Re: size limit on RDATA in nsupdate
Hello Shumon, Shumon Huque shu...@gmail.com writes: On Sat, Feb 21, 2015 at 7:35 AM, Carsten Strotmann c...@strotmann.de wrote: Hi, I'm trying to build an automated update system for OPENPGPKEY records with BIND 9 9.9.6-P2 and nsupate. I've verified the TSIG keys, I can add and remove TXT records with the key under the domain name. Adding a 6K PGP key as OPENPGPKEY does fail with 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1: near eof: unexpected end of input invalid rdata format: unexpected end of input Below is the debug output from nsupdate: I also encountered this limit in nsupdate when I attempted to create my OPENPGPKEY record a while back (I should have sent in a bug report then). Until the bug is fixed, I'd suggest using alternative dynamic update tools. Here's a snippet of python code I used for myself (needs the dnspython module): thanks, this is very useful. --- Carsten Strotmann Email: c...@strotmann.de Blog: strotmann.de ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: size limit on RDATA in nsupdate
Hello Mukund, Mukund Sivaraman m...@isc.org writes: On Sun, Feb 22, 2015 at 12:20:28AM +1100, Mark Andrews wrote: I doubt that it is a buffer issue. The input text buffer is 128K which should be big enough for a 64K rdata. At the top of nsupdate.c, MAXCMD is (128 * 1024) in master and v9_10 whereas it is (4 * 1024) in v9_9. This is probably causing it. Carsten: Can you mail bind9-bugs@ so that a ticket is created (and we'll follow up on that)? will do. the same update works with nsupdate from 9.9.7rc2, using the OPENPGPKEY RR Type (not the generic RR representation). -- Carsten Strotmann Email: c...@strotmann.de Blog: strotmann.de ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
incoming tcp query
Hello, Does Bind accept tcp incoming query by default? Or is there any options to enable this feature? Regards, Shuangrong ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: size limit on RDATA in nsupdate
On Sat, Feb 21, 2015 at 7:35 AM, Carsten Strotmann c...@strotmann.de wrote: Hi, I'm trying to build an automated update system for OPENPGPKEY records with BIND 9 9.9.6-P2 and nsupate. I've verified the TSIG keys, I can add and remove TXT records with the key under the domain name. Adding a 6K PGP key as OPENPGPKEY does fail with 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1: near eof: unexpected end of input invalid rdata format: unexpected end of input Below is the debug output from nsupdate: I also encountered this limit in nsupdate when I attempted to create my OPENPGPKEY record a while back (I should have sent in a bug report then). Until the bug is fixed, I'd suggest using alternative dynamic update tools. Here's a snippet of python code I used for myself (needs the dnspython module): #!/usr/bin/env python # import dns.query, dns.tsigkeyring, dns.update ZONE = huque.com. SERVER = '127.0.0.1' TSIGNAME = local-ddns. TSIGALG = hmac-sha256. TSIGKEY = XXX redacted-key XXX QNAME = 4f7c2705c0f139ede60573f8537a0790fb64df5d4a819af951d259bc._ openpgpkey.huque.com. GEN_RDATA = \# 2229 99010d04 keyring = dns.tsigkeyring.from_text({TSIGNAME : TSIGKEY}) update = dns.update.Update(ZONE, keyring=keyring, keyalgorithm=dns.name.from_text(TSIGALG)) update.add(QNAME, 3600, 61, GEN_RDATA) response = dns.query.tcp(update, SERVER) print response.rcode() # should be zero Shumon Huque ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: size limit on RDATA in nsupdate
I doubt that it is a buffer issue. The input text buffer is 128K which should be big enough for a 64K rdata. Mark In message 86d253zbl1@strotmann.de, Carsten Strotmann writes: Hi, I'm trying to build an automated update system for OPENPGPKEY records with BIND 9 9.9.6-P2 and nsupate. I've verified the TSIG keys, I can add and remove TXT records with the key under the domain name. Adding a 6K PGP key as OPENPGPKEY does fail with 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1: near eof: unexpected end of input invalid rdata format: unexpected end of input Below is the debug output from nsupdate: setup_system() Creating key... namefromtext keycreate reset_system() user_interaction() do_next_command() do_next_command() do_next_command() update_addordelete() do_next_command() start_update() recvsoa() About to create rcvmsg show_message() Reply from SOA query: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 44542 ;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de . IN SOA ;; AUTHORITY SECTION: _openpgpkey.sys4.de.900 IN SOA danens1.sys4.de. hostmaster.sys4.de. 103 7200 3600 3542400 900 ;; TSIG PSEUDOSECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY TSIG hmac-sha256. 