Fwd: SSHFP observation
Mukund Sivaraman
muks at mukund.org
Thu Jan 31 15:42:33 UTC 2019
On Thu, Jan 31, 2019 at 10:30:30AM -0500, Jim Popovitch via bind-users wrote:
> On Thu, 2019-01-31 at 19:14 +0530, rams wrote:
> > Hi,
> > I have setup sshfp records as follows in bind zone file:
> >
> > test1.ramesh-sshfp.com. 86400 IN SSHFP 1 1 aa
> > test2.ramesh-sshfp.com. 86400 IN SSHFP 1 1 00
> >
> > Successfully started bind but when queried for domain test1 and test2
> > , returning malformed error and no answer. If fingerprint value wrong
> > then bind should validate and should not start. Is it expected
> > behavior? Kindly confirm.
>
> Bind will restart cleanly unless you muck up something in the config
> file(s). In this case you have something wrong in a zone file, and we
> can't see what it is because the domain you specified is invalid. So,
> until you show us some data my best guess is that you have a formatting
> error in a zone file(s).
>
> Help us help you by specifying the actual domain.
The original poster is right. Something is broken in SSHFP
processing. He's configured a zone with the above records, and querying
against that zone is causing dig to print that the reply is malformed.
BIND should never return a malformed message, so there is a bug
somewhere.
Mukund
More information about the bind-users
mailing list