CDS records created from ZSK records?

Mark Elkins mje at posix.co.za
Mon Jan 24 20:35:10 UTC 2022 

I've just noticed that in the last few days that "BIND 9.16.22 (Extended 
Support Version) <id:59bfaba>" appears to be generating CDS records for 
both KSK ***and ZSK*** records!

Nothing on my side has been changed although I do run automated updates. 
I'm on a Linux machine running Gentoo.

$ dig DNSKEY EDU.ZA

; <<>> DiG 9.16.6 <<>> DNSKEY EDU.ZA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22867
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;EDU.ZA.                IN    DNSKEY

;; ANSWER SECTION:
EDU.ZA.            9378    IN    DNSKEY    256 3 13 
U9/K052f1oBX5WYbedZhLM0jd+rNAwEYNfuRUAsf2S3U7UNaEKV2pYtM 
3dHSOdsNDiLkr0H77x9U2ZFtoN7U2A==
EDU.ZA.            9378    IN    DNSKEY    256 3 13 
YPgTWLFxFXWMXlVaJB2bCA5F75l5yryFO/h9w+xXS/GfhhmvyZvh9NCv 
MLPZckLRGbeZ5/BkyH9ae4X0IyzKYA==
EDU.ZA.            9378    IN    DNSKEY    257 3 13 
75OMA5R90131FVGX1QcJiCGAUboYSmazf3dPpAPL0t33YLcx7bBnio6Y 
qyrR77MRVZKNpWIBLcnz7YOLWNZXmQ==

---------------------------

$ dig CDS EDU.ZA

; <<>> DiG 9.16.6 <<>> CDS EDU.ZA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11376
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;EDU.ZA.                IN    CDS

;; ANSWER SECTION:
EDU.ZA.            86400    IN    CDS    569 13 2 
350F4414CB611C04AD829CD2C23A5C60296EA635BF59D7F0B44CD02F 6B396A94
EDU.ZA.            86400    IN    CDS    9355 13 2 
B0A16FBB3F5D6274665DE272FE5FF182ABC89B3072B668589E5EC6F0 513E36C9
EDU.ZA.            86400    IN    CDS    49988 13 2 
6F99A6D6A4657F0A528AD2791B8B3E02AFB34E5DB79F5C53EA022A55 1874D40A

These are also the values from inside my signed zone. Anyone have any 
thoughts?
This is going to screw up systems that poll for CDS records.

-- 

Mark James ELKINS  -  Posix Systems - (South) Africa
mje at posix.co.za       Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za 
<https://ftth.posix.co.za>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220124/c3b5a110/attachment.htm>

More information about the bind-users mailing list