CDS records created from ZSK records?

Mon, 24 Jan 2022 12:36:46 -0800

I've just noticed that in the last few days that "BIND 9.16.22 (Extended Support Version) <id:59bfaba>" appears to be generating CDS records for both KSK ***and ZSK*** records!
Nothing on my side has been changed although I do run automated updates. I'm on a Linux machine running Gentoo. 

$ dig DNSKEY EDU.ZA

; <<>> DiG 9.16.6 <<>> DNSKEY EDU.ZA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22867
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;EDU.ZA.                IN    DNSKEY

;; ANSWER SECTION:

EDU.ZA.            9378    IN    DNSKEY    256 3 13 
U9/K052f1oBX5WYbedZhLM0jd+rNAwEYNfuRUAsf2S3U7UNaEKV2pYtM 
3dHSOdsNDiLkr0H77x9U2ZFtoN7U2A==
EDU.ZA.            9378    IN    DNSKEY    256 3 13 
YPgTWLFxFXWMXlVaJB2bCA5F75l5yryFO/h9w+xXS/GfhhmvyZvh9NCv 
MLPZckLRGbeZ5/BkyH9ae4X0IyzKYA==
EDU.ZA.            9378    IN    DNSKEY    257 3 13 
75OMA5R90131FVGX1QcJiCGAUboYSmazf3dPpAPL0t33YLcx7bBnio6Y 
qyrR77MRVZKNpWIBLcnz7YOLWNZXmQ==


---------------------------

$ dig CDS EDU.ZA

; <<>> DiG 9.16.6 <<>> CDS EDU.ZA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11376
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;EDU.ZA.                IN    CDS

;; ANSWER SECTION:

EDU.ZA.            86400    IN    CDS    569 13 2 
350F4414CB611C04AD829CD2C23A5C60296EA635BF59D7F0B44CD02F 6B396A94
EDU.ZA.            86400    IN    CDS    9355 13 2 
B0A16FBB3F5D6274665DE272FE5FF182ABC89B3072B668589E5EC6F0 513E36C9
EDU.ZA.            86400    IN    CDS    49988 13 2 
6F99A6D6A4657F0A528AD2791B8B3E02AFB34E5DB79F5C53EA022A55 1874D40A



These are also the values from inside my signed zone. Anyone have any 
thoughts?

This is going to screw up systems that poll for CDS records.

--

Mark James ELKINS  -  Posix Systems - (South) Africa
m...@posix.co.za       Tel: +27.826010496 <tel:+27826010496>

For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za 
<https://ftth.posix.co.za>




_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to