Problem validating NSEC signatures

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I've had a few issues trying to validate NSEC records. I am using
dnsjava to load a zonefile and then validate signatures. All
signatures so far have been fine with the exception of RRSIGs for NSEC
records.

When re-constructing the data for the signature the first record type
of the NSEC record seems to be missed in the output, eg.

www.tom.        3600    IN      NSEC    www2.tom. A RRSIG NSEC
www.tom.        3600    IN      RRSIG   NSEC 5 2 3600 20091118194406
20091104163457 56229 tom. wVc0nokSM..... ;{id = 56229}

With these records TypeBitmap.toWire() will only add the types RRSIGN
and NSEC to the RRDATA - in other words, it misses out the A.

If I initialize the mapbase variable in the code to 0 instead of -1 it
works. I can't really follow the code so this could be a dumb
suggestion ;-)

Regards,
Tom