[Opendnssec-user] Diagnosing syntax error in zone file

Sun, 11 Sep 2016 18:07:43 -0700 

Hello,
I am a new opendnssec user looking for help solving what seems like a syntax error in my zone file that is preventing ods-signerd from reading the file and signing the zone. 


I use Debian 8.5 and have installed the bind9 (1:9.9.5.dfsg-9+deb8u6), 
opendnssec (1:1.4.6-6), and softhsm (1.3.7-2+deb8u1) packages from the 
Debian Jessie repository.


The zonefile is attached.


When I run named-checkzone, the output is as follows, which leads me to 
believe the syntax of the zone file is fine:



zone lettersblogatory.com/IN: 'lettersblogatory.com' found SPF/TXT 
record but no SPF/SPF record found, add matching type SPF record

zone lettersblogatory.com/IN: loaded serial 2016091110
OK

Here are the relevant lines from syslog:


Sep 11 20:27:50 panda ods-signerd: [namedb] zone lettersblogatory.com 
unable to use unixtime as serial: 1473640070 does not increase 
2016091110. Serial set to 2016091111
Sep 11 20:27:50 panda ods-signerd: [adapter] error parsing RR at line 37 
(Syntax error, could not parse the RR's rdata): 
201608._domainkey#011#011#011#011IN#011TXT#011"v=DKIM1; k=rsa; s=email; 
""p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG1m0o2ShF92gB0BFcbOSyHm84c3UDYptHoHs9diQxHp4Hl8oHIHcS4uKIWRluzFYSPFKzpQKkaIrjHhttps://panda.blogatory.com/roundcube/?_task=mail&_action=compose&_id=157614925157d5f9460031e#pJ4manINdKE5K/TKkHc4k3PDPdcs7y0zzYfF0eIkHQCVgFskgeuGnPIF4NaNSKQygpBj2aWu60XIcaF6R+HzRv1xmY0F+gAmZ+XPxBs2K0Wcos/G15rLpWn4cT93JNS""XHawRN4SwaRSQ+E3thJ+9i1KBC2ryYcOEf9gvFLWJorlbsw9YEKEpZxceY/ulhoCWuK8Y526IGhXHpNLzi44N2WY8JWpSu3Edm+K62tqItS9K3RaeUUjXyXoNc4zZAFgzAA9IBOwIDAQAB";
Sep 11 20:27:50 panda ods-signerd: [adapter] error reading RR at line 43 
(Syntax error, could not parse the RR's rdata): 
_dmarc#011#011#011#011#011#011IN#011TXT#011"v=DMARC1; p=none; fo=1; 
rua=mailto:[email protected]";
Sep 11 20:27:50 panda ods-signerd: [tools] unable to read zone 
lettersblogatory.com: adapter failed (General error)
Sep 11 20:27:50 panda ods-signerd: [worker[1]] CRITICAL: failed to sign 
zone lettersblogatory.com: General error
Sep 11 20:27:50 panda ods-signerd: [worker[1]] backoff task [read] for 
zone lettersblogatory.com with 960 seconds




Is there some difference between the syntax rules for BIND and 
opendnssec? Any help would be greatly appreciated. I have not been able 
to find an answer in the documentation or via Google.


Thank you!
$TTL 300
$ORIGIN lettersblogatory.com.

@       IN      SOA     ns1.linode.com. hostmaster.lettersblogatory.com. (
                                        2016091110      ; serial
                                        1200            ; refresh from master
                                        300             ; retry interval for 
refresh from master
                                        1209600         ; expiry in case master 
has downtime
                                        300             ; negative cache
                                        )


;       Nameservers

        IN      NS      ns1.linode.com.
        IN      NS      ns2.linode.com.
        IN      NS      ns3.linode.com.
        IN      NS      ns4.linode.com.
        IN      NS      ns5.linode.com.

;       Address records

@       IN      A       45.33.79.32
@       IN      AAAA    2600:3c03::f03c:91ff:fe79:3e83

;       Canonical name for CDN

static  IN      CNAME   d3hrmjjaud62qc.cloudfront.net.

;       Mail exchange records

@       IN      MX      10 panda.blogatory.com.

;       SPF, DKIM and DMARC records for mail authentication

@                                               IN      TXT     "v=spf1 mx 
include:amazonses.com -all"
201608._domainkey                               IN      TXT     "v=DKIM1; 
k=rsa; s=email; 
""p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG1m0o2ShF92gB0BFcbOSyHm84c3UDYptHoHs9diQxHp4Hl8oHIHcS4uKIWRluzFYSPFKzpQKkaIrjHpJ4manINdKE5K/TKkHc4k3PDPdcs7y0zzYfF0eIkHQCVgFskgeuGnPIF4NaNSKQygpBj2aWu60XIcaF6R+HzRv1xmY0F+gAmZ+XPxBs2K0Wcos/G15rLpWn4cT93JNS""XHawRN4SwaRSQ+E3thJ+9i1KBC2ryYcOEf9gvFLWJorlbsw9YEKEpZxceY/ulhoCWuK8Y526IGhXHpNLzi44N2WY8JWpSu3Edm+K62tqItS9K3RaeUUjXyXoNc4zZAFgzAA9IBOwIDAQAB"
5kmwzc7asqraaryyq6prtzntaufweds3._domainkey     IN      TXT     
"5kmwzc7asqraaryyq6prtzntaufweds3.dkim.amazonses.com"
5z3i2im7mdtswirg42ffjmnm2rqdwlcz._domainkey     IN      TXT     
"5z3i2im7mdtswirg42ffjmnm2rqdwlcz.dkim.amazonses.com"
ubowohqscso3mricgqj7bvaaxtgvybh7._domainkey     IN      TXT     
"ubowohqscso3mricgqj7bvaaxtgvybh7.dkim.amazonses.com"

_amazonses                                      IN      TXT     
"leND/hWoVD5S2JW/1HjP+CNZEA83S390KyA+OlxqpGk="
_dmarc                                          IN      TXT     "v=DMARC1; 
p=none; fo=1; rua=mailto:[email protected]";

_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user






















					Reply via email to