Bug 1215164

Summary: Bind indicates an error on a proper SPF record
Product: Red Hat Enterprise Linux 7 Reporter: Julian Brown <julian.brown>
Component: bindAssignee: Tomáš Hozza <thozza>
Status: CLOSED ERRATA QA Contact: qe-baseos-daemons
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.1CC: jscotka, pauloeduardodf, peter.meier, psklenar
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: bind-9.9.4-23.el7 Doc Type: Bug Fix
Doc Text:
Cause: The version of BIND included in RHEL-7 contained check for SPF records in zone files that were not conforming to RFC 7208, section 3.1. Consequence: As a consequence, if the zone file contained SPF records, BIND server or utility named-checkzone could issue a warning log message even though the SPF record was valid based on RFC 7208, section 3.1. Fix: The check for SPF records in zone files was updated to conform to RFC 7208, section 3.1. Result: As a result, if the zone file contains SPF records, BIND server or utility named-checkzone will no longer issue a warning log message if the SPF record is valid based on RFC 7208, section 3.1.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 08:06:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch for the issue
none
Patch for the issue none

Description Julian Brown 2015-04-24 13:22:05 UTC 
Description of problem:

According to RFC 7208, section 3.1 SPF records need to be TXT records and not RR SPF records as previously recommended.  When checking the syntax of a TXT RR SPF record an error message is displayed saying it should use RR SPF.

Version-Release number of selected component (if applicable):

EL/CentOS 7.1 Bind 9.9.4

How reproducible:

Using this zone file /var/named/cptest2.tld.db
----------------------------------------------
[root@fe80::f816:3eff:fefb:49bd%eth0 172.16.0.86 named]# cat cptest2.tld.db
; cPanel first:11.49.9999.115 (update_time):1429809767 11.49.9999.115: Cpanel::ZoneFile::VERSION:1.3 hostname:i-00002f3f.cpanel.nova latest:11.49.9999.115
; Zone file for cptest2.tld
$TTL 14400
@      86400    IN      SOA     ns1.cpanel.nova. julian.brown.cpanel.net. (
                2015042303      ; serial, todays date+todays
                86400           ; refresh, seconds
                7200            ; retry, seconds
                3600000         ; expire, seconds
                86400 )         ; minimum, seconds

cptest2.tld. 86400 IN NS ns1.cpanel.nova.
cptest2.tld. 86400 IN NS ns2.cpanel.nova.


cptest2.tld. IN A 10.6.27.120

cptest2.tld. IN MX 0 cptest2.tld.

mail IN CNAME cptest2.tld.
www IN CNAME cptest2.tld.
ftp IN A 10.6.27.120

cptest2.tld. IN TXT "v=spf1 +a +mx +ip4:10.6.27.120 ~all"
cpanel IN A 10.6.27.120
webdisk IN A 10.6.27.120
cpcalendars IN A 10.6.27.120
cpcontacts IN A 10.6.27.120
whm IN A 10.6.27.120
webmail IN A 10.6.27.120
default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAna8Du0cGijhRQWLN1Eb0jqJZbggaSqmyyM2EEua3U8J9YWJ9nNMS08lSHGyQSpVPh8g/uJaHa1cMkXla5ZGGra5GhY+WbAd9m6W45ztcMnXMTBbmMtMu24LgdXWNj0Lkotl4ewCEn9UioQFxpIbNnn6qrhKMajsfygb5/Zzq1rF2NT+FjZRbXtkKGd6tgB03I" bnMlMrmuccNX8U3oVbAk0+hI+Y5eOErYK54iUPvysF9MJJWMV40H7woumNvx73jswA2iK+ZKPOGH9CNXbToqgTbJmRRoMpY0nwjCVsIhaCN9bZxrpF/LaoE/3qeccUAT1tIwEZJIj6ruC8Rx3ydwQIDAQAB\;
----------------------------------------------

Steps to Reproduce:
1. in /var/named
2. type: named-checkzone cptest2.tld cptest2.tld.db

Actual results:
---------------------------
[root@fe80::f816:3eff:fefb:49bd%eth0 172.16.0.86 named]# named-checkzone cptest2.tld cptest2.tld.db
zone cptest2.tld/IN: 'cptest2.tld' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone cptest2.tld/IN: loaded serial 2015042303
OK
---------------------------

Expected results:

Just OK

Additional info:

Probably updating to a newer Bind will correct this.
Comment 2 Tomáš Hozza 2015-05-28 09:33:16 UTC 
(In reply to Julian Brown from comment #0)
> Description of problem:
> 
> According to RFC 7208, section 3.1 SPF records need to be TXT records and
> not RR SPF records as previously recommended.  When checking the syntax of a
> TXT RR SPF record an error message is displayed saying it should use RR SPF.

Yes, you are right, thank you for the report.
Comment 3 Tomáš Hozza 2015-05-28 12:13:03 UTC 
Created attachment 1031257 [details]
Patch for the issue
Comment 5 Tomáš Hozza 2015-05-28 13:42:26 UTC 
Created attachment 1031305 [details]
Patch for the issue

Added some ARM documentation changes.
Comment 9 Paulo Matos 2015-09-24 14:41:07 UTC 
Hi Tomas,

I saw that you created a path for this issue, but I don´t understand how apply that path.

Please, can you explain how I do?

Regards
Comment 10 Tomáš Hozza 2015-09-25 08:04:27 UTC 
(In reply to Paulo Matos from comment #9)
> Hi Tomas,
> 
> I saw that you created a path for this issue, but I don´t understand how
> apply that path.
> 
> Please, can you explain how I do?
> 
> Regards

I responded to your email.
Comment 12 errata-xmlrpc 2015-11-19 08:06:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2222.html