diff --git a/dnssec-tools/tools/modules/ZoneFile-Fast/Fast.pm b/dnssec-tools/tools/modules/ZoneFile-Fast/Fast.pm index 92f3654..641c24c 100644 --- a/dnssec-tools/tools/modules/ZoneFile-Fast/Fast.pm +++ b/dnssec-tools/tools/modules/ZoneFile-Fast/Fast.pm @@ -799,10 +799,9 @@ sub parse_line } } elsif (/\G(rrsig)[ \t]+/igc) { - if (!/\G(\w+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+/gc) { - error("bad RRSIG data 1"); - } - $rrsig = { + if (/\G(\w+)\s+(\d+)\s+(\d+)\s+(\d+)\s+/gc) { + # some versions of bind (>=10) put the sig-expir on the first line + $rrsig = { first => 1, Line => $ln, name => $domain, @@ -813,8 +812,19 @@ sub parse_line algorithm => $2, labels => $3, orgttl => $4, - sigexpiration => $5 }; + } else { + error("bad RRSIG data 1"); + } + + if (/\G(\d+)\s+/gc) { + # some versions of bind (<10) put the sig-expir on the first line + # and newer ones put it on the next. + $rrsig->{'sigexpiration'} = $1; + } else { + $rrsig->{'needsigexp'} = $1; + } + if (/\G\(\s*$/gc) { # multi-line $parse = \&parse_rrsig; @@ -1104,7 +1114,15 @@ sub parse_rrsig # got more data if ($rrsig->{'first'}) { delete $rrsig->{'first'}; - if (/\G\s*(\d+)\s+(\d+)\s+($pat_maybefullnameorroot)/gc) { + if (exists($rrsig->{'needsigexp'}) && + /\G\s*(\d+)\s+(\d+)\s+(\d+)\s+($pat_maybefullnameorroot)/gc) { + delete $rrsig->{'needsigexp'}; + $rrsig->{'sigexpiration'} = $1; + $rrsig->{'siginception'} = $2; + $rrsig->{'keytag'} = $3; + $rrsig->{'signame'} = $4; + } elsif (!exists($rrsig->{'needsigexp'}) && + /\G\s*(\d+)\s+(\d+)\s+($pat_maybefullnameorroot)/gc) { $rrsig->{'siginception'} = $1; $rrsig->{'keytag'} = $2; $rrsig->{'signame'} = $3; diff --git a/dnssec-tools/tools/modules/ZoneFile-Fast/t/rr-dnssec.t b/dnssec-tools/tools/modules/ZoneFile-Fast/t/rr-dnssec.t index 80abe87..42efb8d 100644 --- a/dnssec-tools/tools/modules/ZoneFile-Fast/t/rr-dnssec.t +++ b/dnssec-tools/tools/modules/ZoneFile-Fast/t/rr-dnssec.t @@ -55,6 +55,22 @@ BEGIN { q{test.dnssec-tools.org. 86400 DS 28827 5 1 23a4c97124ab46e7fb7abb58e36887ff78745ac8}, # a specific test for ttl values that could accidentially match DS q{test.dnssec-tools.org. DS 28827 5 2 7d06a161755f7c7ca0d15b8039c7d7b45fb8e5dd025fcebe209cb07756bbae07}, + # bind 10 puts parens in new places: + q{example.com 10 RRSIG SOA 5 2 10 20080613221109 ( + 20080514221109 51389 example.com. + rQ1d9a6ZCbZvwx47efKJL2s1FbcHzLt4SKca + F2Xwr8YyPyhMffjkdFwtXGLFwvaQ9SE2ocEU + /QpxKmvsqSyE3SyinuuCaR/XF/7XKK/PShUg + iRJ7S/GExtJDfheJ04zydDyIYM8M96GpE920 + 0LfJVZuo+gxwvrvTZiejVn1aNnc= )}, + q{example.com 10 RRSIG SOA 5 2 10 ( + 20080613221109 20080514221109 51389 example.com. + rQ1d9a6ZCbZvwx47efKJL2s1FbcHzLt4SKca + F2Xwr8YyPyhMffjkdFwtXGLFwvaQ9SE2ocEU + /QpxKmvsqSyE3SyinuuCaR/XF/7XKK/PShUg + iRJ7S/GExtJDfheJ04zydDyIYM8M96GpE920 + 0LfJVZuo+gxwvrvTZiejVn1aNnc= )}, + ); }