Hi Sander,

> Another wednesday, another resign all run, again with errors.
> But now, another message appears:
> 
> | Incrementing serial number in file 
> "/etc/bind/master/net/freshdot.net/dmz.freshdot.net/zone.db"
> | Signing zone "dmz.freshdot.net."
> | phased-out option -e (was 'use (RSA) large exponent)
> | could not increment serialno of domain vm.freshdot.net. in file
> |     /etc/bind/master/net/freshdot.net/vm.freshdot.net/zone.db: no
> |     serial number found in zone file!
> | phased-out option -e (was 'use (RSA) large exponent)
> | could not increment serialno of domain freshdot.net. in file
> |     /etc/bind/master/net/freshdot.net/zone.db: no serial number
> |     found in zone file!
> | phased-out option -e (was 'use (RSA) large exponent)
> | [ .. ]
> 
> What is this 'phased-out option -e', where does it come from?
I guess that you have installed a new bind version. Somewhere in between
BIND 9.9.1 and 9.9.2 the option -e of dnssec-keygen was phased out.
It is a warning message only.

But I'm wondering why this message appear if a zkt run tries to re-sign
a zone.


> What is the *EXACT* format ZKT expects my SOA record to be in?
> I changed all my zones to this format:
> 
> | @                IN SOA       ns1.freshdot.net. domain.freshdot.net. (
> |                               2013060501   ; Serial
> |                               7200         ; Refresh
> |                               7200         ; Retry
> |                               648000       ; Expire
> |                               86400 )      ; Negative Cache TTL
> Indenting is one with SPACES, not TABS. Still gives errors.
> What on earth am i doing wrong?
This looks quite good. There is no need to use SPACES *before* the
serial number. The space for the number itself must be at least 10 chars
wide, which is the case because you are using a serial number which is
10 chars wide.

I just checked the code again, and propably found an error in it.
In is_so_rr() the following condition checks a line if it contains "IN SOA".
if ( (p = strfindstr (line, "IN")) && (soa_p = strfindstr (p+2, "SOA")))

Maybe this is compiler dependend code. If the assignement to p is done
after checking the right condition, then p is undefined.
So could you please try the following patch?

--- soaserial.c-orig    2013-06-05 11:33:36.000000000 +0200
+++ soaserial.c 2013-06-05 11:35:35.000000000 +0200
@@ -171,7 +171,9 @@ static      int     is_soa_rr (const char *line)
        assert ( line != NULL );

                        /* line contains "IN" and "SOA" ? */
-       if ( (p = strfindstr (line, "IN")) && (soa_p = strfindstr (p+2,
"SOA")) )
+       if ( (p = strfindstr (line, "IN")) == NULL )
+               return 0;
+       if ( (soa_p = strfindstr (p+2, "SOA")) != NULL )
        {
                int     len = strlen (line);

Thanks,
 Holger

--- soaserial.c-orig	2013-06-05 11:33:36.000000000 +0200
+++ soaserial.c	2013-06-05 11:35:35.000000000 +0200
@@ -171,7 +171,9 @@ static	int	is_soa_rr (const char *line)
 	assert ( line != NULL );
 
 			/* line contains "IN" and "SOA" ? */
-	if ( (p = strfindstr (line, "IN")) && (soa_p = strfindstr (p+2, "SOA")) )
+	if ( (p = strfindstr (line, "IN")) == NULL )
+		return 0;
+	if ( (soa_p = strfindstr (p+2, "SOA")) != NULL )
 	{
 		int	len = strlen (line);
 

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
zkt-users mailing list
zkt-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zkt-users

Reply via email to