Bug 1129389
Summary: | bind returns inconsistent and incorrect results from cache for DS records | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Martin Poole <mpoole> | ||||||
Component: | bind | Assignee: | Tomáš Hozza <thozza> | ||||||
Status: | CLOSED NOTABUG | QA Contact: | qe-baseos-daemons | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | 6.5 | CC: | mpoole | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2014-10-27 11:19:14 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1075802 | ||||||||
Attachments: |
|
Description
Martin Poole
2014-08-12 15:55:55 UTC
Created attachment 926156 [details]
variable results capture
Created attachment 926157 [details]
stable results capture
Hello. It seems that also newer version in Fedora (9.9.4) has the same issue. I'm going to investigate the cause of this behavior and discuss it with upstream. Reported upstream [ISC-Bugs #36907]. I'll update the bug when I have some new information - from Upstream or myself. I got a response from upstream. The bottom line is that BIND behavior is correct and jsonformat.com is misconfigured. The problem is that NS or SOA queries for jsonformat.com always returns NS or SOA records. However any other queries (A, DS, ...) returns CNAME. This is a violation of a protocol. Specifically RFC1034 (section 3.6.2): "If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different." RFC1912 (section 2.4): "A CNAME record is not allowed to coexist with any other data. In other words, if suzy.podunk.xx is an alias for sue.podunk.xx, you can't also have an MX record for suzy.podunk.edu, or an A record, or even a TXT record. Especially do not try to combine CNAMEs and NS records like this!: podunk.xx. IN NS ns1 IN NS ns2 IN CNAME mary mary IN A 1.2.3.4 " BIND behavior explanation from upstream: "The nonvalidating query for A put the CNAME record into the cache, and the nonvalidating query for DS found it -- the cache doesn't know there's a zone cut there, so it doesn't know the CNAME shouldn't be used to answer the DS query." I'm afraid there is nothing that can be fixed in BIND. Thank you for the information! |