the cutting/pasting, in the mail message that is. >> TLSA records themselves are not subject to check-names >> processing so I suggest that you look at the reported lines in >> the file to find out what is actually there. > >> In the example below it is the A record which has inherited the >> _443._tcp owner name. Ah, that did the job! :-) Inserting a block of TLSA records at the wrong place screwed up the inheritance for the next record. Thanks! Adrian >> Mark > >> [rock:~/git/bind9] marka% bin/check/named-checkzone ccccc.db >> ccccc.db ccccc.db:1: no TTL specified; using SOA MINTTL instead >> dns_rdata_fromtext: ccccc.db:3: near eol: bad hex encoding >> ccccc.db:4: _443._tcp.ccccc.db: bad owner name (check-names) zone >> ccccc.db/IN: loading from master file ccccc.db failed: bad hex >> encoding zone ccccc.db/IN: not loaded due to errors. >> [rock:~/git/bind9] marka% > >> @ IN SOA . . 0 0 0 0 0 @ IN NS . _443._tcp IN TLSA 3 0 1 >> a66939453856cd6b0f78427eb38d3a9921cfb8bab928d24017a172647e323ce >> IN A 1.2.3.4 > > > It was created first using this: tlsa --create --output rfc > offerman.com later using this: ldns-dane create offerman.com 443 > both resulting in the same record, and both outputs resulting in > the same error. > > I've upgraded the named version (on CentOS 6.6) from 9.8.2 to > 9.9.6, but all to no avail :-( > > [root]# named-checkzone -v 9.9.6-RedHat-9.9.6-0.el6 > > Am I trying to do something here that is not yet supported or am I > overlooking something? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUe0v1AAoJECfzYtonqXzEKHgIAJyjwFIgXbZ1eO01eR8JO4Au s51DVqywT7/0nVfF55Zi6N8mOi9GygYJjSEFJ4lL6g2BI2TaNVzeAQqGp9oJ8UUf GzJOjLkb7UyPy5OXYjkIj4a2f7t8Eyk7kRXYhfDaPccox87R8NkIWkCftSrfgBEq LwwTlHrtf2QUi5QxzhsNP/ljuC5mF0EW2ipa3kEggTgHwQ3Sg9pSvxWwP8LVFRn4 RW1ng/9iALxrgQLS7qjEc29vTfj0emRskQEXOgS/Ipt0U9b2Ep5l8uHsULH0jNwP BJ5+QPJFETlHd6hqKNjpAsVBrZJ+fY4QgIC8Ig8nkWY4gBLtZ55qkb6zIbOFL4Y= =YVKh -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users