dnssec-signzone: sorting order

Thu Sep 4 19:44:02 UTC 2008

Hi,

I have two installations of Bind 9.3.4 (Debian Etch) and one server
seems ok, but second one will not put SOA as the first record in signed
zone.
I have no idea why.

What happens is that I have a simple zone :

; zone 'sample.cz'
$TTL    86400

@       IN      SOA     ns.s.cz.        hostmaster.s.cz.        (
                        2002083003      ; Serial
                             28800      ; Refresh               8 hours
                              7200      ; Retry                 2 hours
                            604800      ; Expire                7 days
                             86400)     ; Negative Cache TTL    1 day

                        IN      NS      ns.s.cz.
                        IN      NS      ns2.s.cz.

@                       IN      A       192.168.1.1
www                     IN      CNAME   test.s.cz.

And result after using dnssec-signzone is:

; File written on Thu Sep  4 21:34:53 2008
; dnssec_signzone version 9.3.4-P1.1
www.sample.cz.          86400   IN CNAME test.s.cz.
                        86400   RRSIG   CNAME 5 3 86400 20081004183453 (
                                        20080904183453 41106 sample.cz.

bCF4kHTZ8IodhU59RTxGUiVJYVcXdTyhUGu5

0OkkyV+CZ+JKGGFdBQSV/i9WZNY32BIrGGWU

ug3zHC3uQdpA68g3Vf1a6KphKz2ZtMc4MBb3

MAi2jh3HHdOonYx9ZuqNgi81qrGPs1XVc1D7
                                        H4fVZDoDwrXjPqgHHBPsbsW+jGw= )
                        86400   NSEC    sample.cz. CNAME RRSIG NSEC
                        86400   RRSIG   NSEC 5 3 86400 20081004183453 (
                                        20080904183453 41106 sample.cz.

Yk4uwpqTlJKz2PkpGis+lTgwOzvfGUJj8xSm

FhNsKL/9D4f0mS8nwYQnqfJInbAilLMZo+XV

LZMfZw1fogsutDV0aKEkqMZtQEznikG/ShdZ

qkI6TCQKwrfS475+gla0gH+0xCZ//37DvySY
                                        xp1X/3l3nxaVq2kUFD8fnBgiu/E= )
sample.cz.              86400   IN SOA  ns.s.cz. hostmaster.s.cz. ( 

Is it bug/config issue or order doesn't matter ? And as I said other
server (same OS + Bind) is ok :/

Thanks.

Regards,

Michal