diff --git a/dnssec-tools/tools/modules/ZoneFile-Fast/Fast.pm b/dnssec-tools/tools/modules/ZoneFile-Fast/Fast.pm
index 92f3654..641c24c 100644
--- a/dnssec-tools/tools/modules/ZoneFile-Fast/Fast.pm
+++ b/dnssec-tools/tools/modules/ZoneFile-Fast/Fast.pm
@@ -799,10 +799,9 @@ sub parse_line
}
} elsif (/\G(rrsig)[ \t]+/igc) {
- if (!/\G(\w+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+/gc) {
- error("bad RRSIG data 1");
- }
- $rrsig = {
+ if (/\G(\w+)\s+(\d+)\s+(\d+)\s+(\d+)\s+/gc) {
+ # some versions of bind (>=10) put the sig-expir on the first line
+ $rrsig = {
first => 1,
Line => $ln,
name => $domain,
@@ -813,8 +812,19 @@ sub parse_line
algorithm => $2,
labels => $3,
orgttl => $4,
- sigexpiration => $5
};
+ } else {
+ error("bad RRSIG data 1");
+ }
+
+ if (/\G(\d+)\s+/gc) {
+ # some versions of bind (<10) put the sig-expir on the first line
+ # and newer ones put it on the next.
+ $rrsig->{'sigexpiration'} = $1;
+ } else {
+ $rrsig->{'needsigexp'} = $1;
+ }
+
if (/\G\(\s*$/gc) {
# multi-line
$parse = \&parse_rrsig;
@@ -1104,7 +1114,15 @@ sub parse_rrsig
# got more data
if ($rrsig->{'first'}) {
delete $rrsig->{'first'};
- if (/\G\s*(\d+)\s+(\d+)\s+($pat_maybefullnameorroot)/gc) {
+ if (exists($rrsig->{'needsigexp'}) &&
+ /\G\s*(\d+)\s+(\d+)\s+(\d+)\s+($pat_maybefullnameorroot)/gc) {
+ delete $rrsig->{'needsigexp'};
+ $rrsig->{'sigexpiration'} = $1;
+ $rrsig->{'siginception'} = $2;
+ $rrsig->{'keytag'} = $3;
+ $rrsig->{'signame'} = $4;
+ } elsif (!exists($rrsig->{'needsigexp'}) &&
+ /\G\s*(\d+)\s+(\d+)\s+($pat_maybefullnameorroot)/gc) {
$rrsig->{'siginception'} = $1;
$rrsig->{'keytag'} = $2;
$rrsig->{'signame'} = $3;
diff --git a/dnssec-tools/tools/modules/ZoneFile-Fast/t/rr-dnssec.t b/dnssec-tools/tools/modules/ZoneFile-Fast/t/rr-dnssec.t
index 80abe87..42efb8d 100644
--- a/dnssec-tools/tools/modules/ZoneFile-Fast/t/rr-dnssec.t
+++ b/dnssec-tools/tools/modules/ZoneFile-Fast/t/rr-dnssec.t
@@ -55,6 +55,22 @@ BEGIN {
q{test.dnssec-tools.org. 86400 DS 28827 5 1 23a4c97124ab46e7fb7abb58e36887ff78745ac8},
# a specific test for ttl values that could accidentially match DS
q{test.dnssec-tools.org. DS 28827 5 2 7d06a161755f7c7ca0d15b8039c7d7b45fb8e5dd025fcebe209cb07756bbae07},
+ # bind 10 puts parens in new places:
+ q{example.com 10 RRSIG SOA 5 2 10 20080613221109 (
+ 20080514221109 51389 example.com.
+ rQ1d9a6ZCbZvwx47efKJL2s1FbcHzLt4SKca
+ F2Xwr8YyPyhMffjkdFwtXGLFwvaQ9SE2ocEU
+ /QpxKmvsqSyE3SyinuuCaR/XF/7XKK/PShUg
+ iRJ7S/GExtJDfheJ04zydDyIYM8M96GpE920
+ 0LfJVZuo+gxwvrvTZiejVn1aNnc= )},
+ q{example.com 10 RRSIG SOA 5 2 10 (
+ 20080613221109 20080514221109 51389 example.com.
+ rQ1d9a6ZCbZvwx47efKJL2s1FbcHzLt4SKca
+ F2Xwr8YyPyhMffjkdFwtXGLFwvaQ9SE2ocEU
+ /QpxKmvsqSyE3SyinuuCaR/XF/7XKK/PShUg
+ iRJ7S/GExtJDfheJ04zydDyIYM8M96GpE920
+ 0LfJVZuo+gxwvrvTZiejVn1aNnc= )},
+
);
}
distrib
>
Fedora
>
16
>
x86_64
>
media
>
updates-src
>
by-pkgid
>
4d2ae5dc6c575eaba3dcffe3de5cbe2d
>
files
>
4
