CNAME and other data

Michael Richardson mcr at sandelman.ottawa.on.ca
Thu Jan 20 16:12:21 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----


I'm seeing:
	
Jan 20 10:50:41 marajade named[6342]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: failed while receiving responses: CNAME and other data
Jan 20 10:50:41 marajade named[6342]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: end of transfer

with:

marajade-[/var/tmp] mcr 1027 %bindversion 127.0.0.1
version.bind.           0       CH      TXT     "9.3.0"

marajade-[/var/tmp] mcr 1028 %bindversion 205.150.200.254
version.bind.           0       CH      TXT     "9.3.0s20021115"

There are *no* duplicates that I can find.
(It would be nice if named would log what the conflict is)

dig @205.150.200.254 sandelman.ca. axfr  >|n1
(snippet of file inline at bottom)

The only "duplicates" are that the 9.3.0s20021115 is naturally doing
pre-TCR SIG/NXT. I think that bind 9.3. should be tolerant of zones like
that. Or at least provide a more intelligent error message.

I built bind 9.3 on 205.150.200.254, and resigned by zones.
I noticed that I had to edit K*.key -> s/KEY/DNSKEY/.
dnssec-signer complains about the K*.private file, which is confusing.

{I noticed this because my laptop is a stealth secondary for my zone,
and it got upgraded to bind 9.3 sometime in the last month, and the 
on-disk copy of the zone finally expired...}

I'm concerned that a pre-9.3.0 secondary may NOW complain that there
is CNAME + NSEC!

Jan 20 11:11:06 bud named[25400]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: failed while receiving responses: CNAME and other data

For instance 9.2.3 says:

Jan 20 11:11:06 bud named[25400]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: failed while receiving responses: CNAME and other data


===============

; <<>> DiG 9.3.0s20021115 <<>> @205.150.200.254 sandelman.ca. axfr
;; global options:  printcmd
cooperix.sandelman.ca.	7200	IN	CNAME	aragorn.sandelman.ca.
cooperix.sandelman.ca.	7200	IN	SIG	CNAME 1 3 7200 20050219143302 20050120143302 3649 sandelman.ca. kZB1YEZFJ8Uom7KfJ+pqxVIC5AqwZpq/qFUeg23ECLsy7SVQNbLfniRc 8OAYzyQXt+2Ak25R6cM8AiO2tB3UoZmOfk+fx5qMdmrbyS4NPnkCmP0+ hWCgMAjw+OdEEeCg0FM7uXQEiLTTo9zs+rrIZUcp07GF4eqnplqNKhHi JP4=
cooperix.sandelman.ca.	7200	IN	NXT	cvs.sandelman.ca. CNAME SIG NXT
cooperix.sandelman.ca.	7200	IN	SIG	NXT 1 3 7200 20050219143302 20050120143302 3649 sandelman.ca. P60ZTJhC3sJI+fPTIYp/wX5GCFCg8RmmfgM4MuFtkKbvXzPK8l5U2n7F kUeKfyyGHK6CTDS6oc/os8YG26s+CXvU626X8xNxeZbqXnuBygOYCI+o 6uecubsmlx7kK4/YXHIWBkffqAx37sOBOG7uHpNMWrj8D9cSFQDe3/mt vM8=


- -- 
] Michael Richardson          Xelerance Corporation, Ottawa, ON |  firewalls  [
] mcr @ xelerance.com           Now doing IPsec training, see   |net architect[
] http://www.sandelman.ca/mcr/    www.xelerance.com/training/   |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQe/YZIqHRg3pndX9AQEb9wQAvL/Uy/SNz5MHzxSRtuK9alyJNzcAsNlC
vT3SIU6Wjc1CRy8JImYwpYCutvSzYSkfvabcxIcAN2lpXaK7VoIiOHCIT0Zs9Yat
0JADONO3rDmYqg6Cl94YouBgGSln0gBFUKgEzUXCyZtFkTSjy4+3PqaP56iLWWwK
pKJGqNehP0Y=
=UfBs
-----END PGP SIGNATURE-----

More information about the bind-users mailing list