domainkeys and check-names
Barry Margolin
barmar at alum.mit.edu
Sat Mar 15 04:14:42 UTC 2008
In article <freh9v$1vq1$1 at sf1.isc.org>,
Matthew Boeckman <mboeckman at servicemagic.com> wrote:
> Hello List!
>
> I have read some notes in the archives of this list, as well as a
> variety of online docs about implementing domainkeys in bind9, and the
> confusion surrounding underscores as part of that.
>
> I understand that underscores are fine in zone files, but are illegal in
> host names.
>
> I understand that check-names allegedly only checks host records, and
> this is where my own confusion lies. We have a zone that we have added
> two TXT records to for our domainkeys. When I checkconf the server, I
> get the following errors about the zone:
>
> external/db.homefrontlibrary.com:17: dk._domainkey.homefrontlibrary.com:
> bad owner name (check-names)
>
> (full zone snip is below)
>
> My question is: if check-names ignores TXT records, why is it
> complaining about this?
>
> Any help is greatly appreciated!
>
> -Matthew
>
> Zone file for homefrontlibrary.com:
>
> $TTL 300 ; 6 hours
> @ IN SOA ns1.servicemagic.com. dnsadmin.servicemagic.com.
> (
> 2008031402 ; Serial
> 1200 ; Refresh
> 300 ; Retry
> 86400 ; Expire
> 3600 ) ; Minimum
> IN NS ns1.servicemagic.com.
> IN NS ns2.servicemagic.com.
> IN NS ns1.inflow.net.
> IN NS ns2.inflow.net.
> _domainkey.homefrontlibrary.com. IN TXT "t=y; o=-"
> dk._domainkey.homefrontlibrary.com. IN TXT "k=rsa; t=y;
> MFwblahblahAJBAJ9hGRFkgCwovN+ob2MN8n24WK+oSACmRblahblahblahblahblah"
>
> $ORIGIN homefrontlibrary.com.
>
> IN A 66.179.30.22
The problem is the above line. Since this line is indented, the name
comes from the previous record, which is
dk._domainkey.homefrontlibrary.com. I suspect you meant this address to
be for the zone name, so you should move this line before the TXT lines,
so that it will be a continuation of the @ records.
>
> www IN A 66.179.30.22
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list