transfer signed zone
Mark Andrews
marka at isc.org
Sat Jan 18 12:40:14 UTC 2014
A zone transfer starts and ends with a SOA record. This server added
a SIG record for the SOA after the final SOA.
example.com.           86400 IN       SOA    ns1.example.com. hostmaster.example.com. 2014011701 10800 15 604800 10800
example.com.           86400 IN       RRSIG  SOA 8 2 86400 20140417221308 20140116221308 15093 example.com. alxE/TLfVRML1EAHCiVDEwmaOjaPdowXxfkompXG3MwJ7tDOQcFV2O2+ 9F4TlB+l0nbfWi0mk7YWBk+w03God8RnUez9KZwhmrGAgEfWtH6kiO7A LEwSPgHTS5cfQah8KGAT6o7DMWOdH0ii2EnJNzqi3gt+SR1bSPw8kTNE TOU=
;; Query time: 10 msec
;; SERVER: 10.0.20.22#53(10.0.20.22)
;; WHEN: Fri Jan 17 18:44:36 EST 2014
;; XFR size: 15 records (messages 7, bytes 2291)
In message <20140117164922.2cd7822c2bd73f63aacfc236a41a89ed.ca7833120a.wbe at email18.secureserver.net>, tlarse
n at dns-research.com writes:
> --===============6909298250656410026==
> Content-Transfer-Encoding: quoted-printable
> Content-Type: text/html; charset="utf-8"
>
> <html><body><span style=3D"font-family:Verdana; color:#000; font-size:10pt;=
> "><div>Receiving the following lines when transferring from a non-BIND serv=
> er. Is there a way to identify the "extra input data"?<br></div><div><br></=
> div><div>Jan 17 17:16:35 had4 named[6497]: running<br>Jan 17 17:16:35 had4 =
> named[6497]: zone <a target=3D"_blank" href=3D"http://example.com/IN">examp=
> le.com/IN</a>: Transfer started.<br>Jan 17 17:16:35 had4 named[6497]: trans=
> fer of 'example.com/IN' from 10.0.20.22#53: connected using 10.0.20.23#5091=
> 7<br>Jan 17 17:16:35 had4 named[6497]: transfer of 'example.com/IN' from 10=
> .0.20.22#53: failed while receiving responses: extra input data<br>Jan 17 1=
> 7:16:35 had4 named[6497]: transfer of 'example.com/IN' from 10.0.20.22#53: =
> Transfer completed: 6 messages, 16 records, 2046 bytes, 0.005 secs (409200 =
> bytes/sec)<br></div><div><br></div><div>Here's the dig output.</div><div><b=
> r></div><div><br>[root at had4 local]# dig @10.0.20.22 AXFR <a href=3D"http://=
> example.com">example.com</a><br><br>; <<>> DiG 9.9.4-P2 <<=
> ;>> @10.0.20.22 AXFR <a href=3D"http://example.com">example.com</a><b=
> r>; (1 server found)<br>;; global options: +cmd<br><a href=3D"http://exampl=
> e.com">example.com</a>. &nbs=
> p; 86400 IN SOA =
> <a href=3D"http://ns1.example.com">ns1.example.com</a>. =
> <a href=3D"http://hostmaster.example.com">hostmaster.example.com</a>. 20140=
> 11701 10800 15 604800 10800<br><a href=3D"http://example.com">example.com</=
> a>. 86400=
> IN RRSIG SOA 8 2 864=
> 00 20140417221308 20140116221308 15093 <a href=3D"http://example.com">examp=
> le.com</a>. alxE/TLfVRML1EAHCiVDEwmaOjaPdowXxfkompXG3MwJ7tDOQcFV2O2+ 9F4TlB=
> +l0nbfWi0mk7YWBk+w03God8RnUez9KZwhmrGAgEfWtH6kiO7A LEwSPgHTS5cfQah8KGAT6o7D=
