Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 497664 - net-dns/dnssec-tools-2.0-r1 - signed zone rollover requires Net::DNS::RR::NSEC3
Summary: net-dns/dnssec-tools-2.0-r1 - signed zone rollover requires Net::DNS::RR::NSEC3
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
: 504652 (view as bug list)
Depends on:
Blocks:
 
Reported: 2014-01-10 04:11 UTC by cjanderson
Modified: 2018-11-25 10:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description cjanderson 2014-01-10 04:11:29 UTC
rollerd from the net-dns/dnssec-tools-2.0-r1 package needs Net::DNS::RR::NSEC this to work with nsec3 zone files.

There is no ebuild for this in the portage tree, but I was able to install this from CPAN.

The problem is a bit involved but I will give it a go.

When you sign a zone with NSEC3 and want to use rollerd to do the zone rollovers  you need the perl module Net::DNS::RR::NSEC  installed as well as signing zones without line breaks (-szopts -O full).

The dependancy is here:
/usr/lib64/perl5/vendor_perl/5.16.3/Net/DNS/ZoneFile/Fast.pm
 953       } elsif (/\G(nsec3)[ \t]+/igc) {
 954           error ("You are missing required modules for NSEC3 support")
 955             if (!$nsec3capable);

This isn't the same problem as https://bugs.launchpad.net/ubuntu/+source/dnssec-tools/+bug/1215093 as the zones were already on one line.


Reproducible: Always

Steps to Reproduce:
1. setup dnssec bind and a signed zone file with nsec3 signed using zonesigner with the "-O full" option
2. ask rollerd to automagically sign the zone. (ie. issue a rollctl -rollzone <zone name>
3. Wait for the zone roll over to start (60 seconds at most by default), and see the error: "You are missing required modules for NSEC3 support"
Comment 1 Michael Weber (RETIRED) gentoo-dev 2014-11-06 20:14:52 UTC
correct, as well as Net::DNS::SEC and MIME::Base32.

We used an local overlay with 

g-cpan -p <Package name>

@perl any suggestions?
Comment 2 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-01-12 22:12:54 UTC
*** Bug 504652 has been marked as a duplicate of this bug. ***