To: bind9-confidential@isc.org
Content-Type: text/plain; charset="utf-8"
X-Mailer: MIME-tools 5.508 (Entity 5.508)
MIME-Version: 1.0
Date: Fri, 28 Jul 2017 14:51:35 +0000
X-RT-Interface: Web
Message-ID: <rt-4.4.1-5605-1501253495-450.0-0-0@isc.org>
Content-Disposition: inline
From: cathya@isc.org
Subject: dnssec-keymgr reports syntax error when dnssec-policy.conf
 contains zones beginning with a digit, does not exit correctly
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 1005

For example, with this dnssec-policy.conf:

################################################################################
## Do not edit this file, it is autogenerated, edit dnssec-policy.conf.proto  ##
################################################################################
policy default-dnssec {
        directory "/etc/namedb/keys";
        algorithm rsasha512;
        key-size zsk 1024;
        key-size ksk 2048;
        pre-publish zsk 2w;
        post-publish zsk 2w;
        roll-period zsk 2mo;
        roll-period ksk 0;
        coverage 6mo;
};

algorithm-policy RSASHA1 {
        post-publish zsk 2w;
        pre-publish zsk 2w;
        roll-period zsk 2mo;
        roll-period ksk 0;
        coverage 6mo;
};

zone 99example.com {
        policy default-dnssec;
};

Output when run:
# dnssec-keymgr
/usr/local/etc/namedb/dnssec-policy.conf:23:syntax error near '99'


... never exits. 

Domains beginning with numbers do exist, hence the script should be able to work with them.