CNAME and other data
This is a discussion on CNAME and other data within the Bind Users forums, part of the DNS and Related Forums category; -----BEGIN PGP SIGNED MESSAGE----- I'm seeing: Jan 20 10:50:41 marajade named[6342]: transfer of 'sandelman.ca/IN' ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-20-2005
|
|||
|
|||
CNAME and other data
-----BEGIN PGP SIGNED MESSAGE-----
I'm seeing: Jan 20 10:50:41 marajade named[6342]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: failed while receiving responses: CNAME and other data Jan 20 10:50:41 marajade named[6342]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: end of transfer with: marajade-[/var/tmp] mcr 1027 %bindversion 127.0.0.1 version.bind. 0 CH TXT "9.3.0" marajade-[/var/tmp] mcr 1028 %bindversion 205.150.200.254 version.bind. 0 CH TXT "9.3.0s20021115" There are *no* duplicates that I can find. (It would be nice if named would log what the conflict is) dig @205.150.200.254 sandelman.ca. axfr >|n1 (snippet of file inline at bottom) The only "duplicates" are that the 9.3.0s20021115 is naturally doing pre-TCR SIG/NXT. I think that bind 9.3. should be tolerant of zones like that. Or at least provide a more intelligent error message. I built bind 9.3 on 205.150.200.254, and resigned by zones. I noticed that I had to edit K*.key -> s/KEY/DNSKEY/. dnssec-signer complains about the K*.private file, which is confusing. {I noticed this because my laptop is a stealth secondary for my zone, and it got upgraded to bind 9.3 sometime in the last month, and the on-disk copy of the zone finally expired...} I'm concerned that a pre-9.3.0 secondary may NOW complain that there is CNAME + NSEC! Jan 20 11:11:06 bud named[25400]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: failed while receiving responses: CNAME and other data For instance 9.2.3 says: Jan 20 11:11:06 bud named[25400]: transfer of 'sandelman.ca/IN' from 205.150.200.254#53: failed while receiving responses: CNAME and other data =============== ; <<>> DiG 9.3.0s20021115 <<>> @205.150.200.254 sandelman.ca. axfr ;; global options: printcmd cooperix.sandelman.ca. 7200 IN CNAME aragorn.sandelman.ca. cooperix.sandelman.ca. 7200 IN SIG CNAME 1 3 7200 20050219143302 20050120143302 3649 sandelman.ca. kZB1YEZFJ8Uom7KfJ+pqxVIC5AqwZpq/qFUeg23ECLsy7SVQNbLfniRc 8OAYzyQXt+2Ak25R6cM8AiO2tB3UoZmOfk+fx5qMdmrbyS4NPn kCmP0+ hWCgMAjw+OdEEeCg0FM7uXQEiLTTo9zs+rrIZUcp07GF4eqnpl qNKhHi JP4= cooperix.sandelman.ca. 7200 IN NXT cvs.sandelman.ca. CNAME SIG NXT cooperix.sandelman.ca. 7200 IN SIG NXT 1 3 7200 20050219143302 20050120143302 3649 sandelman.ca. P60ZTJhC3sJI+fPTIYp/wX5GCFCg8RmmfgM4MuFtkKbvXzPK8l5U2n7F kUeKfyyGHK6CTDS6oc/os8YG26s+CXvU626X8xNxeZbqXnuBygOYCI+o 6uecubsmlx7kK4/YXHIWBkffqAx37sOBOG7uHpNMWrj8D9cSFQDe3/mt vM8= - -- ] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [ ] mcr @ xelerance.com Now doing IPsec training, see |net architect[ ] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQe/YZIqHRg3pndX9AQEb9wQAvL/Uy/SNz5MHzxSRtuK9alyJNzcAsNlC vT3SIU6Wjc1CRy8JImYwpYCutvSzYSkfvabcxIcAN2lpXaK7Vo IiOHCIT0Zs9Yat 0JADONO3rDmYqg6Cl94YouBgGSln0gBFUKgEzUXCyZtFkTSjy4 +3PqaP56iLWWwK pKJGqNehP0Y= =UfBs -----END PGP SIGNATURE----- 
|
Linear Mode
