ldns-signzone is not able to sign zones with long GPG keys. Even ldns-read-zone is not able to parse these zones. nsd and dnssec-signzone are able to deal with them.
This is a light version of the seblu.net zone with my GPG key built following RFC 7929 recipe. The key is long, 25116 bytes in based64.
Reading the zone with ldns tools, the following error message is displayed.
$ ldns-read-zone seblu.net.zone
Syntax error, could not parse the RR at 132
After some digging, it looks like the issue is in ldns_rr_new_frm_fp_l function in rr.c. The use of a constant LDNS_MAX_LINELEN limit the size of records that can be parsed.
The constant is defined in parse.h:
#define LDNS_MAX_LINELEN 10230
A workaround is to set this constant to a higher value.
Certainly, this restriction is quite annoying yes. Commit 4294a91 resolves this at least for tools using ldns_rr_new_frm_fp_l() to read zone files. This includes the example tools.
ldns-signzone
is not able to sign zones with long GPG keys. Evenldns-read-zone
is not able to parse these zones.nsd
anddnssec-signzone
are able to deal with them.This is a light version of the
seblu.net
zone with my GPG key built following RFC 7929 recipe. The key is long, 25116 bytes in based64.Reading the zone with ldns tools, the following error message is displayed.
After some digging, it looks like the issue is in
ldns_rr_new_frm_fp_l
function inrr.c
. The use of a constantLDNS_MAX_LINELEN
limit the size of records that can be parsed.The constant is defined in
parse.h
:A workaround is to set this constant to a higher value.