transfer signed zone
tlarsen at dns-research.com
tlarsen at dns-research.com
Sat Jan 18 04:49:03 UTC 2014
Question in better format.
-------- Original Message --------
Subject: transfer signed zone
From: <tlarsen at dns-research.com>
Date: Fri, January 17, 2014 6:49 pm
To: bind-users at isc.org
Receiving the following lines when transferring from a non-BIND server.
Is there a way to identify the "extra input data"?
Jan 17 17:16:35 had4 named[6497]: running
Jan 17 17:16:35 had4 named[6497]: zone example.com/IN: Transfer started.
Jan 17 17:16:35 had4 named[6497]: transfer of 'example.com/IN' from
10.0.20.22#53: connected using 10.0.20.23#50917
Jan 17 17:16:35 had4 named[6497]: transfer of 'example.com/IN' from
10.0.20.22#53: failed while receiving responses: extra input data
Jan 17 17:16:35 had4 named[6497]: transfer of 'example.com/IN' from
10.0.20.22#53: Transfer completed: 6 messages, 16 records, 2046 bytes,
0.005 secs (409200 bytes/sec)
Here's the dig output.
[root at had4 local]# dig @10.0.20.22 AXFR example.com
; <<>> DiG 9.9.4-P2 <<>> @10.0.20.22 AXFR example.com
; (1 server found)
;; global options: +cmd
example.com. 86400 IN SOA ns1.example.com.
hostmaster.example.com. 2014011701 10800 15 604800 10800
example.com. 86400 IN RRSIG SOA 8 2 86400
20140417221308 20140116221308 15093 example.com.
alxE/TLfVRML1EAHCiVDEwmaOjaPdowXxfkompXG3MwJ7tDOQcFV2O2+
9F4TlB+l0nbfWi0mk7YWBk+w03God8RnUez9KZwhmrGAgEfWtH6kiO7A
LEwSPgHTS5cfQah8KGAT6o7DMWOdH0ii2EnJNzqi3gt+SR1bSPw8kTNE TOU=
example.com. 86400 IN NS ns.example.com.
example.com. 86400 IN RRSIG NS 8 2 86400
20140417221308 20140116221308 15093 example.com.
hlkdQhwcElD3bWtsIkySNJuwaXKtiVQaRiZX3IRcK8xU6UHwg4QQOt96
oNFCdCx3TZOROL3rf7OyESdL4YeSlzj9CAMuEzKPPOrcJXyILMJdGymY
JEQxMkrz+YbA9gbZwlA0Agk9bNBa51zQThsQD4bB9y3lTtOvuIcI3cxg 1Qw=
example.com. 10800 IN NSEC ns.example.com. NS SOA
RRSIG NSEC
example.com. 10800 IN RRSIG NSEC 8 2 10800
20140417221308 20140116221308 15093 example.com.
jGZPr5cSMs8vZaBcrA4ldTxz5J1u13vIimT5oeq6ZPsNODl9GGWjtrjA
a6w6ElUgpHredujLG8GnBQpwOj+6Si110omD0RioVyqtoIzdTxh5PnJw
w7ni5XWV1MpyeDVp1Nl1+CGH8tyGB1DTrVMjTvdUlOWS/fM/FGCvpyAZ WMs=
example.com. 3600 IN DNSKEY 257 3 8
AwEAAb1H+j4Nt3UNOagcrgeJWjM1HepFd1EmG7mPYVGxhWeeJwVU6zOB
eqwqpazyuFac+o+YG5YN4xk9wjaXcgNZgEnmOVTK2QpWd/f8M/9FKGjv
OiUmTcnccYXli/w7r93Gm14hX52TdBRjtUVMEFqoTypFvTEK46e+DUsf
7/z4sItvaQM/xAhqMXmNJwuPd6HAQviPX6pR6KLz7nR10MoPbMVNUipz
ajGXUb8mTLqbRgdRdxWcJ/KSt5WgykLwGe1jSCpIPF7MDFEh7uaZQUTO
geuieKVZoVWblEK9Bv6I3VBYOx+eAXVrmSxbWz2LZlo8uaY7i6TWN+aB hgwcg+JNUKM=
example.com. 3600 IN DNSKEY 256 3 8
AwEAAeAVPTRCtLy6aSpJbsdwNMGDmLl218uKYGa0LosgpwIKdMuyp5z4
3E06O4WAR7CMZMeWo0AJ5Ma5zVp8QFkDt77r+FR8pEemNTsFJFF0/yGz
5UjvIrTkAgkqRQRiFucS2JmYCXv5YfVINr/0bk7oY9EV8rnno44bZc92 OT6MIk7X
example.com. 3600 IN RRSIG DNSKEY 8 2 3600
20140417221308 20140116221308 21961 example.com.
S67jOAEUEL15uylQ4y6kno7naCR0wvsHJq74ZFHlDrfHHAHXaiDO3nxM
ikmn+kv6mULsdH6xddCwvtLmDaYokF4zsIJGdQmyXqCCg8y4A4SsivaO
uM+oO1AoXLKKo3XqNEq95gg4e70yj5FNrEk9c4zi0uT2TEOItBsZ9Y/T
8Gl2RDnLrjHf5YOO3py9SM/btwjZcu18TOJBWb9fbdYtKvntmG8tFlld
McefBwn0QJ9REmy4oXf00LKXG2xZ2E20m887j3KLzY1pYIp1GZgaRwJZ
ssfreEwQpcSoz1DD4MKAU0At3uCa7O8IcWx6VonhF0pZW+PzMVQGOriN 9bXLUg==
example.com. 3600 IN RRSIG DNSKEY 8 2 3600
20140417221308 20140116221308 15093 example.com.
KwBcvyQYmX7qDZaQfrS931Fyrf1B8z/PFsXX+hYTQ1y7dIhHIEtN0WBR
vyuyson0VA8PrEeUnEvWZrQL+z0Z1h9tpuFQqVWqFyBLooZATk/psPW0
7DcgXMBZ1JEq/srfJQye2MDX/iT5/+hWUJiOW+dcnIVZg2lOaehaKSQv faE=
ns.example.com. 86400 IN A 192.168.0.1
ns.example.com. 86400 IN RRSIG A 8 3 86400
20140417221308 20140116221308 15093 example.com.
0KgiOQwgavCWFxd5bFTtBEMXfO4yzwC8BeKYPSMqPHSdcIsLBMF7wUAR
YV193/OM6mTJF9vRzdlUro9kfmFBnX3xC0jVkpcpj1YVP6pTGeB8KGSk
OdfC6+H658KscB2eq/XcvFtE4VktU3QPZOW8zj4GquNpNR79fan/Idh2 OXA=
ns.example.com. 10800 IN NSEC example.com. A RRSIG
NSEC
ns.example.com. 10800 IN RRSIG NSEC 8 3 10800
20140417221308 20140116221308 15093 example.com.
Tf+bAbucKKVh7HoBaE2xZNb1yxyON/x5JCPRJs9ybFi1a5eE26Thi1L0
+mrIpZVwTIwPJSfKqKO2MZePqB0fXWBq0M1HPslRbW9pjb+K+IqNSi/k
ybSshxj/fdkhown/a0wPZ2w0XAYY5Q8x3sc2UO2+GD8nJReAcNkO3hWe tKs=
example.com. 86400 IN SOA ns1.example.com.
hostmaster.example.com. 2014011701 10800 15 604800 10800
example.com. 86400 IN RRSIG SOA 8 2 86400
20140417221308 20140116221308 15093 example.com.
alxE/TLfVRML1EAHCiVDEwmaOjaPdowXxfkompXG3MwJ7tDOQcFV2O2+
9F4TlB+l0nbfWi0mk7YWBk+w03God8RnUez9KZwhmrGAgEfWtH6kiO7A
LEwSPgHTS5cfQah8KGAT6o7DMWOdH0ii2EnJNzqi3gt+SR1bSPw8kTNE TOU=
;; Query time: 10 msec
;; SERVER: 10.0.20.22#53(10.0.20.22)
;; WHEN: Fri Jan 17 18:44:36 EST 2014
;; XFR size: 15 records (messages 7, bytes 2291)
Here's the config:
options {
directory "/opt/local";
pid-file "server.pid";
dnssec-enable yes;
version "SNIP";
};
zone "z1.example.com" IN {
type master;
file "z1.example.com.db";
};
zone "example.com" IN {
type slave;
file "secondary.example.com.db";
masters {10.0.20.22; };
};
logging {
channel dnssec {
file "dnssec" versions 10 size 500k;
severity debug 3;
print-category no;
print-severity yes;
print-time yes;
};
category dnssec {dnssec; };
category default {default_syslog; };
};
More information about the bind-users
mailing list