DANE record rejected by named-checkzone
Adrian (Aad) Offerman
adrian at offerman.com
Tue Nov 4 22:35:28 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
named keeps refusing my zone file in which I included a DANE record:
[root]# named-checkzone offerman.com db.offerman.com
db.offerman.com:59: _443._tcp.offerman.com: bad owner name (check-names)
db.offerman.com:60: _443._tcp.offerman.com: bad owner name (check-names)
zone offerman.com/IN: loaded serial 2014110103
OK
[root]#
This appears to be caused by the underscores used in the port/protocol
combination.
Here's what the record looks like:
_443._tcp IN TLSA 3 0 1
a66939453856cd6b0f78427eb38d3a9921cfb8bab928d24017a172647e323ce
It was created first using this:
tlsa --create --output rfc offerman.com
later using this:
ldns-dane create offerman.com 443
both resulting in the same record, and both outputs resulting in the
same error.
I've upgraded the named version (on CentOS 6.6) from 9.8.2 to 9.9.6,
but all to no avail :-(
[root]# named-checkzone -v
9.9.6-RedHat-9.9.6-0.el6
Am I trying to do something here that is not yet supported or am I
overlooking something?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUWVSwAAoJECfzYtonqXzEdIsIAIiHdjp726NW57jF6lxF7cFc
oFNFx8uClGHveq6nWjzG9DhplEkFjl8UYMJyfKx3MUlgnKGerREI13WyEwmOrIvk
TigcjVEwb3AnbX7RGtzeyqsSAJesx8JdYgLxpSTltfeNpYwjJ4Irl1YQKw3e6hHY
y8Lcd9gOYYj+weyZv8BoaEIugit/fuxiLOyJ7mqhyHmrDlny1FLbHMOAJzU8WBxx
aa3IUT91RYP5037d4k3Klk+XbieFoiAGSnvHiaqfg8SuXiosiEKAZOfxymb04sqd
a4rDiLv6RkLGR8UIWuNfiXNTyGvcZZeW9micMIHVXk/EeEJ1Y7W6vdbwBDJ8M2s=
=CVi6
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list