Bug 1647829

Summary: dig handles IDN improperly when LANG=C (regression)
Product: [Fedora] Fedora Reporter: Scott Schmit <i.grok>
Component: bindAssignee: Petr Menšík <pemensik>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 28CC: anon.amish, mruprich, msehnout, pemensik, pzhukov, thozza, vonsch, zdohnal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: bind-9.11.5-2.P1.fc29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-21 02:57:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Fallback to ASCII for v9_11
none
Modification of test none

Description Scott Schmit 2018-11-08 13:08:15 UTC 
Description of problem:

When dig processes IDN names, it converts from the A-label to the U-label on output.  However, until recently, dig would always output the A-label when LANG=C.

Starting with the update from bind-utils-32:9.11.4-5.P1.fc28.x86_64 to bind-utils-32:9.11.4-10.P2.fc28.x86_64, this broke, and I started getting this error:

dig: 'ns1.xn--cg4bki.centralnic-dns.com.' is not a legal IDN name (string encoding error), use +noidnout

Version-Release number of selected component (if applicable):
bind-utils-9.11.4-10.P2.fc28.x86_64

How reproducible:
100%

Steps to Reproduce:
1. export LANG=C
2. dig NS xn--cg4bki.

Actual results:
dig: 'xn--cg4bki.' is not a legal IDN name (string encoding error), use +noidnout

Expected results:
+noidnout should occur automatically when LANG=C (or if you want to be hyper-correct, the A-label should be output anytime the locale doesn't support display in U-label form)

$ export LANG=C
$ dig NS xn--cg4bki.

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-10.P2.fc28 <<>> NS xn--cg4bki. +noidnout
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12481
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 17

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: f978b5d0a6855eb0863c09a55be42e53e886598cff18afe4 (good)
;; QUESTION SECTION:
;xn--cg4bki.			IN	NS

;; ANSWER SECTION:
xn--cg4bki.		86400	IN	NS	c.xn--cg4bki.dyntld.net.
xn--cg4bki.		86400	IN	NS	b.xn--cg4bki.dyntld.net.
xn--cg4bki.		86400	IN	NS	ns1.xn--cg4bki.centralnic-dns.com.
xn--cg4bki.		86400	IN	NS	a.xn--cg4bki.dyntld.net.
xn--cg4bki.		86400	IN	NS	ns2.xn--cg4bki.centralnic-dns.com.
xn--cg4bki.		86400	IN	NS	ns4.xn--cg4bki.centralnic-dns.com.
xn--cg4bki.		86400	IN	NS	d.xn--cg4bki.dyntld.net.
xn--cg4bki.		86400	IN	NS	ns3.xn--cg4bki.centralnic-dns.com.

;; ADDITIONAL SECTION:
a.xn--cg4bki.dyntld.net. 172800	IN	A	162.88.40.1
b.xn--cg4bki.dyntld.net. 172800	IN	A	162.88.41.1
c.xn--cg4bki.dyntld.net. 172800	IN	A	162.88.42.1
d.xn--cg4bki.dyntld.net. 172800	IN	A	162.88.43.1
ns1.xn--cg4bki.centralnic-dns.com. 171433 IN A	194.169.218.113
ns2.xn--cg4bki.centralnic-dns.com. 172800 IN A	185.24.64.113
ns3.xn--cg4bki.centralnic-dns.com. 172800 IN A	212.18.248.113
ns4.xn--cg4bki.centralnic-dns.com. 172800 IN A	212.18.249.113
a.xn--cg4bki.dyntld.net. 172800	IN	AAAA	2600:2000:3010::1
b.xn--cg4bki.dyntld.net. 172800	IN	AAAA	2600:2000:3011::1
c.xn--cg4bki.dyntld.net. 172800	IN	AAAA	2600:2000:3012::1
d.xn--cg4bki.dyntld.net. 172800	IN	AAAA	2600:2000:3013::1
ns1.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2001:67c:13cc::1:113
ns2.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2a04:2b00:13cc::1:113
ns3.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2a04:2b00:13ee::113
ns4.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2a04:2b00:13ff::113

;; Query time: 453 msec
;; SERVER: 192.168.2.8#53(192.168.2.8)
;; WHEN: Thu Nov 08 07:38:43 EST 2018
;; MSG SIZE  rcvd: 605


Additional info:
This change broke an automated script and corrupted 16 days of logs
Comment 1 Petr Menšík 2018-11-22 12:20:36 UTC 
Sorry to hear that. It can be turned off by IDN_DISABLE environment defined to anything. Upstream also modified the default to be turned on only on tty console, which should help you as well. But I guess it should be able to print default ascii form if output conversion failed.
Comment 2 Petr Menšík 2019-01-29 18:24:36 UTC 
I think I finally found a solution to that. At least on master dig branch, should be easy to backport to BIND 9.11.

https://gitlab.isc.org/isc-projects/bind9/merge_requests/1418
Comment 3 Petr Menšík 2019-01-29 18:29:24 UTC 
Created attachment 1524782 [details]
Fallback to ASCII for v9_11
Comment 4 Petr Menšík 2019-01-29 18:29:55 UTC 
Created attachment 1524783 [details]
Modification of test
Comment 5 Petr Menšík 2019-01-29 18:59:01 UTC 
Disabling IDN output also if stdin is not a tty. Should help with AXFR with IDN data to be still valid zone file.
Comment 6 Petr Menšík 2019-02-12 18:24:16 UTC 
Upstream found issue in ubuntu idn2 library, where it fails their tests. I think it can be used this way in Fedora.
Comment 7 Fedora Update System 2019-02-18 13:15:50 UTC 
bind-dyndb-ldap-11.1-13.fc29 dhcp-4.3.6-29.fc29 dnsperf-2.2.1-1.fc29 bind-9.11.5-2.P1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e883ebcad3
Comment 8 Fedora Update System 2019-02-18 13:18:17 UTC 
dhcp-4.3.6-22.fc28 dnsperf-2.2.1-1.fc28 bind-dyndb-ldap-11.1-13.fc28 bind-9.11.5-2.P1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0
Comment 9 Fedora Update System 2019-02-19 06:27:45 UTC 
bind-9.11.5-2.P1.fc29, bind-dyndb-ldap-11.1-13.fc29, dhcp-4.3.6-29.fc29, dnsperf-2.2.1-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e883ebcad3
Comment 10 Fedora Update System 2019-02-19 07:07:13 UTC 
bind-9.11.5-2.P1.fc28, bind-dyndb-ldap-11.1-13.fc28, dhcp-4.3.6-22.fc28, dnsperf-2.2.1-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0
Comment 11 Fedora Update System 2019-02-21 02:57:16 UTC 
bind-9.11.5-2.P1.fc29, bind-dyndb-ldap-11.1-13.fc29, dhcp-4.3.6-29.fc29, dnsperf-2.2.1-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.