On Tue, Jul 17, 2012 at 01:24:19PM +0200, Christof Meerwald wrote: > On Tue, 17 Jul 2012 13:59:51 +0300, Aki Tuomi wrote: > > On Tue, Jul 17, 2012 at 12:49:35PM +0200, Christof Meerwald wrote: > >> just noticed that doing an AXFR of a pre-signed zone results in a > >> slightly corrupted zone (corrupted NSEC3PARAM record and duplicate > >> RRSIG records). Proposed fix is attached to ticket 533 - > >> http://wiki.powerdns.com/trac/ticket/533 > > Does not look like a "fix", more like workaround for stripping DNSSEC > > data from the stream. > > Whatever you call it - RRSIG records shouldn't be duplicated during an > AXFR. For a pre-signed zone, the RRSIG records are part of the zone > data, but the signer tries to add another set of RRSIG records - so > one set of RRSIG records need to be suppressed. > > > > What PowerDNS version are you running? > > 3.1 > > > Christof >
So... Correct me if I am wrong but you are transferring a pre-signed zone with AXFR from master, and master tries to sign it again? Or did I understood you completely wrong? Can you give more details on the problem you are experiencing? Btw, it cannot sign your records without signing key. Aki
signature.asc
Description: Digital signature
_______________________________________________ Pdns-dev mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-dev
