I've tracked the error down to
"/usr/share/perl5/Net/DNS/ZoneFile/Fast.pm". It has three tests which
all report "bad NSEC data" so I added unique numbers into each error
message. The 2nd one generates the error. It appears the fault is in the
regular expression. The code is:
} elsif (/\G(nsec3)[ \t]+/igc) {
error ("You are missing required modules for NSEC3 support")
if (!$nsec3capable);
if
(/\G\s*(\d+)\s+(\d+)\s+(\d+)\s+([-0-9A-Fa-f]+)\s+($pat_maybefullname)\s+(.*?)$pat_skip$/gc)
{
# XXX: set the typebm field ourselves?
my ($alg, $flags, $iters, $salt, $nxthash, $typelist) =
($1, $2, $3, $4, $5, $6);
$typelist = join(" ",sort split(/\s+/,$typelist));
my $binhash = MIME::Base32::decode(uc($nxthash));
push @zone,
{
Line => $ln,
name => $domain,
class => "IN",
ttl => $ttl,
type => "NSEC3",
hashalgo => $alg,
flags => $flags,
iterations => $iters,
hnxtname => $nxthash,
hnxtnamebin => $binhash,
hashlength => length($binhash),
salt => $salt,
saltbin => pack("H*",$salt),
saltlength => int(length($salt)/2),
typelist => $typelist,
typebm =>
Net::DNS::RR::NSEC::_typearray2typebm(split(/\s+/,$typelist)),
};
} else {
error("bad NSEC data (#2)");
}
}
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1215093
Title:
"Bad NSEC data" when using zonesigner -usensec3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnssec-tools/+bug/1215093/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
