Problem validating NSEC signatures
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Problem validating NSEC signatures
by mrtom852
::
Rate this Message:
Hi,
I've had a few issues trying to validate NSEC records. I am using dnsjava to load a zonefile and then validate signatures. All signatures so far have been fine with the exception of RRSIGs for NSEC records. When re-constructing the data for the signature the first record type of the NSEC record seems to be missed in the output, eg. www.tom. 3600 IN NSEC www2.tom. A RRSIG NSEC www.tom. 3600 IN RRSIG NSEC 5 2 3600 20091118194406 20091104163457 56229 tom. wVc0nokSM..... ;{id = 56229} With these records TypeBitmap.toWire() will only add the types RRSIGN and NSEC to the RRDATA - in other words, it misses out the A. If I initialize the mapbase variable in the code to 0 instead of -1 it works. I can't really follow the code so this could be a dumb suggestion ;-) Regards, Tom ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ dnsjava-users mailing list dnsjava-users@... https://lists.sourceforge.net/lists/listinfo/dnsjava-users |
|
|
Re: Problem validating NSEC signatures
by Brian Wellington
::
Rate this Message:
On Nov 6, 2009, at 3:53 AM, Tom wrote:
> Hi, > > I've had a few issues trying to validate NSEC records. I am using > dnsjava to load a zonefile and then validate signatures. All > signatures so far have been fine with the exception of RRSIGs for NSEC > records. > > When re-constructing the data for the signature the first record type > of the NSEC record seems to be missed in the output, eg. > > www.tom. 3600 IN NSEC www2.tom. A RRSIG NSEC > www.tom. 3600 IN RRSIG NSEC 5 2 3600 20091118194406 > 20091104163457 56229 tom. wVc0nokSM..... ;{id = 56229} > > With these records TypeBitmap.toWire() will only add the types RRSIGN > and NSEC to the RRDATA - in other words, it misses out the A. > > If I initialize the mapbase variable in the code to 0 instead of -1 it > works. I can't really follow the code so this could be a dumb > suggestion ;-) I received a patch to fix this problem earlier today, and it's now applied to the svn repository. Thanks for the report! Brian ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ dnsjava-users mailing list dnsjava-users@... https://lists.sourceforge.net/lists/listinfo/dnsjava-users |
|
|
Re: Re: Problem validating NSEC signatures
by mrtom852
::
Rate this Message:
On , Brian Wellington <bwelling@...> wrote:
--- snip --- > > I received a patch to fix this problem earlier today, and it's now applied to the svn repository. > Thanks guys! Regards, Tom ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ dnsjava-users mailing list dnsjava-users@... https://lists.sourceforge.net/lists/listinfo/dnsjava-users |
| Free embeddable forum powered by Nabble | Forum Help |
