Bug 1447 - ldns-verify-zone does not give constant answers between runs of the software
ldns-verify-zone does not give constant answers between runs of the software
Product: ldns
Classification: Unclassified
Component: drill/tools
x86_64 OpenBSD
: P5 normal
Assigned To: LDNS dev team
Depends on:
  Show dependency treegraph
Reported: 2017-09-20 23:09 CEST by stephane
Modified: 2017-10-20 13:47 CEST (History)
1 user (show)

See Also:

test that validate my zone (27.19 KB, application/octet-stream)
2017-09-21 20:24 CEST, stephane
test that fail on my zone (27.68 KB, application/octet-stream)
2017-09-21 20:25 CEST, stephane
zonefile (all created using ldns commands) (24.66 KB, application/octet-stream)
2017-09-21 20:26 CEST, stephane

Note You need to log in before you can comment on or make changes to this bug.
Description stephane 2017-09-20 23:09:23 CEST
When running several times to check a zone file, the answer would be once that the zone contains errors, or that it's all fine.

Most times, the first run gets an error. If I run the exact same test on the same zonefile 5 seconds later, the zone is validated.

This bug happens when running as casual user or root.
Comment 1 Willem Toorop 2017-09-21 09:43:13 CEST
Hi Stephane,

What failure is reported.
Could you run ldns-verify-zone with the -V 5 option to increase verbosity.

Have you tried ldns-verify-zone from version 1.7.0?

Could I perhaps try myself with your zone?


-- Willem
Comment 2 stephane 2017-09-21 20:24:24 CEST
Created attachment 455 [details]
test that validate my zone
Comment 3 stephane 2017-09-21 20:25:16 CEST
Created attachment 456 [details]
test that fail on my zone
Comment 4 stephane 2017-09-21 20:26:25 CEST
Created attachment 457 [details]
zonefile (all created using ldns commands)
Comment 5 stephane 2017-09-21 20:30:22 CEST
I can test only 1.6.7 on my OpenBSD server (stable). I have ran the test on my desktop (Chakra-Linux) and it bugs as well (yet the version is still 1.6.7, my distro seems to be a bit lagging).

I joined two tests on the bug and one of zonefile.
Comment 6 stephane 2017-10-19 22:28:23 CEST

I moved my server to OpenBSD 6.2 and ldns to 1.7. I still get this error.
Comment 7 Willem Toorop 2017-10-20 13:47:14 CEST
Hi Stephane,

I suspect it is the chasing part that plays you parts here.
It is annoying that issues with that are not so clearly communicated.
I can work on this, but only after next week.
I'll keep you informed.

In the mean time, you might check with the DS records from 22decembre.eu to the issues with chasing?

$ cat 22decembre.ds.key 
22decembre.eu.		85113	IN	DS	49366 10 2 71A8033B1BB30E52C55A1B831F502606F0ADA53965C9B4A7D7C6A203 40A0C336
22decembre.eu.		85113	IN	DS	55059 10 2 42883405DDDCFA5E7D473F07E75E17911B16518EB902851C918974C9 9B8ABD34
$ ldns-verify-zone -k 22decembre.ds.key 22decembre.eu -t 20170925000000
Zone is verified and complete