Hi Sander, > Another wednesday, another resign all run, again with errors. > But now, another message appears: > > | Incrementing serial number in file > "/etc/bind/master/net/freshdot.net/dmz.freshdot.net/zone.db" > | Signing zone "dmz.freshdot.net." > | phased-out option -e (was 'use (RSA) large exponent) > | could not increment serialno of domain vm.freshdot.net. in file > | /etc/bind/master/net/freshdot.net/vm.freshdot.net/zone.db: no > | serial number found in zone file! > | phased-out option -e (was 'use (RSA) large exponent) > | could not increment serialno of domain freshdot.net. in file > | /etc/bind/master/net/freshdot.net/zone.db: no serial number > | found in zone file! > | phased-out option -e (was 'use (RSA) large exponent) > | [ .. ] > > What is this 'phased-out option -e', where does it come from? I guess that you have installed a new bind version. Somewhere in between BIND 9.9.1 and 9.9.2 the option -e of dnssec-keygen was phased out. It is a warning message only.
But I'm wondering why this message appear if a zkt run tries to re-sign
a zone.
> What is the *EXACT* format ZKT expects my SOA record to be in?
> I changed all my zones to this format:
>
> | @ IN SOA ns1.freshdot.net. domain.freshdot.net. (
> | 2013060501 ; Serial
> | 7200 ; Refresh
> | 7200 ; Retry
> | 648000 ; Expire
> | 86400 ) ; Negative Cache TTL
> Indenting is one with SPACES, not TABS. Still gives errors.
> What on earth am i doing wrong?
This looks quite good. There is no need to use SPACES *before* the
serial number. The space for the number itself must be at least 10 chars
wide, which is the case because you are using a serial number which is
10 chars wide.
I just checked the code again, and propably found an error in it.
In is_so_rr() the following condition checks a line if it contains "IN SOA".
if ( (p = strfindstr (line, "IN")) && (soa_p = strfindstr (p+2, "SOA")))
Maybe this is compiler dependend code. If the assignement to p is done
after checking the right condition, then p is undefined.
So could you please try the following patch?
--- soaserial.c-orig 2013-06-05 11:33:36.000000000 +0200
+++ soaserial.c 2013-06-05 11:35:35.000000000 +0200
@@ -171,7 +171,9 @@ static int is_soa_rr (const char *line)
assert ( line != NULL );
/* line contains "IN" and "SOA" ? */
- if ( (p = strfindstr (line, "IN")) && (soa_p = strfindstr (p+2,
"SOA")) )
+ if ( (p = strfindstr (line, "IN")) == NULL )
+ return 0;
+ if ( (soa_p = strfindstr (p+2, "SOA")) != NULL )
{
int len = strlen (line);
Thanks,
Holger
--- soaserial.c-orig 2013-06-05 11:33:36.000000000 +0200
+++ soaserial.c 2013-06-05 11:35:35.000000000 +0200
@@ -171,7 +171,9 @@ static int is_soa_rr (const char *line)
assert ( line != NULL );
/* line contains "IN" and "SOA" ? */
- if ( (p = strfindstr (line, "IN")) && (soa_p = strfindstr (p+2, "SOA")) )
+ if ( (p = strfindstr (line, "IN")) == NULL )
+ return 0;
+ if ( (soa_p = strfindstr (p+2, "SOA")) != NULL )
{
int len = strlen (line);
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________ zkt-users mailing list zkt-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zkt-users
