-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: OpenDNSSEC 1.2.1
-
Fix Version/s: None
-
Component/s: Auditor
-
Labels:None
-
Environment:
CentOS 5.5
On my testing environment, while testing using BIND as a signing engine (via ods4bind.pl), I've passed the resulting zone through the auditor.
It failed in two situations where the NSEC3 name comparison was case-sensitive:
/usr/local/bin/ods-auditor -f -z org.nz -s /var/opendnssec/signed/org.nz
Auditor started
Auditor starting on org.nz
....
3: Can't follow NSEC3 loop from PFUBU1QOFP27DAGL656NHB2TDOJ7RGJE.org.nz to 4b532f9uabvkqs6bftv9pr68kruauvoa.org.nz. Was actually 4B532F9UABVKQS6BFTV9PR68KRUAUVOA.org.nz
6: Finished auditing org.nz zone
Auditor found errors - check log for details
During a partial run, I got
/usr/local/bin/ods-auditor -p -z org.nz -s /var/opendnssec/signed/org.nz
Auditor started
Auditor starting on org.nz
6: Auditing org.nz zone : NSEC3 SIGNED
3: NSEC3 has wrong salt : should be 41957fb591155547 but was 41957FB591155547
3: NSEC3 has wrong salt : should be 41957fb591155547 but was 41957FB591155547
.....
6: Finished auditing org.nz zone
Where the salt, with case-insensitive comparison, are the same.
The fix seems straightforward, please find patch attached.
- relates to
-
-
- Closed
-