Hi Yuri, > Are you able to share your full configuration? I still am not able to > reproduce the bug. And I really like to verify it first.
Perhaps I think this problem is bug which occurs only in certain configurations. In my environment, NSEC3PARAM record remains when use the DNS to Input adapter of zone. I'll add the ODS configuration files for reproduce test. install: (use mysql backend) ./configure --prefix=/ods --with-database-backend=mysql In: conf.xml -------- <?xml version="1.0" encoding="UTF-8"?> <Configuration><RepositoryList><Repository name="SoftHSM"> <Module>/ods/lib/libsofthsm.so</Module> <TokenLabel>ods</TokenLabel><PIN>****</PIN><SkipPublicKey/> </Repository></RepositoryList><Common><Logging> <Verbosity>3</Verbosity><Syslog><Facility>local0</Facility></Syslog> </Logging><PolicyFile>/ods/etc/kasp.xml</PolicyFile> <ZoneListFile>/ods/etc/zonelist.xml</ZoneListFile> </Common><Enforcer><Privileges><User>root</User><Group>root</Group> </Privileges><Datastore><MySQL><Host port="3306">127.0.0.1</Host> <Database>ods</Database><Username>****</Username> <Password>****</Password></MySQL></Datastore> <Interval>PT3600S</Interval></Enforcer><Signer><Privileges> <User>root</User><Group>root</Group></Privileges> <WorkingDirectory>/ods/tmp</WorkingDirectory> <WorkerThreads>4</WorkerThreads><Listener><Interface> <Address>127.0.0.2</Address><Port>53</Port></Interface> </Listener></Signer></Configuration> -------- In: addns.xml -------- <?xml version="1.0" encoding="UTF-8"?> <Adapter><DNS><TSIG><Name>secret.example.com</Name> <Algorithm>hmac-md5</Algorithm> <Secret>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</Secret> </TSIG><Inbound><RequestTransfer><Remote><Address>127.0.0.1</Address> <Key>secret.example.com</Key></Remote></RequestTransfer> <AllowNotify><Peer><Prefix>127.0.0.0/24</Prefix></Peer></AllowNotify> </Inbound><Outbound><ProvideTransfer><Peer> <Prefix>127.0.0.0/24</Prefix><Key>secret.example.com</Key></Peer> </ProvideTransfer><Notify><Remote><Address>127.0.0.1</Address> </Remote></Notify></Outbound></DNS></Adapter> -------- In: kasp.xml -------- <?xml version="1.0" encoding="UTF-8"?> <KASP><Policy name="default"><Description>a</Description><Signatures> <Resign>PT900S</Resign><Refresh>P1D</Refresh><Validity> <Default>P7D</Default><Denial>P7D</Denial></Validity> <Jitter>PT12H</Jitter><InceptionOffset>PT3600S</InceptionOffset> </Signatures><Denial><NSEC3><Resalt>PT900S</Resalt><Hash> <Algorithm>1</Algorithm><Iterations>5</Iterations><Salt length="8"/> </Hash></NSEC3></Denial><Keys><TTL>PT3600S</TTL> <RetireSafety>PT3600S</RetireSafety> <PublishSafety>PT3600S</PublishSafety><Purge>P14D</Purge><KSK> <Algorithm length="2048">8</Algorithm><Lifetime>P365D</Lifetime> <Repository>SoftHSM</Repository></KSK><ZSK> <Algorithm length="1024">8</Algorithm> <Lifetime>P90D</Lifetime><Repository>SoftHSM</Repository></ZSK> </Keys><Zone><PropagationDelay>PT3600S</PropagationDelay><SOA> <TTL>PT3600S</TTL><Minimum>PT3600S</Minimum><Serial>unixtime</Serial> </SOA></Zone><Parent><PropagationDelay>PT3600S</PropagationDelay> <DS><TTL>PT3600S</TTL></DS><SOA><TTL>PT3600S</TTL> <Minimum>PT3600S</Minimum></SOA></Parent></Policy></KASP> -------- In: zonelist.xml -------- <?xml version="1.0" encoding="UTF-8"?> <ZoneList><Zone name="example.com"><Policy>default</Policy> <SignerConfiguration>/ods/signconf/example.com.xml </SignerConfiguration><Adapters><Input> <Adapter type="DNS">/ods/etc/addns.xml</Adapter></Input><Output> <Adapter type="File">/ods/signed/example.com.signed</Adapter> </Output></Adapters></Zone></ZoneList> -------- Best regards, -- Nagai _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
