dnssec-signzone: sorting order
Mark Andrews
Mark_Andrews at isc.org
Fri Sep 5 00:58:21 UTC 2008
> Hi,
>
> I have two installations of Bind 9.3.4 (Debian Etch) and one server
> seems ok, but second one will not put SOA as the first record in signed
> zone.
> I have no idea why.
>
> What happens is that I have a simple zone :
>
> ; zone 'sample.cz'
> $TTL 86400
>
> @ IN SOA ns.s.cz. hostmaster.s.cz. (
> 2002083003 ; Serial
> 28800 ; Refresh 8 hours
> 7200 ; Retry 2 hours
> 604800 ; Expire 7 days
> 86400) ; Negative Cache TTL 1 day
>
> IN NS ns.s.cz.
> IN NS ns2.s.cz.
>
> @ IN A 192.168.1.1
> www IN CNAME test.s.cz.
>
>
> And result after using dnssec-signzone is:
>
> ; File written on Thu Sep 4 21:34:53 2008
> ; dnssec_signzone version 9.3.4-P1.1
> www.sample.cz. 86400 IN CNAME test.s.cz.
> 86400 RRSIG CNAME 5 3 86400 20081004183453 (
> 20080904183453 41106 sample.cz.
>
> bCF4kHTZ8IodhU59RTxGUiVJYVcXdTyhUGu5
>
> 0OkkyV+CZ+JKGGFdBQSV/i9WZNY32BIrGGWU
>
> ug3zHC3uQdpA68g3Vf1a6KphKz2ZtMc4MBb3
>
> MAi2jh3HHdOonYx9ZuqNgi81qrGPs1XVc1D7
> H4fVZDoDwrXjPqgHHBPsbsW+jGw= )
> 86400 NSEC sample.cz. CNAME RRSIG NSEC
> 86400 RRSIG NSEC 5 3 86400 20081004183453 (
> 20080904183453 41106 sample.cz.
>
> Yk4uwpqTlJKz2PkpGis+lTgwOzvfGUJj8xSm
>
> FhNsKL/9D4f0mS8nwYQnqfJInbAilLMZo+XV
>
> LZMfZw1fogsutDV0aKEkqMZtQEznikG/ShdZ
>
> qkI6TCQKwrfS475+gla0gH+0xCZ//37DvySY
> xp1X/3l3nxaVq2kUFD8fnBgiu/E= )
> sample.cz. 86400 IN SOA ns.s.cz. hostmaster.s.cz. (
>
> Is it bug/config issue or order doesn't matter ? And as I said other
> server (same OS + Bind) is ok :/
The order doesn't matter.
> Thanks.
>
> Regards,
>
> Michal
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list