a correction: my dig command is
dig @127.0.0.1 -t RRSIG 4PPH7Q8R02M0AD8MLJPS0UEH2AB9KFJL.test.net and I still get NXDOMAIN -- Jack Tavares AIM: jacktavares SKYPE: jackandkaddee Reminder: I am at GMT+2, 10 hours AHEAD of Seattle. My workweek is Sunday-Thursday. Email sent to me Thursday afternoon (PST) may not be viewed until Sunday morning (GMT+2). ________________________________ From: bind-users-boun...@lists.isc.org [bind-users-boun...@lists.isc.org] On Behalf Of Jack Tavares [j.tava...@f5.com] Sent: Wednesday, June 24, 2009 15:24 To: bind-users@lists.isc.org Subject: can't query for RRSIG that references NSEC3 When I query my test zone I get RRSIG records that cover NSEC3 and all the NSEC3 records etc like so: dig axfr @127.0.0.1 test.net. ; <<>> DiG 9.6.1 <<>> axfr @127.0.0.1 test.net. ; (1 server found) ;; global options: +cmd test.net. 500 IN SOA d62.test.net. hostmaster.d62.test.net. 2009033114 10800 3600 604800 86400 test.net. 500 IN RRSIG SOA 7 2 500 20090721094639 20090621084639 50417 test.net. rqx/Equtdg0y3DqMpiRRSpZpYySn8JgJgktpXvSTpQH6glNeTKK7kw6i 6OedcRnKYdxwzqhvu4urnWS3oO7Sc1fBGnVj9lVfNt5qOos2imWx7zut i7209qs1bDwZLv6Cn/0AdQXazuP94GfPeqQ5LZ06bqihJTaN04dbtV26 M2A= test.net. 500 IN NS d62.test.net. test.net. 500 IN RRSIG NS 7 2 500 20090721085219 20090621084639 50417 test.net. QVYC9R/1G+AsiOrXD1dOhGqY9PKoNtQ8s85lErpIH6Et8rxJQJLSFEMa pOYkywMXZnQJ4DZGUA3RNjXgGeZsIW9DPeJnY45L866+ddWEKII75Nat 3kvJoBLrz4WNsQb1/qHi/4ch04gIs7c5OLSYtxfzpa5BMBybZh+Zhddi 9g8= test.net. 500 IN DNSKEY 256 3 7 AwEAAdftV28eJd92UYVeU71g7ZuCEFW57nyfG05Vt4GOM9745koGevi5 F8BtVoeHywudGKE3vHjCubhSWFBPqZaKduQYTQTeZE4eQFSyExDgbVAA 3K7BD+O9Qa4MXMudiBpF9RBVI9XAcvcIGyHGqcqLku6JhAeZ9NNwXQpM jWLcyD59 test.net. 500 IN DNSKEY 257 3 7 AwEAAbdMLjb/5Rs5wWF32mjB7LTSAo2EM5qHkUa3L74+5mSFBfLHLuQj /EMI23o2djg6IEi3D+vo2yJgypEVgeiXqHBnGqqkF6vX+3OM313zYago N3X2NJnC7XmBpTTA7zUNmXI4I/kG+hUV+WPBQl4OAdymMBTXctMSWRgY can8shw7356SEjmMN4fDsqrkdl4xUx7XWx9j/LjVhy7lCz8YsHtX3vp+ P5UsfiAjnt3RAT3w6ShgA9ZnXle9HswW10yHLR6AMvonItZvhoFM4ckU Tb0aRkQjeqhM+6CSdBkkloQ+tI3CF5mfoqNQRnSk0A25FA42r6uOrtSi NYlIEo4zpBE= test.net. 500 IN RRSIG DNSKEY 7 2 500 20090721085219 20090621084639 21768 test.net. ZCQ21MP5Sn2ZULlUyLKLjkZPl4BtqQZj44x0HPXMPAX6UNgZzJ+oSqqo MXJ/kRfxXJLJJ86fBi1NrC4XntvOGrZ5BuVEXokGhRXmtPNvlWCQqPWO lXPLUt3vLcHT/IWMEpO4l0woV3/X3E+v2cmSZFBkBVZ7KRh4RfNTf2eq x/goe/ql4YEjfHcI4CvbA6cVT/4XLjLSIm1Z3N7ZNZuHrvljk+fqHiq7 C2Vv0/ZPiDAYxr94yN2W6v6iBMLxSqdaDzPTcvGtZiJavR/Tnt0xDcWR yYYnfNArPCxPavcVC3akPUoxBkqnZ8KbkWOMVwmIr7rrKyfsXujfPD5y iCoA8g== test.net. 500 IN RRSIG DNSKEY 7 2 500 20090721085219 20090621084639 50417 test.net. QgOOg0QGR7sdEHGeQjE9o8/LPgYqYlse7EX8y+R5zKVWSbz35Epo1Km3 q3wJAzl7+lee7Xadsl4G9zW0JLctvJeknLIjDGQf1ND6P9hmTLwjCZfr C9PTNmadoTdsEiZCO0stckBnzU9f81Avamf3awAdwpSDG2FKeFNtEYwM WMg= test.net. 0 IN NSEC3PARAM 1 0 100 0123456789ABCDEF test.net. 0 IN RRSIG NSEC3PARAM 7 2 0 20090721085219 