mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Don't sign non-apex DNSKEY records
DNSKEY can only be validated if it is signed by itself. Stop
attempting to sign non apex DNSKEY RRsets.
(cherry picked from commit dd13f41ae1)
This commit is contained in:
Mark Andrews
parent
18bbd71015
commit
e854c65f43
5 changed files with 5 additions and 5 deletions
|
|
@ -1,5 +1,6 @@
|
|||
example. 86400 IN SOA ns2.example. hostmaster.example. 1397051952 5 5 1814400 3600
|
||||
example. 3600 IN NS ns2.example.
|
||||
example. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
|
||||
a01.example. 3600 IN A 0.0.0.0
|
||||
a02.example. 3600 IN A 255.255.255.255
|
||||
a601.example. 3600 IN A6 0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||
|
|
@ -2541,7 +2542,6 @@ dlv.example. 3600 IN DLV 30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
|
|||
dname01.example. 3600 IN DNAME dname-target.
|
||||
dname02.example. 3600 IN DNAME dname-target.example.
|
||||
dname03.example. 3600 IN DNAME .
|
||||
dnskey01.example. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
|
||||
doa01.example. 3600 IN DOA 1234567890 1234567890 1 "image/gif" R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAAAAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeFAgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7
|
||||
doa02.example. 3600 IN DOA 0 1 2 "" aHR0cHM6Ly93d3cuaXNjLm9yZy8=
|
||||
ds01.example. 3600 IN NS ns42.example.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
example8. 86400 IN SOA ns2.example8. hostmaster.example8. 1397051952 5 5 1814400 3600
|
||||
example8. 3600 IN NS ns2.example8.
|
||||
example8. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
|
||||
a01.example8. 3600 IN A 0.0.0.0
|
||||
a02.example8. 3600 IN A 255.255.255.255
|
||||
a601.example8. 3600 IN A6 0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||
|
|
@ -2541,7 +2542,6 @@ dlv.example8. 3600 IN DLV 30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
|
|||
dname01.example8. 3600 IN DNAME dname-target.
|
||||
dname02.example8. 3600 IN DNAME dname-target.example8.
|
||||
dname03.example8. 3600 IN DNAME .
|
||||
dnskey01.example8. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
|
||||
doa01.example8. 3600 IN DOA 1234567890 1234567890 1 "image/gif" R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAAAAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeFAgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7
|
||||
doa02.example8. 3600 IN DOA 0 1 2 "" aHR0cHM6Ly93d3cuaXNjLm9yZy8=
|
||||
ds01.example8. 3600 IN DS 12892 5 2 26584835CA80C81C91999F31CFAF2A0E89D4FF1C8FAFD0DDB31A85C7 19277C13
|
||||
|
|
|
|||
|
|
@ -277,7 +277,7 @@ nsec03 NSEC . TYPE1
|
|||
nsec04 NSEC . TYPE127
|
||||
|
||||
; type 48
|
||||
dnskey01 DNSKEY 512 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
|
||||
@ DNSKEY 512 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
|
||||
9UGRuniJDBzC7w0aRyzWZriO6i2odGWWQVucZqKV
|
||||
sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg
|
||||
a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= )
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
example. 86400 IN SOA ns2.example. hostmaster.example. 1397051952 5 5 1814400 3600
|
||||
example. 3600 IN NS ns2.example.
|
||||
example. 3600 IN NS ns3.example.
|
||||
example. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
|
||||
a01.example. 3600 IN A 0.0.0.0
|
||||
a02.example. 3600 IN A 255.255.255.255
|
||||
a601.example. 3600 IN A6 0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||
|
|
@ -42,7 +43,6 @@ dlv.example. 3600 IN DLV 30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
|
|||
dname01.example. 3600 IN DNAME dname-target.
|
||||
dname02.example. 3600 IN DNAME dname-target.example.
|
||||
dname03.example. 3600 IN DNAME .
|
||||
dnskey01.example. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
|
||||
doa01.example. 3600 IN DOA 1234567890 1234567890 1 "image/gif" R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAAAAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeFAgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7
|
||||
doa02.example. 3600 IN DOA 0 1 2 "" aHR0cHM6Ly93d3cuaXNjLm9yZy8=
|
||||
ds01.example. 3600 IN DS 12892 5 2 26584835CA80C81C91999F31CFAF2A0E89D4FF1C8FAFD0DDB31A85C7 19277C13
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
example. 86400 IN SOA ns2.example. hostmaster.example. 1397051953 5 5 1814400 3600
|
||||
example. 3600 IN NS ns2.example.
|
||||
example. 3600 IN NS ns3.example.
|
||||
example. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
|
||||
a01.example. 3600 IN A 0.0.0.1
|
||||
a02.example. 3600 IN A 255.255.255.255
|
||||
a601.example. 3600 IN A6 0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||
|
|
@ -42,7 +43,6 @@ dlv.example. 3600 IN DLV 30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
|
|||
dname01.example. 3600 IN DNAME dname-target.
|
||||
dname02.example. 3600 IN DNAME dname-target.example.
|
||||
dname03.example. 3600 IN DNAME .
|
||||
dnskey01.example. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
|
||||
doa01.example. 3600 IN DOA 1234567890 1234567890 1 "image/gif" R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAAAAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeFAgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7
|
||||
doa02.example. 3600 IN DOA 0 1 2 "" aHR0cHM6Ly93d3cuaXNjLm9yZy8=
|
||||
ds01.example. 3600 IN NS ns42.example.
|
||||
|
|
|
|||
Loading…
Reference in a new issue