[Opendnssec-user] Difference between BIND and ODS signed output

elsif Fri, 26 Oct 2012 08:03:19 -0700

Unsigned zone:
lac-megantic.qc.ca.                IN NS    ns1.com2media.ca.
                                   IN NS    ns2.com2media.ca.
ville.lac-megantic.qc.ca.          IN NS    ns1.com2media.ca.
                                   IN NS    ns2.com2media.ca.


Signed zone (ODS):
lac-megantic.qc.ca.     86400   IN      NS      ns1.com2media.ca.
lac-megantic.qc.ca.     86400   IN      NS      ns2.com2media.ca.


Signed zone (BIND):
lac-megantic.qc.ca.     86400   IN NS   ns1.com2media.ca.
                        86400   IN NS   ns2.com2media.ca.
ville.lac-megantic.qc.ca. 86400 IN NS   ns1.com2media.ca.
                        86400   IN NS   ns2.com2media.ca.

It appears ODS is ignoring the 4th level when the 3rd level exists(presumably this behaviour would be different if the NS RRset differs, butI've yet to confirm that).

I didn't expect zones to disappear from the signed zone, in any case, andmakes our post-signing validation checks fail.


Can this be considered a bug?

Thanks,

-Jake

_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

[Opendnssec-user] Difference between BIND and ODS signed output

Reply via email to