Skip to content
GitLab
Closed
Issue created by Ghost User@ghost

Zone data cannot be loaded with dnssec-coverage

Summary

The Python application dnssec-coverage cannot load any zone data on my system, which should work according to the documentation / man page. While it still works, it complains about no maximum TTL being set / provided, which should be read from the zone data.

I'm invoking it like this and get the following output:

$ dnssec-coverage -D -K testkeys -f testzones/test.de.zone test.de
Unable to load zone data from testzones/test.de.zone:  cannot use a string pattern on a bytes-like object
WARNING: Maximum TTL value was not specified.  Using 1 week
	 (604800 seconds); re-run with the -m option to get more
	 accurate results.
PHASE 1--Loading keys to check for internal timing problems

WARNING: Key test.de/ED25519/30928 (KSK) using default TTL.

PHASE 2--Scanning future key events for coverage failures
Checking scheduled KSK events for zone test.de, algorithm ED25519...
  Sun Feb 17 20:40:22 UTC 2019:
    Publish: test.de/ED25519/30928 (KSK)
    Activate: test.de/ED25519/30928 (KSK)

No errors found

Checking scheduled ZSK events for zone test.de, algorithm ED25519...
  Sun Feb 17 20:43:36 UTC 2019:
    Publish: test.de/ED25519/54680 (ZSK)
    Activate: test.de/ED25519/54680 (ZSK)

No errors found

BIND version used

BIND 9.13.5 (Development Release) <id:1fbf52c>
running on Linux x86_64 4.20.7-arch1-1-ARCH #1 SMP PREEMPT Wed Feb 6 18:42:40 UTC 2019
built by make with '--prefix=/usr' '--sysconfdir=/etc' '--sbindir=/usr/bin' '--localstatedir=/var' '--disable-static' '--enable-fixed-rrset' '--enable-full-report' '--enable-dnsrps' '--with-python=/usr/bin/python' '--with-geoip' '--with-openssl' '--with-libidn2' '--with-libjson' '--with-libxml2' '--with-lmdb' '--with-libtool' 'CFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
compiled by GCC 8.2.1 20181127
compiled with OpenSSL version: OpenSSL 1.1.1a  20 Nov 2018
linked to OpenSSL version: OpenSSL 1.1.1a  20 Nov 2018
compiled with libxml2 version: 2.9.8
linked to libxml2 version: 20909
compiled with libjson-c version: 0.13.1
linked to libjson-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled

Steps to reproduce

Invoke dnssec-coverage as specified above with the following zone data:

$ORIGIN test.de.
$TTL 1H
@ IN SOA ns1.testns.de. hostmaster.test.de. (
                                2019020901      ; Serial
                                1H              ; Refresh
                                10M             ; Retry
                                1W              ; Expire
                                5M )            ; Negative TTL
@ IN NS ns1.testns.de.
@ 7200 IN A 1.2.3.4

What is the current bug behavior?

Maximum TTL is not set, since loading zone data from zone file fails.

What is the expected correct behavior?

Maximum TTL should be detected automatically without any warning.

Relevant configuration files

Not relevant.

Relevant logs and/or screenshots

Not applicable.

Possible fixes

The underlying problem is in the Python code of coverage, e.g. this also fails:

Python 3.7.2 (default, Jan 10 2019, 23:51:51) 
[GCC 8.2.1 20181127] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from isc import keyzone
>>> keyzone('test.de', './testzones/test.de.zone', '/usr/bin/named-compilezone')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.7/site-packages/isc/keyzone.py", line 46, in __init__
    if re.search('^[:space:]*;', line):
  File "/usr/lib/python3.7/re.py", line 183, in search
    return _compile(pattern, flags).search(string)
TypeError: cannot use a string pattern on a bytes-like object