-
Type: Story
-
Status: Closed
-
Priority: Critical
-
Resolution: Won't Fix
-
Affects Version/s: 1.1.3
-
Fix Version/s: None
-
Component/s: Signer
-
Labels:
-
Environment:
RedHat Linux 5.8 Tikanga
We are doing a rollover from OpenDNSSEC 1.1.3 to OpenDNSSEC 1.3.9, and are changing HSMs at the same time. To do this, we import DNSKEY records back and forth. We are working towards a publication of this procedure.
Importing DNSKEY records into the unsigned zones of OpenDNSSEC 1.1.3 led to a problem, where the ending of the DNSKEY record got altered (bits added or removed) by the signer.
We worked around in our/one case by adding extra ==== padding characters at the end of the base64 fragment.
Possibly related, but maybe a separate bug: we got added bits to a DNSKEY, which was remedied by removing the comment after the key material.
We are not able to test any resolution for this bug, as it occurred on our live signer setup. We may be able to do this later, after our migration has been completed.
surfnt.org. 3600 IN DNSKEY 256 3 8 AwEAAcA0elmYGUTIsBBh6i/ANWUIjzHF0AvzPAqCM6XYmtxHWYBZB0OzlP4vT/UZugZQxenABTS0EpswDFxG0r1NrZGeIm8s3WvjD1HT0aPEiVFzhrEmvEXlyQoG7rS484+2RZJrDUpw18NFuoFmkPGLJpr6s/6O73yV/HPvWr05qw9J ;
{id = 2424 (zsk), size = 1024b}surfnt.org. 3600 IN DNSKEY 256 3 8 AwEAAc2yPFJ6GceCjz4s1HToGzi273O/4zBE6Blbl4WSbIo481vSyBy8KGubLQKH1cY7cLzjO8cX660NB4wxisz2J1UFQYcu+JlC5TfX3d0DCoNsJHIoYx1jmFTmnil43qyMtO0GeHUsM3UVRS4QQevIbIQsQtVEdMt+lLH6aIWt8n2p ;
{id = 13839 (zsk), size = 1024b}surfnt.org. 3600 IN DNSKEY 257 3 8 AwEAAecB//UmGVSaQTsOfeyu120FWUGOhkYgB3jX5I4qTr4Gb8N1h53+nbbKYEyXryyveQvuxOT5/vN6sIE8iBYkP3L9dfE/3PwkAaLqqu4WAhtEpkbavrcemUpXtRExAuqQxCRI3zWoeqFDWiEP/zHXMhQ4wBAwV9OHNfmLSRR1sZDQXGN924ABfTJQjbEBg1gSFISet3MC/CaH/QPHY8KiqhyqhASaB8dt3HVsslubQet+Ihxg++u3VCtUyZld8gMNXkPKas/e3JQe0JII/s4OkcBQAFW277RPjuI2BMtObKXHlLrNTIpAESZwZJjXC+LXbyG+b4bhz3hqgFYlfC+yxNk= ;
{id = 9274 (ksk), size = 2048b}surfnt.org. 3600 IN DNSKEY 257 3 8 AwEAAfWNWLCrI5ddf/JnEO+iUHF/Vn1Z3p2JSLJU+0TXlVsu5SYm64eKdvpLBeGcM32dqtRwDFlkSHjE3JJsa/PqoRMQMSeQxTgmeeIxUrhH7G4eeORCv+XESlG6KSqErGNkceWu8IVvgRh26kPMLJVSIxydK11dbqWVtWsOxPZuMubWZOIa/Dp/19P5NGkk2onn3K0Yn/7rPiKeF0mO4n5jZEjFzvWq2qyRwENS3O2XIF6pmdYCQxvCKYmR8j0sreuPhEEJiR4Qp2StOXhaEQHYdikIsCNU5gTxNVWWlVRV5Wdz/VyOcLKbMZP6o0783aWVisbPEyimQzjcIF+2NmV5wNc= ;
{id = 34982 (ksk), size = 2048b}