Zone data cannot be loaded with dnssec-coverage
Summary
The Python application dnssec-coverage cannot load any zone data on my system, which should work according to the documentation / man page. While it still works, it complains about no maximum TTL being set / provided, which should be read from the zone data.
I'm invoking it like this and get the following output:
$ dnssec-coverage -D -K testkeys -f testzones/test.de.zone test.de
Unable to load zone data from testzones/test.de.zone: cannot use a string pattern on a bytes-like object
WARNING: Maximum TTL value was not specified. Using 1 week
(604800 seconds); re-run with the -m option to get more
accurate results.
PHASE 1--Loading keys to check for internal timing problems
WARNING: Key test.de/ED25519/30928 (KSK) using default TTL.
PHASE 2--Scanning future key events for coverage failures
Checking scheduled KSK events for zone test.de, algorithm ED25519...
Sun Feb 17 20:40:22 UTC 2019:
Publish: test.de/ED25519/30928 (KSK)
Activate: test.de/ED25519/30928 (KSK)
No errors found
Checking scheduled ZSK events for zone test.de, algorithm ED25519...
Sun Feb 17 20:43:36 UTC 2019:
Publish: test.de/ED25519/54680 (ZSK)
Activate: test.de/ED25519/54680 (ZSK)
No errors foundBIND version used
BIND 9.13.5 (Development Release) <id:1fbf52c>
running on Linux x86_64 4.20.7-arch1-1-ARCH #1 SMP PREEMPT Wed Feb 6 18:42:40 UTC 2019
built by make with '--prefix=/usr' '--sysconfdir=/etc' '--sbindir=/usr/bin' '--localstatedir=/var' '--disable-static' '--enable-fixed-rrset' '--enable-full-report' '--enable-dnsrps' '--with-python=/usr/bin/python' '--with-geoip' '--with-openssl' '--with-libidn2' '--with-libjson' '--with-libxml2' '--with-lmdb' '--with-libtool' 'CFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
compiled by GCC 8.2.1 20181127
compiled with OpenSSL version: OpenSSL 1.1.1a 20 Nov 2018
linked to OpenSSL version: OpenSSL 1.1.1a 20 Nov 2018
compiled with libxml2 version: 2.9.8
linked to libxml2 version: 20909
compiled with libjson-c version: 0.13.1
linked to libjson-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabledSteps to reproduce
Invoke dnssec-coverage as specified above with the following zone data:
$ORIGIN test.de.
$TTL 1H
@ IN SOA ns1.testns.de. hostmaster.test.de. (
2019020901 ; Serial
1H ; Refresh
10M ; Retry
1W ; Expire
5M ) ; Negative TTL
@ IN NS ns1.testns.de.
@ 7200 IN A 1.2.3.4What is the current bug behavior?
Maximum TTL is not set, since loading zone data from zone file fails.
What is the expected correct behavior?
Maximum TTL should be detected automatically without any warning.
Relevant configuration files
Not relevant.
Relevant logs and/or screenshots
Not applicable.
Possible fixes
The underlying problem is in the Python code of coverage, e.g. this also fails:
Python 3.7.2 (default, Jan 10 2019, 23:51:51)
[GCC 8.2.1 20181127] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from isc import keyzone
>>> keyzone('test.de', './testzones/test.de.zone', '/usr/bin/named-compilezone')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.7/site-packages/isc/keyzone.py", line 46, in __init__
if re.search('^[:space:]*;', line):
File "/usr/lib/python3.7/re.py", line 183, in search
return _compile(pattern, flags).search(string)
TypeError: cannot use a string pattern on a bytes-like object