Package: opendnssec-signer-tools
Version: 1.1.3-3
Severity: normal
File: /usr/lib/opendnssec/opendnssec/quicksorter
When quicksorter attempts to sort a zone containing a long record (in this
case, a 2048-bit DKIM key) it errors out. (If the DKIM key in this zone is
commented out the sort completes successfully.) This prevents the zone from
being signed.
$ /usr/lib/opendnssec/opendnssec/quicksorter -o example.com. -f
example.com.unsorted -w example.com.sorted -m 3600 -t 3600
String '' is too long! (426 bytes)
*** example.com.unsorted
;$origin example.com.
$TTL 3600
@ IN SOA ns.example.com. postmaster.example.com. (
2011012502 ; Serial
10800 ; Refresh (3 hours)
600 ; Retry (10 minutes)
604800 ; Expire (7 days)
86400 ) ; Minimum TTL (1 days)
; Nameservers
IN NS ns1.example.net.
IN NS ns2.example.net.
IN NS ns3.example.net.
IN NS ns4.example.net.
IN MX 10 mail.example.com.
IN MX 20 mx2.example.com.
;; DNSSEC
example.com. 3600 IN DNSKEY 257 3 7
AwEAAY2zybKTLfMB3CCCqXB3i6GQEx2ae2POeRajShs36ibWZ8aWMjIhJFqjdMeKPOsHj/Akmm6LLL3LSWoA6JEwI1JQoVKPqNv4X33jX6FS9ESBAxFVND5DEsz4ng3z+T97u0DryZxoHEWi+RMxBVev/FkTIE7heylk0R+OpXGyAZe/m6NURAhbNwnD0mUT/23+PClzGq6ibBLjxQwaCyOh0PQGu5KqXps4XO0DqPAnaGcZOgzTHKgoSn79NugD123gpuV40d0yVaZHDvMYaCABG7KCtKiPgtXjU2HhtCo3ER69WJu7zg7ig95Ke408/L/+srjw/FJlfE1xBjugUyNfLaE=
;{id = 4506 (ksk), size = 2048b}
example.com. 3600 IN DNSKEY 257 3 7
AwEAAb8qpMrvU6HuVQPY8h1E/LDCtEIYkZK6SkjumGiWSzh/B85o8XbwJa/QGyVpmgPUalMDoj+XmMZ4OyNXnltpFSuLxVCQfz7JRcGBgFHZDN9lUl+t2jfhUgent7+p39p2Xv98KISMdRi8r4rjQQt5ECY/8Do3h7Xt1zEuf6FuCeeB44QRdMXPhAhENAN7QAUMeFOCF+rENBl8neH/Ht58DlMd3BvAgjp/bTJqlOMamF8CYUM09vxgFiWFG3onhDR4AhtvaHg/qIWnIXUf1/PAmgeUBfzYhNsDQ1QRKLu0xltm/vgJoZBdYy2BOXIGoCrI4W0JIfYPyT9k03HxpvJDuPk=
;{id = 4363 (ksk), size = 2048b}
;; basic host address ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
IN A 127.0.0.1
;; dns servers ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
ns IN A 127.0.0.1
;; web servers ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
www IN A 127.0.0.1
;; mail servers ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
mail IN A 127.0.0.1
;; DomainKeys/DKIM
exampledkim._domainkey.example.com. 3600 TXT (
"v=DKIM1; p="
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGQwNWMR38XduuswjFrR"
"iWuOhURUwD7xHx7eM8iwcEy0d+ctnvGzu0S2PDYabzNK+yaLNaMbi2S6KxlBev8n"
"0DjQ4VbYlcOE/W0txTDTUuv2Q7TcOPuTGG1fGzq1LIp0D6lv/KxnAz2s2Pr83xw1"
"kg4M9YKbs2z76mhihg57NqSIl3wCBOdK9cWq0tbdT7IQ4XSPj2tpsEd5ezfc54vf"
"5dzGn66dIMiqYgSV8i82j/sfrpgS02U++8i+5wOpYB+MB1/X2a+WFpQp7z2t/UJI"
"6VAvQqJKVnWorKeGdpK0OdpDI65hhMvpw6jO7TTw3NbPQlDla+dcwC02mpfXiQtw"
"2wIDAQAB")
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-openvz-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages opendnssec-signer-tools depends on:
ii libc6 2.11.2-9 Embedded GNU C Library: Shared lib
ii libhsm0 1.1.3-3 library for interfacing PKCS#11 Ha
ii libldns1 1.6.6-2 ldns library for DNS programming
ii libxml2 2.7.8.dfsg-2 GNOME XML library
opendnssec-signer-tools recommends no packages.
opendnssec-signer-tools suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