> MWOdH0ii2EnJNzqi3gt+SR1bSPw8kTNE TOU=3D<br><a href=3D"http://example.com">e=
> xample.com</a>. =
> 86400 IN NS &nb=
> sp; <a href=3D"http://ns.example.com">ns.example.com</a>.<br><a=
> href=3D"http://example.com">example.com</a>. =
> 86400 IN =
> RRSIG NS 8 2 86400 20140417221308 20140116221308 1=
> 5093 <a href=3D"http://example.com">example.com</a>. hlkdQhwcElD3bWtsIkySNJ=
> uwaXKtiVQaRiZX3IRcK8xU6UHwg4QQOt96 oNFCdCx3TZOROL3rf7OyESdL4YeSlzj9CAMuEzKP=
> POrcJXyILMJdGymY JEQxMkrz+YbA9gbZwlA0Agk9bNBa51zQThsQD4bB9y3lTtOvuIcI3cxg 1=
> Qw=3D<br><a href=3D"http://example.com">example.com</a>. &=
> nbsp; 10800 IN &=
> nbsp; NSEC <a href=3D"http://ns.example=
> .com">ns.example.com</a>. NS SOA RRSIG NSEC<br><a href=3D"http://example.co=
> m">example.com</a>. &n=
> bsp; 10800 IN RRSIG &n=
> bsp; NSEC 8 2 10800 20140417221308 20140116221308 15093 <a href=3D"http://e=
> xample.com">example.com</a>. jGZPr5cSMs8vZaBcrA4ldTxz5J1u13vIimT5oeq6ZPsNOD=
> l9GGWjtrjA a6w6ElUgpHredujLG8GnBQpwOj+6Si110omD0RioVyqtoIzdTxh5PnJw w7ni5XW=
> V1MpyeDVp1Nl1+CGH8tyGB1DTrVMjTvdUlOWS/fM/FGCvpyAZ WMs=3D<br><a href=3D"http=
> ://example.com">example.com</a>. &=
> nbsp; 3600 IN &n=
> bsp; DNSKEY 257 3 8 AwEAAb1H+j4Nt3UNOagcrgeJWjM1HepFd1EmG7mPYVGxhWeeJ=
> wVU6zOB eqwqpazyuFac+o+YG5YN4xk9wjaXcgNZgEnmOVTK2QpWd/f8M/9FKGjv OiUmTcnccY=
> Xli/w7r93Gm14hX52TdBRjtUVMEFqoTypFvTEK46e+DUsf 7/z4sItvaQM/xAhqMXmNJwuPd6HA=
> QviPX6pR6KLz7nR10MoPbMVNUipz ajGXUb8mTLqbRgdRdxWcJ/KSt5WgykLwGe1jSCpIPF7MDF=
> Eh7uaZQUTO geuieKVZoVWblEK9Bv6I3VBYOx+eAXVrmSxbWz2LZlo8uaY7i6TWN+aB hgwcg+J=
> NUKM=3D<br><a href=3D"http://example.com">example.com</a>.  =
> ; 3600 IN =
> DNSKEY 256 3 8 AwEAAeAVPTRCtLy6aSpJbsd=
> wNMGDmLl218uKYGa0LosgpwIKdMuyp5z4 3E06O4WAR7CMZMeWo0AJ5Ma5zVp8QFkDt77r+FR8p=
> EemNTsFJFF0/yGz 5UjvIrTkAgkqRQRiFucS2JmYCXv5YfVINr/0bk7oY9EV8rnno44bZc92 OT=
> 6MIk7X<br><a href=3D"http://example.com">example.com</a>. =
> 3600 IN &=
> nbsp; RRSIG DNSKEY 8 2 3600 20140417221=
> 308 20140116221308 21961 <a href=3D"http://example.com">example.com</a>. S6=
> 7jOAEUEL15uylQ4y6kno7naCR0wvsHJq74ZFHlDrfHHAHXaiDO3nxM ikmn+kv6mULsdH6xddCw=
> vtLmDaYokF4zsIJGdQmyXqCCg8y4A4SsivaO uM+oO1AoXLKKo3XqNEq95gg4e70yj5FNrEk9c4=
> zi0uT2TEOItBsZ9Y/T 8Gl2RDnLrjHf5YOO3py9SM/btwjZcu18TOJBWb9fbdYtKvntmG8tFlld=
> McefBwn0QJ9REmy4oXf00LKXG2xZ2E20m887j3KLzY1pYIp1GZgaRwJZ ssfreEwQpcSoz1DD4=
> MKAU0At3uCa7O8IcWx6VonhF0pZW+PzMVQGOriN 9bXLUg=3D=3D<br><a href=3D"http://e=
> xample.com">example.com</a>.  =
> ; 3600 IN =
> RRSIG DNSKEY 8 2 3600 20140417221308 20140116221308 15093 <a h=
> ref=3D"http://example.com">example.com</a>. KwBcvyQYmX7qDZaQfrS931Fyrf1B8z/=
> PFsXX+hYTQ1y7dIhHIEtN0WBR vyuyson0VA8PrEeUnEvWZrQL+z0Z1h9tpuFQqVWqFyBLooZAT=
> k/psPW0 7DcgXMBZ1JEq/srfJQye2MDX/iT5/+hWUJiOW+dcnIVZg2lOaehaKSQv faE=3D<br>=
> <a href=3D"http://ns.example.com">ns.example.com</a>. &nbs=
> p; 86400 IN &nbs=
