domainkeys and check-names

Barry Margolin barmar at alum.mit.edu
Sat Mar 15 04:14:42 UTC 2008 

In article <freh9v$1vq1$1 at sf1.isc.org>,
 Matthew Boeckman <mboeckman at servicemagic.com> wrote:

> Hello List!
> 
> I have read some notes in the archives of this list, as well as a
> variety of online docs about implementing domainkeys in bind9, and the
> confusion surrounding underscores as part of that. 
> 
> I understand that underscores are fine in zone files, but are illegal in
> host names.
> 
> I understand that check-names allegedly only checks host records, and
> this is where my own confusion lies. We have a zone that we have added
> two TXT records to for our domainkeys. When I checkconf the server, I
> get the following errors about the zone:
> 
> external/db.homefrontlibrary.com:17: dk._domainkey.homefrontlibrary.com:
> bad owner name (check-names)
> 
> (full zone snip is below)
> 
> My question is: if check-names ignores TXT records, why is it
> complaining about this? 
> 
> Any help is greatly appreciated!
> 
> -Matthew
> 
> Zone file for homefrontlibrary.com:
> 
> $TTL 300 ; 6 hours
> @       IN      SOA     ns1.servicemagic.com. dnsadmin.servicemagic.com.
> (
>                                 2008031402      ; Serial
>                                 1200    ; Refresh
>                                 300     ; Retry
>                                 86400   ; Expire
>                                 3600 )  ; Minimum
>        IN      NS      ns1.servicemagic.com.
>        IN      NS      ns2.servicemagic.com.
>        IN      NS      ns1.inflow.net.
>        IN      NS      ns2.inflow.net.
> _domainkey.homefrontlibrary.com.     IN     TXT     "t=y; o=-"
> dk._domainkey.homefrontlibrary.com.  IN     TXT     "k=rsa; t=y;
> MFwblahblahAJBAJ9hGRFkgCwovN+ob2MN8n24WK+oSACmRblahblahblahblahblah"
> 
> $ORIGIN homefrontlibrary.com.
> 
>         IN      A       66.179.30.22

The problem is the above line.  Since this line is indented, the name 
comes from the previous record, which is 
dk._domainkey.homefrontlibrary.com.  I suspect you meant this address to 
be for the zone name, so you should move this line before the TXT lines, 
so that it will be a continuation of the @ records.

> 
> www     IN      A       66.179.30.22

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list