On Tue, 17 Jul 2012 13:59:51 +0300, Aki Tuomi wrote: > On Tue, Jul 17, 2012 at 12:49:35PM +0200, Christof Meerwald wrote: >> just noticed that doing an AXFR of a pre-signed zone results in a >> slightly corrupted zone (corrupted NSEC3PARAM record and duplicate >> RRSIG records). Proposed fix is attached to ticket 533 - >> http://wiki.powerdns.com/trac/ticket/533 > Does not look like a "fix", more like workaround for stripping DNSSEC > data from the stream.
Whatever you call it - RRSIG records shouldn't be duplicated during an AXFR. For a pre-signed zone, the RRSIG records are part of the zone data, but the signer tries to add another set of RRSIG records - so one set of RRSIG records need to be suppressed. > What PowerDNS version are you running? 3.1 Christof -- http://cmeerw.org sip:cmeerw at cmeerw.org mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org _______________________________________________ Pdns-dev mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-dev
