auto-dnssec maintain and no key: no error message?

Tue, 30 Jul 2013 07:42:27 -0700 

When I run a BIND with "auto-dnssec maintain" and "inline-signing
yes", if I create no key, there is no error message and, worse, the
log file says the zone is signed:

Jul 30 16:31:42 u12-33673 named[1605]: zone auto.rd.nic.fr/IN (unsigned): 
loaded serial 2013073000
Jul 30 16:31:42 u12-33673 named[1605]: zone auto.rd.nic.fr/IN (signed): loaded 
serial 2013073000
Jul 30 16:31:42 u12-33673 named[1605]: all zones loaded
Jul 30 16:31:42 u12-33673 named[1605]: running
Jul 30 16:31:42 u12-33673 named[1605]: zone auto.rd.nic.fr/IN (signed): 
receive_secure_serial: unchanged
Jul 30 16:31:42 u12-33673 named[1605]: zone auto.rd.nic.fr/IN (signed): 
reconfiguring zone keys
Jul 30 16:31:42 u12-33673 named[1605]: zone auto.rd.nic.fr/IN (signed): next 
key event: 30-Jul-2013 17:31:42.009
Jul 30 16:31:42 u12-33673 named[1605]: zone auto.rd.nic.fr/IN (signed): sending 
notifies (serial 2013073000)

Of course, there is no signature:

% dig +multi @localhost SOA auto.rd.nic.fr

; <<>> DiG 9.9.2-P1 <<>> +multi @localhost SOA auto.rd.nic.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57439
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;auto.rd.nic.fr.                IN SOA

;; ANSWER SECTION:
auto.rd.nic.fr.         86400 IN SOA 10.200.0.73. bortzmeyer.nic.fr. (
                                2013073000 ; serial
                                30480      ; refresh (8 hours 28 minutes)
                                26400      ; retry (7 hours 20 minutes)
                                2419200    ; expire (4 weeks)
                                86400      ; minimum (1 day)
                                )

;; AUTHORITY SECTION:
auto.rd.nic.fr.         86400 IN NS ns1.bortzmeyer.org.
auto.rd.nic.fr.         86400 IN NS ns1.auto.rd.nic.fr.

;; ADDITIONAL SECTION:
ns1.auto.rd.nic.fr.     86400 IN A 109.26.74.172

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul 30 16:38:00 2013
;; MSG SIZE  rcvd: 167

IMHO, BIND should clearly log there is something missing.

BIND 9.9.2-P1 (the version in the last Ubuntu server)

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to