Ted Folkman
2016-09-12 01:00:58 UTC
Hello,
I am a new opendnssec user looking for help solving what seems like a
syntax error in my zone file that is preventing ods-signerd from reading
the file and signing the zone.
I use Debian 8.5 and have installed the bind9 (1:9.9.5.dfsg-9+deb8u6),
opendnssec (1:1.4.6-6), and softhsm (1.3.7-2+deb8u1) packages from the
Debian Jessie repository.
The zonefile is attached.
When I run named-checkzone, the output is as follows, which leads me to
believe the syntax of the zone file is fine:
zone lettersblogatory.com/IN: 'lettersblogatory.com' found SPF/TXT
record but no SPF/SPF record found, add matching type SPF record
zone lettersblogatory.com/IN: loaded serial 2016091110
OK
Here are the relevant lines from syslog:
Sep 11 20:27:50 panda ods-signerd: [namedb] zone lettersblogatory.com
unable to use unixtime as serial: 1473640070 does not increase
2016091110. Serial set to 2016091111
Sep 11 20:27:50 panda ods-signerd: [adapter] error parsing RR at line 37
(Syntax error, could not parse the RR's rdata):
201608._domainkey#011#011#011#011IN#011TXT#011"v=DKIM1; k=rsa; s=email;
""p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG1m0o2ShF92gB0BFcbOSyHm84c3UDYptHoHs9diQxHp4Hl8oHIHcS4uKIWRluzFYSPFKzpQKkaIrjHhttps://panda.blogatory.com/roundcube/?_task=mail&_action=compose&_id=157614925157d5f9460031e#pJ4manINdKE5K/TKkHc4k3PDPdcs7y0zzYfF0eIkHQCVgFskgeuGnPIF4NaNSKQygpBj2aWu60XIcaF6R+HzRv1xmY0F+gAmZ+XPxBs2K0Wcos/G15rLpWn4cT93JNS""XHawRN4SwaRSQ+E3thJ+9i1KBC2ryYcOEf9gvFLWJorlbsw9YEKEpZxceY/ulhoCWuK8Y526IGhXHpNLzi44N2WY8JWpSu3Edm+K62tqItS9K3RaeUUjXyXoNc4zZAFgzAA9IBOwIDAQAB"
Sep 11 20:27:50 panda ods-signerd: [adapter] error reading RR at line 43
(Syntax error, could not parse the RR's rdata):
_dmarc#011#011#011#011#011#011IN#011TXT#011"v=DMARC1; p=none; fo=1;
rua=mailto:***@lettersblogatory.com"
Sep 11 20:27:50 panda ods-signerd: [tools] unable to read zone
lettersblogatory.com: adapter failed (General error)
Sep 11 20:27:50 panda ods-signerd: [worker[1]] CRITICAL: failed to sign
zone lettersblogatory.com: General error
Sep 11 20:27:50 panda ods-signerd: [worker[1]] backoff task [read] for
zone lettersblogatory.com with 960 seconds
Is there some difference between the syntax rules for BIND and
opendnssec? Any help would be greatly appreciated. I have not been able
to find an answer in the documentation or via Google.
Thank you!
I am a new opendnssec user looking for help solving what seems like a
syntax error in my zone file that is preventing ods-signerd from reading
the file and signing the zone.
I use Debian 8.5 and have installed the bind9 (1:9.9.5.dfsg-9+deb8u6),
opendnssec (1:1.4.6-6), and softhsm (1.3.7-2+deb8u1) packages from the
Debian Jessie repository.
The zonefile is attached.
When I run named-checkzone, the output is as follows, which leads me to
believe the syntax of the zone file is fine:
zone lettersblogatory.com/IN: 'lettersblogatory.com' found SPF/TXT
record but no SPF/SPF record found, add matching type SPF record
zone lettersblogatory.com/IN: loaded serial 2016091110
OK
Here are the relevant lines from syslog:
Sep 11 20:27:50 panda ods-signerd: [namedb] zone lettersblogatory.com
unable to use unixtime as serial: 1473640070 does not increase
2016091110. Serial set to 2016091111
Sep 11 20:27:50 panda ods-signerd: [adapter] error parsing RR at line 37
(Syntax error, could not parse the RR's rdata):
201608._domainkey#011#011#011#011IN#011TXT#011"v=DKIM1; k=rsa; s=email;
""p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG1m0o2ShF92gB0BFcbOSyHm84c3UDYptHoHs9diQxHp4Hl8oHIHcS4uKIWRluzFYSPFKzpQKkaIrjHhttps://panda.blogatory.com/roundcube/?_task=mail&_action=compose&_id=157614925157d5f9460031e#pJ4manINdKE5K/TKkHc4k3PDPdcs7y0zzYfF0eIkHQCVgFskgeuGnPIF4NaNSKQygpBj2aWu60XIcaF6R+HzRv1xmY0F+gAmZ+XPxBs2K0Wcos/G15rLpWn4cT93JNS""XHawRN4SwaRSQ+E3thJ+9i1KBC2ryYcOEf9gvFLWJorlbsw9YEKEpZxceY/ulhoCWuK8Y526IGhXHpNLzi44N2WY8JWpSu3Edm+K62tqItS9K3RaeUUjXyXoNc4zZAFgzAA9IBOwIDAQAB"
Sep 11 20:27:50 panda ods-signerd: [adapter] error reading RR at line 43
(Syntax error, could not parse the RR's rdata):
_dmarc#011#011#011#011#011#011IN#011TXT#011"v=DMARC1; p=none; fo=1;
rua=mailto:***@lettersblogatory.com"
Sep 11 20:27:50 panda ods-signerd: [tools] unable to read zone
lettersblogatory.com: adapter failed (General error)
Sep 11 20:27:50 panda ods-signerd: [worker[1]] CRITICAL: failed to sign
zone lettersblogatory.com: General error
Sep 11 20:27:50 panda ods-signerd: [worker[1]] backoff task [read] for
zone lettersblogatory.com with 960 seconds
Is there some difference between the syntax rules for BIND and
opendnssec? Any help would be greatly appreciated. I have not been able
to find an answer in the documentation or via Google.
Thank you!