Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-362

Zone publication progresses despite nsecify failure

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.3.10
    • Fix Version/s: 1.3.14
    • Component/s: Signer
    • Labels:
    • Environment:

      RHEL 6, LDNS 1.6.15

      Description

      There is a bug related to the issues in LDNS 1.6.14 and LDNS 1.6.15 (relates to OPENDNSSEC-361 reported and closed earlier today).

      If nsecify fails, the zone gets published nevertheless. In the case reported in OPENDNSSEC-361 this meant that a zone was published with a new NSEC3 salt value but with the old NSEC3 chain in it, resulting in validation failures.

      The fix is easy: zone publication should not progress if nsecify fails and a failure condition should be reported.

        Attachments

          Activity

            People

            Assignee:
            matthijs Matthijs Mekking
            Reporter:
            rijswijk Roland van Rijswijk
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: