-
Type:
Bug
-
Status: Accepted
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 92 : 13 Mar
-
Labels:
Start fresh and sign a zone using NSEC. Then change the configuration to NSEC3 OptOut. And do ods-signer update <zone>. You will see that an assertion fails.
Mar 15 15:37:40 fou ods-signerd: [engine] signer started
Mar 15 15:37:40 fou ods-signerd: [signconf] zone largetld signconf: RESIGN[PT60S] REFRESH[PT180S] VALIDITY[PT600S] DENIAL[PT600S] JITTER[P] OFFSET[PT60S] NSEC[47] DNSKEYTTL[PT900S] SOATTL[PT60S] MINIMUM[PT120S] SERIAL[unixtime] AUDIT[0]
Mar 15 15:38:57 fou ods-signerd: [STATS] largetld RR[count=50008 time=3(sec)] NSEC[count=12191 time=1(sec)] RRSIG[new=13451 reused=0 time=71(sec) avg=189(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=76(sec)]
Mar 15 15:40:35 fou ods-signerd: [signconf] zone largetld signconf: RESIGN[PT60S] REFRESH[PT180S] VALIDITY[PT600S] DENIAL[PT600S] JITTER[P] OFFSET[PT60S] NSEC[50] DNSKEYTTL[PT900S] SOATTL[PT60S] MINIMUM[PT120S] SERIAL[unixtime] AUDIT[0]
Mar 15 15:40:35 fou ods-signerd: ../../../signer/src/signer/tools.c:191: tools_nsecify: assertion zone->nsec3params failed