% check-soa masters-consultants.fr
Internal error when processing masters-consultants.fr. 14400 IN RRSIG SOA 8 2 14400 20160121000000 20151231000000 58536 masters-consultants.fr. FOZbAQLnjdq9GPIvAJWUi5LURWMBubbFAMj6q/GVn2mujdU8IjNL+9+pxY/hZCEFd2Fpubkslvl161q6eYXR3Po0xbI54ZDVvGOvUG/7zhHhwZKTYfoksjQdGjrwfyvdg8F0JcMV8v0jd8433Vm+d7VkSeomfbMXOlImKIUutQ1KqlBRrP0tiuhzXWNZmb8jL4nPg46kc/sqmObbQW2Ujg==, unexpected record type
This is because this name server returns the RRSIG before the SOA:
% dig @ns01.one.com SOA masters-consultants.fr
; <<>> DiG 9.10.2-P2 <<>> @ns01.one.com SOA masters-consultants.fr
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9197
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1680
;; QUESTION SECTION:
;masters-consultants.fr. IN SOA
;; ANSWER SECTION:
masters-consultants.fr. 14400 IN RRSIG SOA 8 2 14400 (
20160121000000 20151231000000 58536 masters-consultants.fr.
FOZbAQLnjdq9GPIvAJWUi5LURWMBubbFAMj6q/GVn2mu
jdU8IjNL+9+pxY/hZCEFd2Fpubkslvl161q6eYXR3Po0
xbI54ZDVvGOvUG/7zhHhwZKTYfoksjQdGjrwfyvdg8F0
JcMV8v0jd8433Vm+d7VkSeomfbMXOlImKIUutQ1KqlBR
rP0tiuhzXWNZmb8jL4nPg46kc/sqmObbQW2Ujg== )
masters-consultants.fr. 14400 IN SOA ns01.one.com. hostmaster.one.com. (
2016010811 ; serial
14400 ; refresh (4 hours)
3600 ; retry (1 hour)
1209600 ; expire (2 weeks)
900 ; minimum (15 minutes)
)
;; Query time: 34 msec
;; SERVER: 2001:67c:28cc::10#53(2001:67c:28cc::10)
;; WHEN: Tue Jan 12 10:03:26 CET 2016
;; MSG SIZE rcvd: 324
It is unusual but legal and therefore this bug must be fixed.
This is because this name server returns the RRSIG before the SOA:
It is unusual but legal and therefore this bug must be fixed.
Workaround: do not use DNSSEC: