In message <545954b0.8080...@offerman.com>, "Adrian (Aad) Offerman" writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> named keeps refusing my zone file in which I included a DANE record:
>
> [root]# named-checkzone offerman.com db.offerman.com
> db.offerman.com:59: _443._tcp.offerman.com: bad owner name (check-names)
> db.offerman.com:60: _443._tcp.offerman.com: bad owner name (check-names)
> zone offerman.com/IN: loaded serial 2014110103
> OK
> [root]#
>
> This appears to be caused by the underscores used in the port/protocol
> combination.
>
> Here's what the record looks like:
>
> _443._tcp IN TLSA 3 0 1
> a66939453856cd6b0f78427eb38d3a9921cfb8bab928d24017a172647e323ce
Well that isn't a valid TLSA record. It has a bad hex encoding.
There are 63 hex digits.
TLSA records themselves are not subject to check-names processing
so I suggest that you look at the reported lines in the file to
find out what is actually there.
In the example below it is the A record which has inherited the
_443._tcp owner name.
Mark
[rock:~/git/bind9] marka% bin/check/named-checkzone ccccc.db ccccc.db
ccccc.db:1: no TTL specified; using SOA MINTTL instead
dns_rdata_fromtext: ccccc.db:3: near eol: bad hex encoding
ccccc.db:4: _443._tcp.ccccc.db: bad owner name (check-names)
zone ccccc.db/IN: loading from master file ccccc.db failed: bad hex encoding
zone ccccc.db/IN: not loaded due to errors.
[rock:~/git/bind9] marka%
@ IN SOA . . 0 0 0 0 0
@ IN NS .
_443._tcp IN TLSA 3 0 1
a66939453856cd6b0f78427eb38d3a9921cfb8bab928d24017a172647e323ce
IN A 1.2.3.4
> It was created first using this:
> tlsa --create --output rfc offerman.com
> later using this:
> ldns-dane create offerman.com 443
> both resulting in the same record, and both outputs resulting in the
> same error.
>
> I've upgraded the named version (on CentOS 6.6) from 9.8.2 to 9.9.6,
> but all to no avail :-(
>
> [root]# named-checkzone -v
> 9.9.6-RedHat-9.9.6-0.el6
>
> Am I trying to do something here that is not yet supported or am I
> overlooking something?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJUWVSwAAoJECfzYtonqXzEdIsIAIiHdjp726NW57jF6lxF7cFc
> oFNFx8uClGHveq6nWjzG9DhplEkFjl8UYMJyfKx3MUlgnKGerREI13WyEwmOrIvk
> TigcjVEwb3AnbX7RGtzeyqsSAJesx8JdYgLxpSTltfeNpYwjJ4Irl1YQKw3e6hHY
> y8Lcd9gOYYj+weyZv8BoaEIugit/fuxiLOyJ7mqhyHmrDlny1FLbHMOAJzU8WBxx
> aa3IUT91RYP5037d4k3Klk+XbieFoiAGSnvHiaqfg8SuXiosiEKAZOfxymb04sqd
> a4rDiLv6RkLGR8UIWuNfiXNTyGvcZZeW9micMIHVXk/EeEJ1Y7W6vdbwBDJ8M2s=
> =CVi6
> -----END PGP SIGNATURE-----
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
