Date: Sat, 8 Jun 2019 13:00:14 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: DNSSEC question Message-ID: <f2c9eb71-0c37-1508-cefc-22dba25682f3@FreeBSD.org> In-Reply-To: <57d278f4ca2da5d8a515b2eb3766cd7b.squirrel@webmail.harte-lyne.ca> References: <57d278f4ca2da5d8a515b2eb3766cd7b.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2duf4wotnrivtx9E89MvXSOHgM4DZjXhr Content-Type: multipart/mixed; boundary="upPjLuWQYIXCPQMVQRigXBY4M2P4U0TTC"; protected-headers="v1" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Message-ID: <f2c9eb71-0c37-1508-cefc-22dba25682f3@FreeBSD.org> Subject: Re: DNSSEC question References: <57d278f4ca2da5d8a515b2eb3766cd7b.squirrel@webmail.harte-lyne.ca> In-Reply-To: <57d278f4ca2da5d8a515b2eb3766cd7b.squirrel@webmail.harte-lyne.ca> --upPjLuWQYIXCPQMVQRigXBY4M2P4U0TTC Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 08/06/2019 01:25, James B. Byrne via freebsd-questions wrote: > We are running a DNS master using the BIND-9.11 pkg for FreeBDS-12.0p5.= >=20 > We have run into a problem with a couple of our domains that use > DNSSEC. Specifically we have started to see this error when loading > those zones: >=20 > 07-Jun-2019 19:58:56.342 zone harte-lyne.ca/IN/public (unsigned): > loaded serial 2019070706 > 07-Jun-2019 19:58:56.342 dns_master_load: file format mismatch (not raw= ) > 07-Jun-2019 19:58:56.342 zone harte-lyne.ca/IN/public (signed): > loading from master file > /usr/local/etc/namedb/master/harte-lyne.ca.hosts.signed failed: not > implemented > 07-Jun-2019 19:58:56.342 zone harte-lyne.ca/IN/public (signed): not > loaded due to errors. >=20 > I have searched for a solution to this for hours and the only solution > that I found for this specific error is to add the clause: >=20 > masterfile-format text; >=20 > to the zone declaration block in named.conf. However, this changes > nothing. The error persists. >=20 > What is it about the hosts.signed file that BIND complaining about? >=20 > I need to get this fixed but I am out of ideas as to what is really > wrong. >=20 Hmmm... the 'file format mismatch' error message may be a bit of a red herring. Bind is working fine for me with DNSSEC enabled, text format files and nothing in the config declaring what the zone file format is. The one thing that leaps out at me from your log extract is that you seem to be loading both an unsigned copy of the harte-lyne.ca zone: > 07-Jun-2019 19:58:56.342 zone harte-lyne.ca/IN/public (unsigned): > loaded serial 2019070706 and then a signed copy: > 07-Jun-2019 19:58:56.342 zone harte-lyne.ca/IN/public (signed): > loading from master file Does named-checkzone(8) (or named-compilezone(8)) give you any clues? Also, be careful of any journal files named creates -- if you have any of the automatic zone maintenance functionality of bind enabled or you are using dynamic updating at all, then you should 'rndc freeze zonename' the zone before replacing the zone file, and then 'rndc thaw zonename' afterwards. Cheers, Matthew --upPjLuWQYIXCPQMVQRigXBY4M2P4U0TTC-- --2duf4wotnrivtx9E89MvXSOHgM4DZjXhr Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEGfFU7L8RLlBUTj8wAFE/EOCp5OcFAlz7o05fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5 RjE1NEVDQkYxMTJFNTA1NDRFM0YzMDAwNTEzRjEwRTBBOUU0RTcACgkQAFE/EOCp 5OfN6xAAqueitPmR1VvqRKAd6xLVCHKk5faXIyAyv3+uw6QcEtRUpVDv0Uaibg2C h1ZNdqyUBnqvHbf92En7hWaRe5V6CaiLWJZK6zCrm2hXCWvqkt1/4gsYAt3i3DbU EW8B5nYuevWMQnGMGEO+4EQ2EG6gCGT/5kRVoLqGcHc3txR4QYEXyPzVckUJEKiW klUKeiMELVyiTAmsvvbdUDlTeYHSjYC8KwXZHoBiBNYQR69ET9uAH6ncSPVTYy5z Nqugbc+55pH1ME+QYYE7ewZJBOgOiNbwjAD2oXQ9c8gHAINJxtvUKQbqfty9wnS9 m0eLH5OaJgaAtIwJNnXO0B+63JAXk+nkAYlDzA4WVQAPC94xW1BQi+WVSTp/XRqh JdaKk4qzK+p7stojbRKAL52hqss8velU6a9yh+/5Fxr8lJT6+XCCE7u5LVMxasOJ qbKP+Y0gYptus1R9dEfV+zDCKZIIsf10P3eqKeHf/5Rs00ffZEtxBQBNEDaOm71D ivkBhjU1xE3R2Ol/gWNqkZavTge0uhQ680wTv9vU4R6LtMmS5fV9LHKD4cv8+Zwx LluWiCN7RGfgZP178W9p5FEeSF0rG7P2JnMCP0SyqilpA3zJ9TUaOVBDgySdAxXa M7nbM+fRZOT/2l/kSX3gi6TkEIyL5sl/MAbh+SEyAUVYWyxKmok= =SHDg -----END PGP SIGNATURE----- --2duf4wotnrivtx9E89MvXSOHgM4DZjXhr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f2c9eb71-0c37-1508-cefc-22dba25682f3>