size limit on RDATA in nsupdate
Hi, I'm trying to build an automated update system for OPENPGPKEY records with BIND 9 9.9.6-P2 and "nsupate". I've verified the TSIG keys, I can add and remove TXT records with the key under the domain name. Adding a 6K PGP key as OPENPGPKEY does fail with 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1: near eof: unexpected end of input invalid rdata format: unexpected end of input Below is the debug output from nsupdate: setup_system() Creating key... namefromtext keycreate reset_system() user_interaction() do_next_command() do_next_command() do_next_command() update_addordelete() do_next_command() start_update() recvsoa() About to create rcvmsg show_message() Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44542 ;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. IN SOA ;; AUTHORITY SECTION: _openpgpkey.sys4.de.900 IN SOA danens1.sys4.de. hostmaster.sys4.de. 103 7200 3600 3542400 900 ;; TSIG PSEUDOSECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY TSIG hmac-sha256. 1424521459 300 32 1e+FXn+fpeSOtiwXfC4KsDQwyGYO8q5VtS95aqhwJGw= 44542 NOERROR 0 Found zone name: _openpgpkey.sys4.de The master is: danens1.sys4.de send_update() Sending update to 5.45.109.212#53 show_message() Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 10928 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY ANY ;; TSIG PSEUDOSECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY TSIG hmac-sha256. 1424521459 300 32 BoYO8mOklQiZXgOvcM0zGpw+wzuhVQj0Qx1yOBvCu3s= 10928 NOERROR 0 Out of recvsoa update_completed() tsig verification successful show_message() Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 10928 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;_openpgpkey.sys4.de. IN SOA ;; TSIG PSEUDOSECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY TSIG hmac-sha256. 1424521459 300 32 LAa1ANz/k/B+TwEfMSjw2A+OMPxQQgHZRuvM6uY8WMY= 10928 NOERROR 0 done_update() reset_system() user_interaction() do_next_command() update_addordelete() 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1: near eof: unexpected end of input invalid rdata format: unexpected end of input syntax error Is there an error in the "generic RR" syntax (generated by hash-slinger)? Might this be an buffer issue? -- Carsten Strotmann Email: c...@strotmann.de Blog: strotmann.de ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: size limit on RDATA in nsupdate
Addition: this is how the nsupdate line for the record looks like add f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. IN TYPE61 \# 3340 99020d[] The RDATA size after "\#" seems to be correct. -- Carsten Strotmann Email: c...@strotmann.de Blog: strotmann.de ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: size limit on RDATA in nsupdate
I doubt that it is a buffer issue. The input text buffer is 128K which should be big enough for a 64K rdata. Mark In message <86d253zbl1@strotmann.de>, Carsten Strotmann writes: > Hi, > > I'm trying to build an automated update system for OPENPGPKEY records > with BIND 9 9.9.6-P2 and "nsupate". > > I've verified the TSIG keys, I can add and remove TXT records with the > key under the domain name. > > Adding a 6K PGP key as OPENPGPKEY does fail with > > 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1: > near eof: unexpected end of input > invalid rdata format: unexpected end of input > > Below is the debug output from nsupdate: > > setup_system() > Creating key... > namefromtext > keycreate > reset_system() > user_interaction() > do_next_command() > do_next_command() > do_next_command() > update_addordelete() > do_next_command() > start_update() > recvsoa() > About to create rcvmsg > show_message() > Reply from SOA query: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44542 > ;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > ;; QUESTION SECTION: > ;f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de > . IN > SOA > > ;; AUTHORITY SECTION: > _openpgpkey.sys4.de.900 IN SOA > danens1.sys4.de. hostmaster.sys4.de. 103 7200 3600 3542400 900 > > ;; TSIG PSEUDOSECTION: > f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. > 0 > ANY TSIG hmac-sha256. 1424521459 300 32 > 1e+FXn+fpeSOtiwXfC4KsDQwyGYO8q5VtS95aqhwJGw= 44542 NOERROR 0 > > Found zone name: _openpgpkey.sys4.de > The master is: danens1.sys4.de > send_update() > Sending update to 5.45.109.212#53 > show_message() > Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 10928 > ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 > ;; UPDATE SECTION: > f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. > 0 > ANY ANY > > ;; TSIG PSEUDOSECTION: > f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. > 0 > ANY TSIG hmac-sha256. 