| Summary: |
net-dns/dnssec-tools-2.0-r1 - signed zone rollover requires Net::DNS::RR::NSEC3 |
| Product: |
Gentoo Linux
|
Reporter: |
cjanderson |
| Component: |
Current packages | Assignee: |
No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
| Status: |
CONFIRMED
---
|
|
|
| Severity: |
normal
|
CC: |
cjanderson, perl-request
|
| Priority: |
Normal
|
|
|
| Version: |
unspecified | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=535734
|
| Whiteboard: |
|
|
Package list:
|
|
Runtime testing required:
|
---
|
|---|
rollerd from the net-dns/dnssec-tools-2.0-r1 package needs Net::DNS::RR::NSEC this to work with nsec3 zone files. There is no ebuild for this in the portage tree, but I was able to install this from CPAN. The problem is a bit involved but I will give it a go. When you sign a zone with NSEC3 and want to use rollerd to do the zone rollovers you need the perl module Net::DNS::RR::NSEC installed as well as signing zones without line breaks (-szopts -O full). The dependancy is here: /usr/lib64/perl5/vendor_perl/5.16.3/Net/DNS/ZoneFile/Fast.pm 953 } elsif (/\G(nsec3)[ \t]+/igc) { 954 error ("You are missing required modules for NSEC3 support") 955 if (!$nsec3capable); This isn't the same problem as https://bugs.launchpad.net/ubuntu/+source/dnssec-tools/+bug/1215093 as the zones were already on one line. Reproducible: Always Steps to Reproduce: 1. setup dnssec bind and a signed zone file with nsec3 signed using zonesigner with the "-O full" option 2. ask rollerd to automagically sign the zone. (ie. issue a rollctl -rollzone <zone name> 3. Wait for the zone roll over to start (60 seconds at most by default), and see the error: "You are missing required modules for NSEC3 support"