-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Component/s: Signer
-
Labels:
Paul tried to sign reverse classless zone. But the zone name has a forward slash. The zone name is used for the internal files, but the forward slash is not allowed in a file name. Should the signer escape that character?
***
From Paul Wouters paul@nohats.ca via lists.opendnssec.org
Mar 14 (9 days ago)to opendnssec-user
I wanted to sign my reverse classless delegation. This is a delegation
for 64/25.157.10.76.in-addr.arpa.
I expected this to break, but it got a little further then I expected 
Mar 14 16:15:49 nohats ods-enforcerd: Config will be output to /var/opendnssec/signconf/64/25.157.10.76.in-addr.arpa.xml.
Mar 14 16:15:49 nohats ods-enforcerd: Could not open: /var/opendnssec/signconf/64/25.157.10.76.in-addr.arpa.xml.tmp
Creating that directory just to help it showed the problem a little
further:
Mar 14 16:26:20 nohats ods-signerd: [tools] unable to copy zone input file 64/25.157.10.76.in-addr.arpa: Unable to open file
So fixed all entries in zonelist.xml to use "-" instead of "/". I ran
ods-ksmutil update all. And still noticed it trying to grab stuff from
64/ so I also stopped it and emptied the tmp directory.
Double checking, I have:
<Zone name="64/25.157.10.76.in-addr.arpa">
<Policy>default</Policy>
<SignerConfiguration>/var/opendnssec/signconf/64-25.157.10.76.in-addr.arpa.xml</SignerConfiguration>
<Adapters>
<Input>
<File>/etc/nsd/64-25.157.10.76.in-addr.arpa</File>
</Input>
<Output>
<File>/var/opendnssec/signed/64-25.157.10.76.in-addr.arpa</File>
</Output>
</Adapters>
</Zone>
but still see:
Mar 14 16:31:22 nohats ods-signerd: [tools] unable to copy zone input file 64/25.157.10.76.in-addr.arpa: Unable to open file
There must be some internal name use happening that is based on zone
name and not on input file name.
(See further http://www.ietf.org/rfc/rfc2317.txt)
Paul