Fwd: SSHFP observation
rams
bramesh80 at gmail.com
Thu Jan 31 13:44:18 UTC 2019
Hi,
I have setup sshfp records as follows in bind zone file:
test1.ramesh-sshfp.com. 86400 IN SSHFP 1 1 aa
test2.ramesh-sshfp.com. 86400 IN SSHFP 1 1 00
Successfully started bind but when queried for domain test1 and test2 ,
returning malformed error and no answer. If fingerprint value wrong then
bind should validate and should not start. Is it expected behavior? Kindly
confirm.
Bind responses
[qa][root at regression-bind-useast1a01-01 zones]# dig @localhost
test2.ramesh-sshfp.com. sshfp
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost
test2.ramesh-sshfp.com. sshfp
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49768
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: Messages has 55 extra bytes at end
;; QUESTION SECTION:
;test2.ramesh-sshfp.com. IN SSHFP
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 31 13:29:18 2019
;; MSG SIZE rcvd: 107
[qa][root at regression-bind-useast1a01-01 zones]# dig @localhost
test1.ramesh-sshfp.com. sshfp
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost
test1.ramesh-sshfp.com. sshfp
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23302
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: Messages has 55 extra bytes at end
;; QUESTION SECTION:
;test1.ramesh-sshfp.com. IN SSHFP
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 31 13:29:23 2019
;; MSG SIZE rcvd: 107
[qa][root at regression-bind-useast1a01-01 zones]#
Regards,
Ramesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190131/e624d47b/attachment.html>
More information about the bind-users
mailing list