[nsd-users] ldns (DNSSEC) and case-sensivity

Michael Tokarev mjt at tls.msk.ru
Fri Oct 28 09:28:21 CEST 2011


On 28.10.2011 00:29, Paul Wouters wrote:
> On Thu, 27 Oct 2011, Michael Tokarev wrote:
[]
>> I asked in #unbound on freenode, but noticed that IN-ADDR.ARPA
>> in the $ORIGIN line is written in UPPER-case, while all the rest
>> uses lowercase.
>>
>> So I tried lowercasing it, and voila, everything worked.
> 
> Do you run unbound with use-caps-for-id: yes ? Some name servers don't handle that properly.

No, I never used that option on any of 200+ our machines
running unbound.. ;)

>> I'm using command-line ldns tools to perform the signing, --
>> ldns-keygen, ldns-signzone etc.

BTW, apparently ldns-verify also does not verify the resulting
zone (in local file just after ldns-signzone), so it's definitely
ldns bug.

Thanks!

/mjt


More information about the nsd-users mailing list