SSHFP observation

rams bramesh80 at gmail.com
Thu Jan 31 17:30:36 UTC 2019 

Thank you Mukund,Jim and Alan to look my issue.

We are seeing the issue only when sshfp fingerprint value less than 4
characters.

It is working fine value with >=4 characters.

Ex: test3.ramesh-sshfp.com SSHFP 1 1 aaaa ---- WORKING FINE

I am guessing there is bug in bind and posted in bugs list .

Regards,
Ramesh

On Thu, 31 Jan 2019, 7:14 pm rams <bramesh80 at gmail.com wrote:

> Hi,
> I have setup sshfp records as follows in bind zone file:
>
> test1.ramesh-sshfp.com. 86400   IN  SSHFP 1 1 aa
> test2.ramesh-sshfp.com. 86400   IN  SSHFP 1 1 00
>
> Successfully started bind but when queried for domain test1 and test2 ,
> returning malformed error and no answer. If fingerprint value wrong then
> bind should validate and should not start. Is it expected behavior? Kindly
> confirm.
>
> Bind responses
> [qa][root at regression-bind-useast1a01-01 zones]# dig @localhost
> test2.ramesh-sshfp.com. sshfp
> ;; Warning: Message parser reports malformed message packet.
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost
> test2.ramesh-sshfp.com. sshfp
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49768
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
> ;; WARNING: Messages has 55 extra bytes at end
>
> ;; QUESTION SECTION:
> ;test2.ramesh-sshfp.com.                IN      SSHFP
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Jan 31 13:29:18 2019
> ;; MSG SIZE  rcvd: 107
>
> [qa][root at regression-bind-useast1a01-01 zones]# dig @localhost
> test1.ramesh-sshfp.com. sshfp
> ;; Warning: Message parser reports malformed message packet.
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> @localhost
> test1.ramesh-sshfp.com. sshfp
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23302
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
> ;; WARNING: Messages has 55 extra bytes at end
>
> ;; QUESTION SECTION:
> ;test1.ramesh-sshfp.com.                IN      SSHFP
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Jan 31 13:29:23 2019
> ;; MSG SIZE  rcvd: 107
>
> [qa][root at regression-bind-useast1a01-01 zones]#
>
> Regards,
> Ramesh
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190131/2bda5558/attachment.html>

More information about the bind-users mailing list