Hi Eric, On Sun, 12 Nov 2017 07:44:26 -0500 Eric Beck <ericb...@cadns.ca> wrote:
Pushing this back to the mailinglist, please keep it there :). > sorry, I realized that I hadn't included my version ... feel free to > update my post or include this in > > version 4.1.0-rc2 Centos 7 > > yum list installed | grep pdns > pdns.x86_64 4.1.0-0.1.rc2.1pdns.el7 > @powerdns-auth-41 > pdns-backend-mysql.x86_64 4.1.0-0.1.rc2.1pdns.el7 > @powerdns-auth-41 > > .... I should have perhaps submitted this as a bug > > I also have an update to my pdns-users post .... I was testing this with > a zone that was not secured. I thought perhaps it was a bug related to > the fact that perhaps the rectification would only work on a domain that > was already DNSSEC secured instead of on any zone. So I tried it also > with another zone which is DNSSEC secured, (NSEC3PARAM, 1 0 1 ab). > There is a further bug in that if you have API-RECTIFY set to 1 in the > domainmetadata table for a secured zone with the NSEC3PARM set, there is > an error with the API. I'll send it to you here, (I've changed the key > and domain name for security). > > > curl -v -X PATCH --data @/home/centos/curl/change.domain.ca -H > 'X-API-Key: ............................' > http://127.0.0.1:8081/api/v1/servers/localhost/zones/domain.ca |jq . > > ------------------- copy output from curl API ----------------------- > * About to connect() to 127.0.0.1 port 8081 (#0) > * Trying 127.0.0.1... > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left > Speed > 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > 0* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0) > > PATCH /api/v1/servers/localhost/zones/domain.ca HTTP/1.1 > > User-Agent: curl/7.29.0 > > Host: 127.0.0.1:8081 > > Accept: */* > > X-API-Key: ............................ > > Content-Length: 255 > > Content-Type: application/x-www-form-urlencoded > > > } [data not shown] > * upload completely sent off: 255 out of 255 bytes > 100 255 0 0 100 255 0 25 0:00:10 0:00:10 --:--:-- > 0< HTTP/1.1 500 Internal Server Error > < Connection: close > < Content-Length: 21 > < Content-Type: text/plain; charset=utf-8 > < Server: PowerDNS/4.1.0-rc2 > < > { [data not shown] > 100 276 100 21 100 255 2 25 0:00:10 0:00:10 --:--:-- > 0 > * Closing connection 0 > parse error: Invalid numeric literal at line 1, column 9 > -------------------- end copy output from curl API ------------------ You send Content-Type: application/x-www-form-urlencoded, but the API only accepts application/json. > So I too off the API-RECTIFY and then put the curl command in a shell > script with the pdnsutil rectify-zone command after it and it was fine. > As I said I haven't tried this with a zone that is secured, but doesn't > have the NSEC3 set. I also didn't try it with a zone with NSEC3 set, > and set to NARROW. Can you check that the zone actually has keys as well? > Sorry I didn't put this in as a bug. I should have really. If you want > I can do that, but I'm thinking you have all the info now from my > testing, so it seems redundant at this point. If this really is a bug, which I doubt at this moment (but I did not attempt to reproduce this), a step-by-step way to reproduce this would really help. Best regards, Pieter -- Pieter Lexis PowerDNS.COM BV -- https://www.powerdns.com _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
