dnssec-signzone: sorting order
Kopecny Michal
Michal.Kopecny at mafra.cz
Thu Sep 4 19:44:02 UTC 2008
Hi,
I have two installations of Bind 9.3.4 (Debian Etch) and one server
seems ok, but second one will not put SOA as the first record in signed
zone.
I have no idea why.
What happens is that I have a simple zone :
; zone 'sample.cz'
$TTL 86400
@ IN SOA ns.s.cz. hostmaster.s.cz. (
2002083003 ; Serial
28800 ; Refresh 8 hours
7200 ; Retry 2 hours
604800 ; Expire 7 days
86400) ; Negative Cache TTL 1 day
IN NS ns.s.cz.
IN NS ns2.s.cz.
@ IN A 192.168.1.1
www IN CNAME test.s.cz.
And result after using dnssec-signzone is:
; File written on Thu Sep 4 21:34:53 2008
; dnssec_signzone version 9.3.4-P1.1
www.sample.cz. 86400 IN CNAME test.s.cz.
86400 RRSIG CNAME 5 3 86400 20081004183453 (
20080904183453 41106 sample.cz.
bCF4kHTZ8IodhU59RTxGUiVJYVcXdTyhUGu5
0OkkyV+CZ+JKGGFdBQSV/i9WZNY32BIrGGWU
ug3zHC3uQdpA68g3Vf1a6KphKz2ZtMc4MBb3
MAi2jh3HHdOonYx9ZuqNgi81qrGPs1XVc1D7
H4fVZDoDwrXjPqgHHBPsbsW+jGw= )
86400 NSEC sample.cz. CNAME RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 20081004183453 (
20080904183453 41106 sample.cz.
Yk4uwpqTlJKz2PkpGis+lTgwOzvfGUJj8xSm
FhNsKL/9D4f0mS8nwYQnqfJInbAilLMZo+XV
LZMfZw1fogsutDV0aKEkqMZtQEznikG/ShdZ
qkI6TCQKwrfS475+gla0gH+0xCZ//37DvySY
xp1X/3l3nxaVq2kUFD8fnBgiu/E= )
sample.cz. 86400 IN SOA ns.s.cz. hostmaster.s.cz. (
Is it bug/config issue or order doesn't matter ? And as I said other
server (same OS + Bind) is ok :/
Thanks.
Regards,
Michal
More information about the bind-users
mailing list