gzipped error messages served as zone files
Some recent CZDS zone file downloads were missing all zone data. Specifically, the gzipped files were not empty, but their content was error messages, not zone file data. For example: $ gunzip < bayern.zone.gz ;; Couldn't verify signature: expected a TSIG or SIG(0) ; Transfer failed. ;; Couldn't verify signature: expected a TSIG or SIG(0) $ gunzip < jot.zone.gz ;; Couldn't create key icann-axfr: bad base64 encoding ; Transfer failed. ;; Couldn't create key icann-axfr: bad base64 encoding "Transfer failed" should be a dead giveaway that something went wrong. Can we please improve error handling on the portal side so that output of a "dig axfr" to make a snapshot for distribution is only ever packaged up as a .gz file for download by CZDS users if it at least has a valid SOA record in its first few lines? Regards Joe Wein SURBL
Hi Joe, We are aware of this issue, and we are working to fix it immediately. In the meantime, you should now see the latest available zone files for both TLDs. Also, we are working with the registry to fix the AXFR transfer. Best, Victor On 2/2/22, 6:36 PM, "gtld-tech on behalf of Joe Wein via gtld-tech" <gtld-tech-bounces@icann.org on behalf of gtld-tech@icann.org> wrote: Some recent CZDS zone file downloads were missing all zone data. Specifically, the gzipped files were not empty, but their content was error messages, not zone file data. For example: $ gunzip < bayern.zone.gz ;; Couldn't verify signature: expected a TSIG or SIG(0) ; Transfer failed. ;; Couldn't verify signature: expected a TSIG or SIG(0) $ gunzip < jot.zone.gz ;; Couldn't create key icann-axfr: bad base64 encoding ; Transfer failed. ;; Couldn't create key icann-axfr: bad base64 encoding "Transfer failed" should be a dead giveaway that something went wrong. Can we please improve error handling on the portal side so that output of a "dig axfr" to make a snapshot for distribution is only ever packaged up as a .gz file for download by CZDS users if it at least has a valid SOA record in its first few lines? Regards Joe Wein SURBL _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
On 3 Feb 2022, at 2:12 pm, Victor Figueroa via gtld-tech <gtld-tech@icann.org> wrote:
We are aware of this issue, and we are working to fix it immediately.
In the meantime, you should now see the latest available zone files for both TLDs. Also, we are working with the registry to fix the AXFR transfer.
FWIW, today unexpected CZDS content was seen in four gTLDs: Expected SOA not found: digital Expected SOA not found: games Expected SOA not found: ftr Expected SOA not found: dot -- Viktor.
Hi Viktor, We are working to fix this. Apologies for the inconvenience. -Victor On 2/3/22, 3:35 PM, "gtld-tech on behalf of Viktor Dukhovni via gtld-tech" <gtld-tech-bounces@icann.org on behalf of gtld-tech@icann.org> wrote: > On 3 Feb 2022, at 2:12 pm, Victor Figueroa via gtld-tech <gtld-tech@icann.org> wrote: > > We are aware of this issue, and we are working to fix it immediately. > > In the meantime, you should now see the latest available zone files for both TLDs. > Also, we are working with the registry to fix the AXFR transfer. FWIW, today unexpected CZDS content was seen in four gTLDs: Expected SOA not found: digital Expected SOA not found: games Expected SOA not found: ftr Expected SOA not found: dot -- Viktor. _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
It appears that Viktor Dukhovni via gtld-tech <ietf-dane@dukhovni.org> said:
On 3 Feb 2022, at 2:12 pm, Victor Figueroa via gtld-tech <gtld-tech@icann.org> wrote:
We are aware of this issue, and we are working to fix it immediately.
This morning: mango is just a TSIG failure message R's, John
On 4 Feb 2022, at 12:56 pm, John Levine <johnl@taugh.com> wrote:
This morning:
mango is just a TSIG failure message
Separately, I'm lately seeing connections lost in the middle of .COM zone file transfers and have to retry. Not sure where the problem is happening, it could be somewhere between ICANN and my host... Anyone else seeing lost connections before the transfer is completed? -- Viktor.
On 4 Feb 2022, at 12:56 pm, John Levine <johnl@taugh.com> wrote:
This morning:
mango is just a TSIG failure message
Separately, I'm lately seeing connections lost in the middle of .COM zone file transfers and have to retry. Not sure where the problem is happening, it could be somewhere between ICANN and my host... Anyone else seeing lost connections before the transfer is completed?
Same here, we're seeing some .com zone downloads failing in the middle. Joe SURBL
-- Viktor.
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Hi John, This issue has been fixed. Best, Victor ICANN On 2/4/22, 9:57 AM, "John Levine via gtld-tech" <gtld-tech@icann.org> wrote: It appears that Viktor Dukhovni via gtld-tech <ietf-dane@dukhovni.org> said: >> On 3 Feb 2022, at 2:12 pm, Victor Figueroa via gtld-tech <gtld-tech@icann.org> wrote: >> >> We are aware of this issue, and we are working to fix it immediately. This morning: mango is just a TSIG failure message R's, John _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
participants (4)
-
Joe Wein -
John Levine -
Victor Figueroa -
Viktor Dukhovni