On Nov 6, 2009, at 3:53 AM, Tom wrote:
> Hi,
>
> I've had a few issues trying to validate NSEC records. I am using
> dnsjava to load a zonefile and then validate signatures. All
> signatures so far have been fine with the exception of RRSIGs for NSEC
> records.
>
> When re-constructing the data for the signature the first record type
> of the NSEC record seems to be missed in the output, eg.
>
> www.tom. 3600 IN NSEC www2.tom. A RRSIG NSEC
> www.tom. 3600 IN RRSIG NSEC 5 2 3600 20091118194406
> 20091104163457 56229 tom. wVc0nokSM..... ;{id = 56229}
>
> With these records TypeBitmap.toWire() will only add the types RRSIGN
> and NSEC to the RRDATA - in other words, it misses out the A.
>
> If I initialize the mapbase variable in the code to 0 instead of -1 it
> works. I can't really follow the code so this could be a dumb
> suggestion ;-)
I received a patch to fix this problem earlier today, and it's now
applied to the svn repository.
Thanks for the report!
Brian
|
