Bug 1078295

Summary: bind-dyndb-ldap crashes when handling DNS64 query
Product: Red Hat Enterprise Linux 7 Reporter: Petr Spacek <pspacek>
Component: bind-dyndb-ldapAssignee: Petr Spacek <pspacek>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: dpal, jgalipea, mkosek, pspacek, thozza
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/dc4a43eae339736fc0a37067fa86038b9db1e30f
Whiteboard: abrt_hash:9660416a741e7beebfc2903bafdf985ae7b8e19d
Fixed In Version: bind-dyndb-ldap-5.2-1.el7 Doc Type: Bug Fix
Doc Text:
The bind-dyndb-ldap plug-in did not fully support the DNS64 technology. As a consequence, the BIND daemon configured with DNS64 terminated unexpectedly when a DNS64 query was processed by bind-dyndb-ldap. The bug was fixed and BIND daemon no longer terminates while processing DNS64 query.
 Story Points: ---
Clone Of: 1076775 Environment:
Last Closed: 2015-03-05 09:29:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1076775, 1109759    
Bug Blocks:    

Description Petr Spacek 2014-03-19 14:46:30 UTC 
+++ This bug was initially created as a clone of Bug #1076775 +++
Version-Release number of selected component:
bind-9.9.3-14.P2.fc19
bind-dyndb-ldap-3.5-1.fc19

bind-dyndb-ldap-3.5-1.el7 has the same codebase.

Additional info:
cmdline:        /usr/sbin/named -u named
crash_function: assertion_failed
executable:     /usr/sbin/named
type:           CCpp
uid:            25

Truncated backtrace:
Thread no. 1 (8 frames)
 #2 assertion_failed at ./main.c:219
 #3 isc_assertion_failed at assertions.c:57
 #4 dns_db_detachnode at db.c:636
 #5 query_find at query.c:6507
 #6 ns_query_start at query.c:7790
 #7 client_request at client.c:1970
 #8 dispatch at task.c:1116
 #9 run at task.c:1286


--- Additional comment from Petr Spacek on 2014-03-18 13:05:39 CET ---
Do you know the DNS query which causes the crash?


--- Additional comment from William Brown on 2014-03-18 23:59:37 CET ---
Any query that requests a hostname that does NOT return a AAAA from an ldap backed domain. IE for example.com, if a host such as foo.example.com has an A record, but no AAAA and you run:

dig foo.example.com AAAA

You will crash the named server.


--- Additional comment from Petr Spacek on 2014-03-19 15:33:37 CET ---
I have reproduced the crash. You have DNS64 enabled, haven't you?

I added this snippet to my named.conf:
        dns64 ::ffff:0:0/96 {
            clients { any; };
            exclude { none; };
        };

And now it crashes if I do a DNS query for a name with A record but without AAAA record.
Comment 2 Petr Spacek 2014-03-19 15:04:19 UTC 
Upstream ticket:
https://fedorahosted.org/bind-dyndb-ldap/ticket/132
Comment 3 Martin Kosek 2014-06-16 14:51:25 UTC 
This issue will be solved as part of bind-dyndb-ldap rebase (Bug 1109759).
Comment 4 Namita Soman 2014-06-27 18:31:47 UTC 
Please add steps to verify
Comment 5 Petr Spacek 2014-06-30 07:55:35 UTC 
Please see the bug description, named.conf and necessary dig command are described there.
Comment 7 Namita Soman 2015-01-22 23:55:57 UTC 
# ipa dnszone-add example.com
  Zone name: example.com.
  Active zone: TRUE
  Authoritative nameserver: qeblade6.testrelm.test.
  Administrator e-mail address: hostmaster
  SOA serial: 1421970261
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TESTRELM.TEST krb5-self * A; grant TESTRELM.TEST krb5-self * AAAA; grant TESTRELM.TEST krb5-self * SSHFP;
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;



# ipa dnsrecord-add example.com foo --a-rec=1.2.3.4
  Record name: foo
  A record: 1.2.3.4


# dig foo.example.com
<..snip..>
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.example.com.		IN	A

;; ANSWER SECTION:
foo.example.com.	86400	IN	A	1.2.3.4

<..snip..>

# dig foo.example.com AAAA

<..snip..>
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.example.com.		IN	AAAA

<..snip..>


updated /etc/named.conf to have th ebelow in options section:
dns64 ::ffff:0:0/96 {
            clients { any; };
            exclude { none; };
        };


# systemctl stop named
# systemctl start named

# dig foo.example.com A

<..snip..>
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.example.com.		IN	A

;; ANSWER SECTION:
foo.example.com.	86400	IN	A	1.2.3.4

<..snip..>


no crash messages in /var/log/messages.
Comment 9 errata-xmlrpc 2015-03-05 09:29:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0424.html