> p; A 192.168.0.1<br><a href=3D"http://n=
> s.example.com">ns.example.com</a>.  =
> ; 86400 IN RRSIG  =
> ; A 8 3 86400 20140417221308 20140116221308 15093 <a href=3D"http://example=
> .com">example.com</a>. 0KgiOQwgavCWFxd5bFTtBEMXfO4yzwC8BeKYPSMqPHSdcIsLBMF7=
> wUAR YV193/OM6mTJF9vRzdlUro9kfmFBnX3xC0jVkpcpj1YVP6pTGeB8KGSk OdfC6+H658Ksc=
> B2eq/XcvFtE4VktU3QPZOW8zj4GquNpNR79fan/Idh2 OXA=3D<br><a href=3D"http://ns.=
> example.com">ns.example.com</a>. &=
> nbsp; 10800 IN NSEC &n=
> bsp; <a href=3D"http://example.com">example.com</a>. A RRSIG NSEC<br><a hre=
> f=3D"http://ns.example.com">ns.example.com</a>. &nbs=
> p; 10800 IN RRS=
> IG NSEC 8 3 10800 20140417221308 20140116221308 15093 <a href=
> =3D"http://example.com">example.com</a>. Tf+bAbucKKVh7HoBaE2xZNb1yxyON/x5JC=
> PRJs9ybFi1a5eE26Thi1L0 +mrIpZVwTIwPJSfKqKO2MZePqB0fXWBq0M1HPslRbW9pjb+K+IqN=
> Si/k ybSshxj/fdkhown/a0wPZ2w0XAYY5Q8x3sc2UO2+GD8nJReAcNkO3hWe tKs=3D<br><a =
> href=3D"http://example.com">example.com</a>. &=
> nbsp; 86400 IN &=
> nbsp; SOA <a href=3D"http://ns1.example.com">=
> ns1.example.com</a>. <a href=3D"http://hostmaster.example.com">hostmaster.e=
> xample.com</a>. 2014011701 10800 15 604800 10800<br><a href=3D"http://examp=
> le.com">example.com</a>. &nb=
> sp; 86400 IN RRSIG&nb=
> sp; SOA 8 2 86400 20140417221308 20140116221308 15093 <a href=3D"http=
> ://example.com">example.com</a>. alxE/TLfVRML1EAHCiVDEwmaOjaPdowXxfkompXG3M=
> wJ7tDOQcFV2O2+ 9F4TlB+l0nbfWi0mk7YWBk+w03God8RnUez9KZwhmrGAgEfWtH6kiO7A LEw=
> SPgHTS5cfQah8KGAT6o7DMWOdH0ii2EnJNzqi3gt+SR1bSPw8kTNE TOU=3D<br>;; Query ti=
> me: 10 msec<br>;; SERVER: 10.0.20.22#53(10.0.20.22)<br>;; WHEN: Fri Jan 17 =
> 18:44:36 EST 2014<br>;; XFR size: 15 records (messages 7, bytes 2291)</div>=
> <div><br></div><div><br></div><div><br></div><div><br></div><div>Here's the=
> config:</div><div><br></div><div>options {<br> &nbs=
> p; directory "/opt/local";<br> &nb=
> sp; pid-file "server.pid";<br> &nb=
> sp; dnssec-enable yes;<br> versio=
> n "SNIP";<br><br>};<br><br><br>zone "z1.example.com" IN {<br> t=
> ype master;<br> file "z1.example.=
> com.db";<br>};<br><br>zone "example.com" IN {<br> type slave;<b=
> r> file "secondary.example.com.db=
> ";<br> masters {10.0.20.22; };<br=
> >};<br><br><br>logging {<br><br> =
> channel dnssec {<br> &=
> nbsp; file "dnssec" versions 10 size 500k;<br=
> > &n=
> bsp; severity debug 3;<br> &=
> nbsp; print-category no;<br=
> > &n=
> bsp; print-severity yes;<br>  =
> ; print-time yes;<br>=
> };<br><br><br> =
> category dnssec {dnssec; };<br> &=
> nbsp; category default {default_syslog; };<br>};<br><br><=
> br><br></div><div><br></div><div><br></div></span></body></html>
>
> --===============6909298250656410026==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --===============6909298250656410026==--
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list