Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-18

NSEC3PARAM left in records after switch NSEC3->NSEC

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.3.3
    • Component/s: Signer
    • Labels:

      Description

      The NSEC3PARAM is left in memory and records here and there after switching from NSEC3 to NSEC. It will also corrupt the backup file since NSEC3PARAM is invalid for NSEC.

      replicate:
      switch to nsec3
      sign
      switch to nsec
      sign
      grep NSEC3PARAM signed-file

      RRSIG for the NSEC3PARAM is left in the backup zone and makes it corrupt

      se. 7200 IN RRSIG NSEC3PARAM 5 1 7200 20111017135854 20111005090501 31590 se. TenDonxODs2Vybw9WUJe3tL1kQAOxkXsPxpXtykUwVWZ+IO+SXDz1yLHwU5ITWSHKkjJPpxZlHF9lF0t6PMmXp9jn4KKowEfOZCmv/Rl6TZJYej9mm9tvErIs9r56XxNkvbpfa6fDqTZlvRO/xscv4ks7ulItKlGDVpJH5/z+KU= ;

      {id = 31590}

      NSEC3PARAM is left in the NSEC

      se. 7200 IN NSEC 0-0-0.se. NS SOA TXT RRSIG NSEC DNSKEY NSEC3PARAM

        Attachments

          Activity

            People

            Assignee:
            matthijs Matthijs Mekking
            Reporter:
            jerry Jerry Lundström
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: