On Thu, 2019-01-31 at 21:12 +0530, Mukund Sivaraman wrote: > On Thu, Jan 31, 2019 at 10:30:30AM -0500, Jim Popovitch via bind- > users wrote: > > On Thu, 2019-01-31 at 19:14 +0530, rams wrote: > > > Hi, > > > I have setup sshfp records as follows in bind zone file: > > > > > > test1.ramesh-sshfp.com. 86400 IN SSHFP 1 1 aa > > > test2.ramesh-sshfp.com. 86400 IN SSHFP 1 1 00 > > > > > > Successfully started bind but when queried for domain test1 and > > > test2 > > > , returning malformed error and no answer. If fingerprint value > > > wrong > > > then bind should validate and should not start. Is it expected > > > behavior? Kindly confirm. > > > > Bind will restart cleanly unless you muck up something in the > > config file(s). In this case you have something wrong in a zone > > file, and we can't see what it is because the domain you specified > > is invalid. So, until you show us some data my best guess is that > > you have a formatting error in a zone file(s). > > > > Help us help you by specifying the actual domain. > > The original poster is right. Something is broken in SSHFP > processing. He's configured a zone with the above records, and > querying against that zone is causing dig to print that the reply is > malformed. > BIND should never return a malformed message, so there is a bug > somewhere.
The malformed messages are from dig (v9.8.2rc1-RedHat-9.8.2- 0.30.rc1.el6_6.3) Warning: Message parser reports malformed message packet. WARNING: Messages has 55 extra bytes at end We know nothing yet about the BIND setup/version/zone/etc/ For all we know the zone is fat fingered. -Jim P. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users