[gtld-tech] gzipped error messages served as zone files
Joe Wein
joewein at surbl.org
Thu Feb 3 02:34:44 UTC 2022
Some recent CZDS zone file downloads were missing all zone data.
Specifically, the gzipped files were not empty, but their content was error
messages, not zone file data.
For example:
$ gunzip < bayern.zone.gz
;; Couldn't verify signature: expected a TSIG or SIG(0)
; Transfer failed.
;; Couldn't verify signature: expected a TSIG or SIG(0)
$ gunzip < jot.zone.gz
;; Couldn't create key icann-axfr: bad base64 encoding
; Transfer failed.
;; Couldn't create key icann-axfr: bad base64 encoding
"Transfer failed" should be a dead giveaway that something went wrong.
Can we please improve error handling on the portal side so that output of a
"dig axfr" to make a snapshot for distribution is only ever packaged up as a
.gz file for download by CZDS users if it at least has a valid SOA record in
its first few lines?
Regards
Joe Wein
SURBL
More information about the gtld-tech
mailing list