1424521459 300 32 > BoYO8mOklQiZXgOvcM0zGpw+wzuhVQj0Qx1yOBvCu3s= 10928 NOERROR 0 > > Out of recvsoa > update_completed() > tsig verification successful > show_message() > > Reply from update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 10928 > ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 > ;; ZONE SECTION: > ;_openpgpkey.sys4.de. IN SOA > > ;; TSIG PSEUDOSECTION: > f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. > 0 > ANY TSIG hmac-sha256. 1424521459 300 32 > LAa1ANz/k/B+TwEfMSjw2A+OMPxQQgHZRuvM6uY8WMY= 10928 NOERROR 0 > > done_update() > reset_system() > user_interaction() > do_next_command() > update_addordelete() > 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1: > near eof: unexpected end of input > invalid rdata format: unexpected end of input > syntax error > > Is there an error in the "generic RR" syntax (generated by > hash-slinger)? > > Might this be an buffer issue? > > > -- > Carsten Strotmann > Email: c...@strotmann.de > Blog: strotmann.de > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: size limit on RDATA in nsupdate
On Sun, Feb 22, 2015 at 12:20:28AM +1100, Mark Andrews wrote: > > I doubt that it is a buffer issue. The input text buffer is 128K which > should be big enough for a 64K rdata. At the top of nsupdate.c, MAXCMD is (128 * 1024) in master and v9_10 whereas it is (4 * 1024) in v9_9. This is probably causing it. Carsten: Can you mail bind9-bugs@ so that a ticket is created (and we'll follow up on that)? Mukund pgplyUDYpO_fV.pgp Description: PGP signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: size limit on RDATA in nsupdate
On Sat, Feb 21, 2015 at 7:35 AM, Carsten Strotmann wrote:
> Hi,
>
> I'm trying to build an automated update system for OPENPGPKEY records
> with BIND 9 9.9.6-P2 and "nsupate".
>
> I've verified the TSIG keys, I can add and remove TXT records with the
> key under the domain name.
>
> Adding a 6K PGP key as OPENPGPKEY does fail with
>
> 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1:
> near eof: unexpected end of input
> invalid rdata format: unexpected end of input
>
> Below is the debug output from nsupdate:
>
>
I also encountered this limit in nsupdate when I attempted to create my
OPENPGPKEY record a while back (I should have sent in a bug report then).
Until the bug is fixed, I'd suggest using alternative dynamic update tools.
Here's a snippet of python code I used for myself (needs the dnspython
module):
#!/usr/bin/env python
#
import dns.query, dns.tsigkeyring, dns.update
ZONE = "huque.com."
SERVER = '127.0.0.1'
TSIGNAME = "local-ddns."
TSIGALG = "hmac-sha256."
TSIGKEY = "XXX redacted-key XXX"
QNAME = "4f7c2705c0f139ede60573f8537a0790fb64df5d4a819af951d259bc._
openpgpkey.huque.com."
GEN_RDATA = "\# 2229 99010d04"
keyring = dns.tsigkeyring.from_text({TSIGNAME : TSIGKEY})
update = dns.update.Update(ZONE, keyring=keyring,
keyalgorithm=dns.name.from_text(TSIGALG))
update.add(QNAME, 3600, 61, GEN_RDATA)
response = dns.query.tcp(update, SERVER)
print response.rcode() # should be zero
Shumon Huque
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: size limit on RDATA in nsupdate
Hello Mukund, Mukund Sivaraman writes: > On Sun, Feb 22, 2015 at 12:20:28AM +1100, Mark Andrews wrote: >> >> I doubt that it is a buffer issue. The input text buffer is 128K which >> should be big enough for a 64K rdata. > > At the top of nsupdate.c, MAXCMD is (128 * 1024) in master and v9_10 > whereas it is (4 * 1024) in v9_9. This is probably causing it. > > Carsten: Can you mail bind9-bugs@ so that a ticket is created (and we'll > follow up on that)? > will do. the same update works with nsupdate from 9.9.7rc2, using the OPENPGPKEY RR Type (not the generic RR representation). -- Carsten Strotmann Email: c...@strotmann.de Blog: strotmann.de ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: size limit on RDATA in nsupdate
Hello Shumon, Shumon Huque writes: > On Sat, Feb 21, 2015 at 7:35 AM, Carsten Strotmann > wrote: > > Hi, > > I'm trying to build an automated update system for OPENPGPKEY records > with BIND 9 9.9.6-P2 and "nsupate". > > I've verified the TSIG keys, I can add and remove TXT records with the > key under the domain name. > > Adding a 6K PGP key as OPENPGPKEY does fail with > > 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1: > near eof: unexpected end of input > invalid rdata format: unexpected end of input > > Below is the debug output from nsupdate: > > I also encountered this limit in nsupdate when I attempted to create my > OPENPGPKEY record a while back (I should have sent in a bug report then). > Until the bug is fixed, I'd suggest using alternative dynamic update > tools. Here's a snippet of python code I used for myself (needs the > dnspython module): thanks, this is very useful. --- Carsten Strotmann Email: c...@strotmann.de Blog: strotmann.de ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
