Package: zonecheck Version: 3.0.5-3 Severity: grave Dear Sebastien,
zonecheck in my sid environment is unusable. It ends up in ERROR when
e.g. checking debian.org:
/usr/lib/ruby/vendor_ruby/dnsruby.rb:413: warning: constant ::TimeoutError is
deprecated
/usr/lib/ruby/vendor_ruby/Dnsruby/code_mapper.rb:110: warning: constant
::Fixnum is deprecated
[… removing duplicated warnings]
ZONE : debian.org
NS <= : dnsnode.debian.org [194.146.106.126, 2001:67C:1010:32::53]
NS : sec2.rcode0.net [176.97.158.100, 2001:67C:10B8::100]
NS : sec1.rcode0.net [192.174.68.100, 2001:67C:1BC::100]
/usr/share/zonecheck/test/connectivity.rb:128: warning: Object#timeout is
deprecated, use Timeout.timeout instead.
[… removing duplicated warnings]
#<Thread:0x00007fe3a8014fa8@/usr/lib/ruby/vendor_ruby/Dnsruby/validator_thread.rb:36
run> terminated with exception (report_on_exception is true):
/usr/lib/ruby/vendor_ruby/Dnsruby/dnssec.rb:260:in `try_validation': comparison
of Integer with Dnsruby::Message::SecurityLevel failed (ArgumentError)
from /usr/lib/ruby/vendor_ruby/Dnsruby/dnssec.rb:229:in
`validate_with_query'
from /usr/lib/ruby/vendor_ruby/Dnsruby/validator_thread.rb:108:in
`validate'
from /usr/lib/ruby/vendor_ruby/Dnsruby/validator_thread.rb:60:in
`do_validate'
from /usr/lib/ruby/vendor_ruby/Dnsruby/validator_thread.rb:37:in `block
in run'
ERROR: comparison of Integer with Dnsruby::Message::SecurityLevel failed
In stretch, I am getting the same Object#timeout warnings, but at least
it returns no error, and debian.org gets a SUCCESS :)
/usr/lib/ruby/vendor_ruby/dnsruby.rb:413: warning: constant ::TimeoutError is
deprecated
ZONE : debian.org
NS <= : dnsnode.debian.org [194.146.106.126, 2001:67C:1010:32::53]
NS : sec1.rcode0.net [192.174.68.100, 2001:67C:1BC::100]
NS : sec2.rcode0.net [176.97.158.100, 2001:67C:10B8::100]
/usr/share/zonecheck/test/connectivity.rb:128:in `chk_udp': Object#timeout is
deprecated, use Timeout.timeout instead.
[… removing duplicated warnings]
_______________
,---------------.|
~~~~ | warning || ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
`---------------'
w> The 'refresh' period should be between 1H and 2D
| Adv: default registry policy
| The registry requires the SOA fields to be inside a defined range:
| the 'expire' should be between 1W and 6W, the 'minimum' between 3M and
| 1W, the 'refresh' between 1H and 2D, and at last the 'retry' between
| 15M and 1D.
`----- -- -- - - -
: The refresh value is 30M and should be between 1H and 2D.
`..... .. .. . . .
=> dnsnode.debian.org/2001:67C:1010:32::53
=> dnsnode.debian.org/194.146.106.126
=> sec1.rcode0.net/192.174.68.100
=> sec2.rcode0.net/176.97.158.100
=> sec2.rcode0.net/2001:67C:10B8::100
=> sec1.rcode0.net/2001:67C:1BC::100
w> The 'retry' period should be between 15M and 1D
| Adv: default registry policy
| The registry requires the SOA fields to be inside a defined range:
| the 'expire' should be between 1W and 6W, the 'minimum' between 3M and
| 1W, the 'refresh' between 1H and 2D, and at last the 'retry' between
| 15M and 1D.
`----- -- -- - - -
: The retry value is 10M and should be between 15M and 1D.
`..... .. .. . . .
=> dnsnode.debian.org/2001:67C:1010:32::53
=> dnsnode.debian.org/194.146.106.126
=> sec1.rcode0.net/192.174.68.100
=> sec2.rcode0.net/176.97.158.100
=> sec2.rcode0.net/2001:67C:10B8::100
=> sec1.rcode0.net/2001:67C:1BC::100
==> SUCCESS (but 12 warning(s))
JFTR, according to
https://www.nic.cz/public_media/IT15/prezentace/Patrik_Wallstrom.pdf
(slide 3), zonecheck (in ruby) is considered as old code. It has been
deprecated in favor of zonemaster (in perl), currently RFP:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780184
Cheers,
-- Santiago
-- System Information:
Debian Release: buster/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.18.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=es_CO.utf8, LC_CTYPE=es_CO.utf8 (charmap=UTF-8), LANGUAGE=es_CO:es
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages zonecheck depends on:
ii iputils-ping 3:20180629-2
ii ruby 1:2.5.1
ii ruby-dnsruby 1.54-2
Versions of packages zonecheck recommends:
pn libopenssl-ruby <none>
zonecheck suggests no packages.
-- no debconf information
signature.asc
Description: PGP signature
