Hi, Whenever I try to sign a zone (using dnssec-signzone) with a CAA record in it that has a semicolon in the value part of the RDATA like the following RDATA:
0 issue ";" Bind escapes the semicolon so the signed zonefile wil have the following RDATA for the same CAA record: 0 issue "\;" Even though a semicolon should not be escaped when it is inside a quoted string, like in the example (reference: <character-string> https://tools.ietf.org/html/rfc1035#page-35). <character-string> is expressed in one or two ways: as a contiguous set of characters without interior spaces, or as a string beginning with a " and ending with a ". Inside a " delimited string any character can occur, except for a " itself, which must be quoted using \ (back slash). I found out that this happens in the multitxt_totext function in file rdata.c as it matches a semicolon and escapes it. But this function always returns a quoted string, so the code should actually not escape a semicolon. The function multitxt_totext is only used in caa_257.c and uri_256.c. I applied the following patch which solves the issue: --- lib/dns/rdata.c.orig 2017-05-05 15:42:22.943088646 +0200 +++ lib/dns/rdata.c 2017-05-05 15:42:26.466428703 +0200 @@ -1577,8 +1577,8 @@ tl -= 4; continue; } - /* double quote, semi-colon, backslash */ - if (*sp == 0x22 || *sp == 0x3b || *sp == 0x5c) { + /* double quote, backslash */ + if (*sp == 0x22 || *sp == 0x5c) { if (tl < 2) return (ISC_R_NOSPACE); *tp++ = '\\'; I was wondering if I was correct in my assumption and if my patch is indeed the right solution. If this is indeed the right solution I hope this patch could be applied upstream. -- Have a great day, Dion Bosschieter dionbosschie...@gmail.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users