[yadifa-users] Error on parsing TLSA entries

Markus Kolb markus.kolb+yadifa at tower-net.de
Thu Feb 26 00:00:42 CET 2015


I get a parser error when I try to use DNSSEC signed TLSA entries.

The unsigned entry is like:
_25._tcp.example.com. IN TLSA 0 1 1 
3f3e6daad6cc8b2d01d5542dafff0bb18c55053fc6bcb7d15bb40c499da365b9

Signed:
_25._tcp.example.com. 86400 IN TLSA 0 1 1 (
                                         
3F3E6DAAD6CC8B2D01D5542DAFFF0BB18C55
                                         053FC6BCB7D15BB40C499DA365B9 )
                         86400   RRSIG   TLSA 7 5 86400 (
                                         20150327215740 20150225215740 
13217 example.com.
                                         
Ux2WynOjf88qjfbNQ1boE6XCjtga0qW/Ej+H
                                         
T9LgTPbGy5BpdHrtFaKHL6x5fRfqM/sx4rr+
                                         
xOC8bK1FaWsu1aI7iYyYWuFLR3CMeuV+Hrc4
                                         
BPMKUNj13zGdNKcW9+SfupGJ0gSReOT+cb4l
                                         
mwmI/jMdhkj1FHjsZUjB2FU8y32af1k2pKeH
                                         
wCmcDabk9Y3+ARIp1eJNzOaxZ+RwIAplOsff
                                         
PQx2KmmsldtSiGLr6kOh5gA8TugjedtLvhCt
                                         
W7gDZjgd9xIWYH4di1jJUZ+w5n+XeTCugdhA
                                         
25Vwwf/1buhhc5UKpEeMIpOFoZFM0n0Dxo5N
                                         dgSDWAcF2/NMs8ZaaQ== )

Error:
2015-02-25 22:29:00.660960 | zone     | E | parser_copy_rdata: EXPECTED 
EOL: TLSA: PARSER_FOUND_WORD
2015-02-25 22:29:00.660963 | database | E | zone load: reading record 
#21 of zone example.com.: PARSER_FOUND_WORD
2015-02-25 22:29:00.660967 | database | E | zone load: zone 
example.com.: error PARSER_FOUND_WORD (21 record(s) parsed)
2015-02-25 22:29:00.660983 | server   | E | zone load: cannot parse 
master zone file ...

I use nsec3-optout.
Any fix for this?



More information about the yadifa-users mailing list