Skip to content

dnssec-coverage fails with TypeError for KSK with a Deletion date set

Summary

dnssec-coverage fails with a TypeError for a KSK for which a Deletion date set. It doesn't, when only ZSKs with a deletion date are used. But even if a KSK with a deletion date is present for the zone, it fails even with the option -z to restrict it to ZSKs.

BIND version used

BIND 9.11.4-P2-3~bpo9+1-Debian (Extended Support Version) id:7107deb

Steps to reproduce

  1. Create a KSK for a zone.
  2. Create a second KSK for a key rollover event in the future for this zone.
  3. Set the inactivation and deletion times of the first KSK accordingly.
  4. Run dnssec-coverage

that means:

  1. dnssec-keygen -f KSK -a 8 -b 2048 example.com
  2. dnssec-keygen -P +20d -A +40d -f KSK -a 8 -b 2048 example.com
  3. dnssec-settime -I ACTIVATIONTIME-KSK1 -D +40d KSK2.key
  4. dnssec-coverage (either with -z, with -k or without is does occur)

What is the current bug behavior?

Setting a deletion date in 40 days:

dnssec-settime -D +40d *40099.key
./Kexample.com.+008+40099.key
./Kexample.com.+008+40099.private

Then dnssec-coverage fails with a "TypeError: underable types: int() < NoneType()"

dnssec-coverage -k<br>
WARNING: Maximum TTL value was not specified.  Using 1 week<br>
	(604800 seconds); re-run with the -m option to get more<br>
	accurate results.<br>
PHASE 1--Loading keys to check for internal timing problems<br>
Traceback (most recent call last):<br>
 File "/usr/sbin/dnssec-coverage", line 27, in <module><br>
	 isc.coverage.main()<br>
 File "/usr/lib/python3/dist-packages/isc/coverage.py", line 261, in main<br>
	 key.check_postpub(output)<br>
 File "/usr/lib/python3/dist-packages/isc/dnskey.py", line 477, in check_postpub<br>
	 if d - i < timespan:<br>
TypeError: unorderable types: int() < NoneType()

What is the expected correct behavior?

No errors found.

Possible fixes

The error occurs in file "/usr/lib/python3/dist-packages/isc/dnskey.py", line 477, in check_postpub

if d - i < timespan:

but stems from the fact that timespan is of type NoneType and stems therefore most likely from before in line 453:

if timespan = None:
   timespan = self.ttl

and is already there of type NoneType. Though, it is unclear to me, why.

Edited by Mark Andrews
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information