Package: zonecheck Version: 3.0.5-3 Severity: grave Dear Sebastien,
zonecheck in my sid environment is unusable. It ends up in ERROR when e.g. checking debian.org: /usr/lib/ruby/vendor_ruby/dnsruby.rb:413: warning: constant ::TimeoutError is deprecated /usr/lib/ruby/vendor_ruby/Dnsruby/code_mapper.rb:110: warning: constant ::Fixnum is deprecated [… removing duplicated warnings] ZONE : debian.org NS <= : dnsnode.debian.org [194.146.106.126, 2001:67C:1010:32::53] NS : sec2.rcode0.net [176.97.158.100, 2001:67C:10B8::100] NS : sec1.rcode0.net [192.174.68.100, 2001:67C:1BC::100] /usr/share/zonecheck/test/connectivity.rb:128: warning: Object#timeout is deprecated, use Timeout.timeout instead. [… removing duplicated warnings] #<Thread:0x00007fe3a8014fa8@/usr/lib/ruby/vendor_ruby/Dnsruby/validator_thread.rb:36 run> terminated with exception (report_on_exception is true): /usr/lib/ruby/vendor_ruby/Dnsruby/dnssec.rb:260:in `try_validation': comparison of Integer with Dnsruby::Message::SecurityLevel failed (ArgumentError) from /usr/lib/ruby/vendor_ruby/Dnsruby/dnssec.rb:229:in `validate_with_query' from /usr/lib/ruby/vendor_ruby/Dnsruby/validator_thread.rb:108:in `validate' from /usr/lib/ruby/vendor_ruby/Dnsruby/validator_thread.rb:60:in `do_validate' from /usr/lib/ruby/vendor_ruby/Dnsruby/validator_thread.rb:37:in `block in run' ERROR: comparison of Integer with Dnsruby::Message::SecurityLevel failed In stretch, I am getting the same Object#timeout warnings, but at least it returns no error, and debian.org gets a SUCCESS :) /usr/lib/ruby/vendor_ruby/dnsruby.rb:413: warning: constant ::TimeoutError is deprecated ZONE : debian.org NS <= : dnsnode.debian.org [194.146.106.126, 2001:67C:1010:32::53] NS : sec1.rcode0.net [192.174.68.100, 2001:67C:1BC::100] NS : sec2.rcode0.net [176.97.158.100, 2001:67C:10B8::100] /usr/share/zonecheck/test/connectivity.rb:128:in `chk_udp': Object#timeout is deprecated, use Timeout.timeout instead. [… removing duplicated warnings] _______________ ,---------------.| ~~~~ | warning || ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ `---------------' w> The 'refresh' period should be between 1H and 2D | Adv: default registry policy | The registry requires the SOA fields to be inside a defined range: | the 'expire' should be between 1W and 6W, the 'minimum' between 3M and | 1W, the 'refresh' between 1H and 2D, and at last the 'retry' between | 15M and 1D. `----- -- -- - - - : The refresh value is 30M and should be between 1H and 2D. `..... .. .. . . . => dnsnode.debian.org/2001:67C:1010:32::53 => dnsnode.debian.org/194.146.106.126 => sec1.rcode0.net/192.174.68.100 => sec2.rcode0.net/176.97.158.100 => sec2.rcode0.net/2001:67C:10B8::100 => sec1.rcode0.net/2001:67C:1BC::100 w> The 'retry' period should be between 15M and 1D | Adv: default registry policy | The registry requires the SOA fields to be inside a defined range: | the 'expire' should be between 1W and 6W, the 'minimum' between 3M and | 1W, the 'refresh' between 1H and 2D, and at last the 'retry' between | 15M and 1D. `----- -- -- - - - : The retry value is 10M and should be between 15M and 1D. `..... .. .. . . . => dnsnode.debian.org/2001:67C:1010:32::53 => dnsnode.debian.org/194.146.106.126 => sec1.rcode0.net/192.174.68.100 => sec2.rcode0.net/176.97.158.100 => sec2.rcode0.net/2001:67C:10B8::100 => sec1.rcode0.net/2001:67C:1BC::100 ==> SUCCESS (but 12 warning(s)) JFTR, according to https://www.nic.cz/public_media/IT15/prezentace/Patrik_Wallstrom.pdf (slide 3), zonecheck (in ruby) is considered as old code. It has been deprecated in favor of zonemaster (in perl), currently RFP: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780184 Cheers, -- Santiago -- System Information: Debian Release: buster/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=es_CO.utf8, LC_CTYPE=es_CO.utf8 (charmap=UTF-8), LANGUAGE=es_CO:es (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages zonecheck depends on: ii iputils-ping 3:20180629-2 ii ruby 1:2.5.1 ii ruby-dnsruby 1.54-2 Versions of packages zonecheck recommends: pn libopenssl-ruby <none> zonecheck suggests no packages. -- no debconf information
signature.asc
Description: PGP signature