1424521459 300 32 1e+FXn+fpeSOtiwXfC4KsDQwyGYO8q5VtS95aqhwJGw= 44542 NOERROR 0 Found zone name: _openpgpkey.sys4.de The master is: danens1.sys4.de send_update() Sending update to 5.45.109.212#53 show_message() Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 10928 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY ANY ;; TSIG PSEUDOSECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY TSIG hmac-sha256. 1424521459 300 32 BoYO8mOklQiZXgOvcM0zGpw+wzuhVQj0Qx1yOBvCu3s= 10928 NOERROR 0 Out of recvsoa update_completed() tsig verification successful show_message() Reply from update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 10928 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;_openpgpkey.sys4.de. IN SOA ;; TSIG PSEUDOSECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY TSIG hmac-sha256. 1424521459 300 32 LAa1ANz/k/B+TwEfMSjw2A+OMPxQQgHZRuvM6uY8WMY= 10928 NOERROR 0 done_update() reset_system() user_interaction() do_next_command() update_addordelete() 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1: near eof: unexpected end of input invalid rdata format: unexpected end of input syntax error Is there an error in the generic RR syntax (generated by hash-slinger)? Might this be an buffer issue? -- Carsten Strotmann Email: c...@strotmann.de Blog: strotmann.de ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: size limit on RDATA in nsupdate
On Sun, Feb 22, 2015 at 12:20:28AM +1100, Mark Andrews wrote: I doubt that it is a buffer issue. The input text buffer is 128K which should be big enough for a 64K rdata. At the top of nsupdate.c, MAXCMD is (128 * 1024) in master and v9_10 whereas it is (4 * 1024) in v9_9. This is probably causing it. Carsten: Can you mail bind9-bugs@ so that a ticket is created (and we'll follow up on that)? Mukund pgplyUDYpO_fV.pgp Description: PGP signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: size limit on RDATA in nsupdate
Addition: this is how the nsupdate line for the record looks like add f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. IN TYPE61 \# 3340 99020d[] The RDATA size after \# seems to be correct. -- Carsten Strotmann Email: c...@strotmann.de Blog: strotmann.de ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
size limit on RDATA in nsupdate
Hi, I'm trying to build an automated update system for OPENPGPKEY records with BIND 9 9.9.6-P2 and nsupate. I've verified the TSIG keys, I can add and remove TXT records with the key under the domain name. Adding a 6K PGP key as OPENPGPKEY does fail with 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1: near eof: unexpected end of input invalid rdata format: unexpected end of input Below is the debug output from nsupdate: setup_system() Creating key... namefromtext keycreate reset_system() user_interaction() do_next_command() do_next_command() do_next_command() update_addordelete() do_next_command() start_update() recvsoa() About to create rcvmsg show_message() Reply from SOA query: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 44542 ;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. IN SOA ;; AUTHORITY SECTION: _openpgpkey.sys4.de.900 IN SOA danens1.sys4.de. hostmaster.sys4.de. 103 7200 3600 3542400 900 ;; TSIG PSEUDOSECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY TSIG hmac-sha256. 1424521459 300 32 1e+FXn+fpeSOtiwXfC4KsDQwyGYO8q5VtS95aqhwJGw= 44542 NOERROR 0 Found zone name: _openpgpkey.sys4.de The master is: danens1.sys4.de send_update() Sending update to 5.45.109.212#53 show_message() Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 10928 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY ANY ;; TSIG PSEUDOSECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY TSIG hmac-sha256. 1424521459 300 32 BoYO8mOklQiZXgOvcM0zGpw+wzuhVQj0Qx1yOBvCu3s= 10928 NOERROR 0 Out of recvsoa update_completed() tsig verification successful show_message() Reply from update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 10928 ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;_openpgpkey.sys4.de. IN SOA ;; TSIG PSEUDOSECTION: f437b55d4fb40f93bbfa04802a6a2bcf8b69d5ee93d1b53259e6e4fc._openpgpkey.sys4.de. 0 ANY TSIG hmac-sha256. 1424521459 300 32 LAa1ANz/k/B+TwEfMSjw2A+OMPxQQgHZRuvM6uY8WMY= 10928 NOERROR 0 done_update() reset_system() user_interaction() do_next_command() update_addordelete() 21-Feb-2015 13:24:19.714 dns_rdata_fromtext: buffer-0x7f04662e14f0:1: near eof: unexpected end of input invalid rdata format: unexpected end of input syntax error Is there an error in the generic RR syntax (generated by hash-slinger)? Might this be an buffer issue? -- Carsten Strotmann Email: c...@strotmann.de Blog: strotmann.de ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users