20090621084639 50417 test.net. jukLTp523hzchhjHlldmnMqQK1tKTQPq/HcMrpP7YtA/DiYMDmar9hDQ q+eB+zP3CPvJKnuiKyjwY+nRGIoJPmzPGFzB7oT0qjF5KjtkFjTlxTY3 RVpSxOFNQ1DBjt8GB1uSGPKzLTDDmaB25i2bf/3AUhJH4jPLWzjNdLM7 oS8= a.test.net. 500 IN A 1.2.3.4 a.test.net. 500 IN RRSIG A 7 3 500 20090721085219 20090621084639 50417 test.net. raR/8vMh37yX6LOsE1TqzqPJe7XfD6XY9Rw7+CIJC4z1XWWDKRf3/NoF 3bXhxaBUr6XfSeWt2MjX6hS8BGlUfO2ClshKbuydO8wfXn0I7yHGI+o4 535Nt1fzIcfVlrNBVepMByoVsgHhGe0XGJwMB0uPC40l1zcnTWKO7MeJ Z3E= b.test.net. 500 IN A 1.2.3.4 b.test.net. 500 IN RRSIG A 7 3 500 20090721085219 20090621084639 50417 test.net. On3h0pjjndShviCCOZZmzjEGbkNHLPaQJQse7DKcp/jf6mywoHPefa/6 OW32wLn/1erXVMJPjaAbW1kc9PHIWj4AcY8k9e/U0EnbsndRXuL+N60c 2fJI+PxztgWrSykqVSuh5NGQIlCvlGfRbem/es0ECMDRRM3aMpZXMAkp F8M= c.test.net. 500 IN TXT "blah" c.test.net. 500 IN RRSIG TXT 7 3 500 20090721093908 20090621084639 50417 test.net. 0RZeSr+Bv0SqfJbMVzMHp54uf5KzJdfRAveAmrpBLp1JD2Po6qWNWmpO HXEuLBAIuzV7p0poAxHpMYrWfRyHKs1nFxsfBlaoA9/XxmBiRpFHagQO K7dEl+HQb/HkzmMk80HJstNoTrInHKQ6fIhBc5zaNqxwicsFPW3uzMn+ xu8= d.test.net. 500 IN A 1.2.3.4 d.test.net. 500 IN RRSIG A 7 3 500 20090721085219 20090621084639 50417 test.net. UOtChpH31l+q0m/Fgw8/Ks0N/K2B4ykXVgsXDzFQzR6Vc26K0QnA+zoC 5LKyNzTLk1DkjOOuH5lMYIHdClkIYopajtaXHhINeVj8xR2q9iv/J+gy zr01stNuk9sRy0ynBnKc7mjdA8hTTKTnf31RSgP3NedDfJZa2+ptbvgR 0/Y= e.test.net. 500 IN A 1.2.3.4 e.test.net. 500 IN RRSIG A 7 3 500 20090721093908 20090621084639 50417 test.net. ADxHuMrnaoLu9oMSgdksa4LRGzYK8N5gjt0D3sSs+RPKIDsXeVsntRrZ dAX6ja2a2Rbip3wRyP1VD5uzonMeWrOouHIsR5NgQxZPWqFM6ITX4hRE tVVGZPJMK4mfl7YRxObA/zkke5uXDLhMX8uNKjDVGq/1/09cjwZgQrpd BWU= 4PPH7Q8R02M0AD8MLJPS0UEH2AB9KFJL.test.net. 86400 IN NSEC3 1 0 100 0123456789ABCDEF 5PMCTBRN3GQV2KV3MVKV66C5BFCOSM7I 4PPH7Q8R02M0AD8MLJPS0UEH2AB9KFJL.test.net. 86400 IN RRSIG NSEC3 7 3 86400 20090721085219 20090621084639 50417 test.net. uWbSe5g12MF07HK1I1Tq/w7LRcCdE+KWJ8YtKHryG7hBlqBeU6lHHvf3 8ND1mKyhpPwgUarHiZeNAhcYDo2oY00dj1Ltpc9vb7QZl2rBh8PLo1eZ FlhYNWqu6aH4OWaS5bG471EjnhM+jDpDJh5eqMYMNIr3D6Evy6UgErbb jN4= 5PMCTBRN3GQV2KV3MVKV66C5BFCOSM7I.test.net. 86400 IN NSEC3 1 0 100 0123456789ABCDEF K011G4RQVBP3KSK3MAIFS4TN9BISTPN1 A RRSIG etc etc but when I try to guery for the RRSIG record I get a NXDOMAIN [r...@d62:Active] tools # dig @127.0.0.1 4PPH7Q8R02M0AD8MLJPS0UEH2AB9KFJL.test.net. ; <<>> DiG 9.6.1 <<>> @127.0.0.1 4PPH7Q8R02M0AD8MLJPS0UEH2AB9KFJL.test.net. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2512 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;4PPH7Q8R02M0AD8MLJPS0UEH2AB9KFJL.test.net. IN A ;; AUTHORITY SECTION: test.net. 500 IN SOA d62.test.net. hostmaster.d62.test.net. 2009033114 10800 3600 604800 86400 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 24 05:20:37 2009 ;; MSG SIZE rcvd: 110 What am I doing wrong? thanks -- Jack Tavares
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
