dnssec-conf problem
Gene Czarcinski
gene at czarc.net
Sat Sep 19 19:58:14 UTC 2009
Dnssec was introduced as a default in Fedora 11 and continues in Fedora 12.
The dnssec-conf package was introduced to modify/configure /etc/named.conf for
the dnssec support. Unfortunately, dnssec-conf (specifically /usr/sbin/dnssec-
configure has a significant problem. The problem is documented in bugzilla
reports:
https://bugzilla.redhat.com/show_bug.cgi?id=505754
https://bugzilla.redhat.com/show_bug.cgi?id=510290
https://bugzilla.redhat.com/show_bug.cgi?id=523973
I have closed 510290 and 523973 as dups of 505754.
Report 505754 has a comment by paul at xelerance.com dated 2009-06-25 that the
bug has been found and that the fix in is dnssec-conf 1.22 which will be posted
"today" (2008-06-25). Since that time ... nothing ... including and
especially no 1.22.
I am not sure what happened to Paul (accident? fired? three month vacation? ??)
but there appears to be no active author/creator/maintainer since late June or
since about three months ago.
I noticed that there is a current thread about package maintainers and
responsiveness ... I believe those comments apply here.
I understand that the forthcoming RHEL 6 will be based on Fedora 11 and, as
such, I expect that dnssec-conf will be included. Therefore, this possible
maintainer problem and the associated needed bugfix needs to be addressed.
Until the bugfix is implemented, I suggest that some user documentation be
added to advise users how to work around the problem. The work-arounds I have
found are:
1. Make such that "options" is immediately followed by a right brace ("{")
and the same physical line or the options statement will not recognized .
2. Make sure that the options statement termination ("};") is on its own
physical line.
3. For options sub-statements/items which themselves include a list, make
sure that the closing right brace "}") is not on a separate physical line but
it after the last item in the list. Sub-statements/options-items which
themselves have a list as an operand can occur over multiple physical lines if
this is done.
4. Be sure that and dnssec-<whatever> sub-statements/options-items are on
separate physical lines or or named.conf will be butchered.
Another possible work around may be to remove the dnssec-conf package (I have
not tried this so I am not sure).
Gene
More information about the fedora-devel-list
mailing list