Hi,

I have two installations of Bind 9.3.4 (Debian Etch) and one server
seems ok, but second one will not put SOA as the first record in signed
zone.
I have no idea why.

What happens is that I have a simple zone :

; zone 'sample.cz'
$TTL 86400

@ IN SOA ns.s.cz. hostmaster.s.cz. (
2002083003 ; Serial
28800 ; Refresh 8 hours
7200 ; Retry 2 hours
604800 ; Expire 7 days
86400) ; Negative Cache TTL 1 day

IN NS ns.s.cz.
IN NS ns2.s.cz.

@ IN A 192.168.1.1
www IN CNAME test.s.cz.


And result after using dnssec-signzone is:

; File written on Thu Sep 4 21:34:53 2008
; dnssec_signzone version 9.3.4-P1.1
www.sample.cz. 86400 IN CNAME test.s.cz.
86400 RRSIG CNAME 5 3 86400 20081004183453 (
20080904183453 41106 sample.cz.

bCF4kHTZ8IodhU59RTxGUiVJYVcXdTyhUGu5

0OkkyV+CZ+JKGGFdBQSV/i9WZNY32BIrGGWU

ug3zHC3uQdpA68g3Vf1a6KphKz2ZtMc4MBb3

MAi2jh3HHdOonYx9ZuqNgi81qrGPs1XVc1D7
H4fVZDoDwrXjPqgHHBPsbsW+jGw= )
86400 NSEC sample.cz. CNAME RRSIG NSEC
86400 RRSIG NSEC 5 3 86400 20081004183453 (
20080904183453 41106 sample.cz.

Yk4uwpqTlJKz2PkpGis+lTgwOzvfGUJj8xSm

FhNsKL/9D4f0mS8nwYQnqfJInbAilLMZo+XV

LZMfZw1fogsutDV0aKEkqMZtQEznikG/ShdZ

qkI6TCQKwrfS475+gla0gH+0xCZ//37DvySY
xp1X/3l3nxaVq2kUFD8fnBgiu/E= )
sample.cz. 86400 IN SOA ns.s.cz. hostmaster.s.cz. (

Is it bug/config issue or order doesn't matter ? And as I said other
server (same OS + Bind) is ok :/

Thanks.

Regards,

Michal