Bug 2324186

Summary: "host" utility doesn't always convert hostname argument into ACE string
Product: [Fedora] Fedora Reporter: Renaud Métrich <rmetrich>
Component: bindAssignee: Petr Menšík <pemensik>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 42CC: anon.amish, dns-sig, mruprich, pemensik, zdohnal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://src.fedoraproject.org/rpms/bind/pull-request/44
Whiteboard:
Fixed In Version: bind-9.18.39-3.fc42 bind-9.18.39-3.fc44 bind-9.18.39-3.fc41.1 bind-9.18.39-4.fc43 bind-9.18.39-7.fc44 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-09-12 02:07:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Renaud Métrich 2024-11-06 15:24:16 UTC 
This is a "clone" of RHEL Jira https://issues.redhat.com/browse/RHEL-66172.

Resolving a hostname using *host* command works when having a TTY:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# host www.tribunal-fédéral.ch
www.xn--tribunal-fdral-kkbb.ch is an alias for bnetm.x.incapdns.net.
bnetm.x.incapdns.net has address 107.154.115.41
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

But it fails when not having a TTY, e.g.:
1. With piping the output

    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
    # host www.tribunal-fédéral.ch | cat
    Host www.tribunal-fédéral.ch not found: 3(NXDOMAIN)
    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

2. As a service

    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
    # systemd-run host www.tribunal-fédéral.ch
    Running as unit: run-r91b04b09794d4250884722ff003b9470.service
    # journalctl -u run-r91b04b09794d4250884722ff003b9470.service
    ... systemd[1]: Started /usr/bin/host -4 -T www.tribunal-fédéral.ch.
    ... host[33165]: Host www.tribunal-fédéral.ch not found: 3(NXDOMAIN){code}
    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

3.  As a cron

    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
    # crontab -e
    * * * * * host www.tribunal-fédéral.ch >/tmp/host.out
    # sleep 60; cat /tmp/host.out
    Host www.tribunal-fédéral.ch not found: 3(NXDOMAIN)
    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

The reason for this is ACE conversion is performed only when having a TTY (line 607), which is wrong:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
 603 dig_lookup_t *
 604 make_empty_lookup(void) {
 605         dig_lookup_t *looknew;
 606 #ifdef HAVE_LIBIDN2
 607         bool idn_allowed = isatty(1) ? (getenv("IDN_DISABLE") == NULL) : false;
 608 #endif /* HAVE_LIBIDN2 */


2256 #ifdef HAVE_LIBIDN2 
2257         if (lookup->idnin) {
2258                 idn_locale_to_ace(textname, idn_textname, sizeof(idn_textname));
2259                 debug("idn_textname: %s", idn_textname);
2260                 textname = idn_textname;
2261         }
2262 #endif /* HAVE_LIBIDN2 */ 
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------


Reproducible: Always

Steps to Reproduce:
See details.




ADDITIONALLY (but unrelated somehow), even when there is a TTY, the result is "wrong somehow", since the FQDN returned as first line of "host" result is an ACE string:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# host www.tribunal-fédéral.ch
www.xn--tribunal-fdral-kkbb.ch is an alias for bnetm.x.incapdns.net.
bnetm.x.incapdns.net has address 107.154.115.41
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Here above "www.xn--tribunal-fdral-kkbb.ch" is returned instead of "www.tribunal-fédéral.ch".
RHEL9 returns the expected output.
Comment 1 Petr Menšík 2024-11-06 20:38:06 UTC 
Posted simple proposal to upstream: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9723
This is already changed in 9.20, fixed by upstream issue https://gitlab.isc.org/isc-projects/bind9/-/issues/3527
Comment 2 Aoife Moloney 2025-02-26 13:14:41 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 42 development cycle.
Changing version to 42.
Comment 3 Petr Menšík 2025-09-03 16:53:27 UTC 
Okay, upstream refused the proposal for bind 9.18. I agree in the end that proposal were not ideal. Will include a downstream change to enable IDN decoding even when stdout is not a terminal. In that case, disable just IDN output AND if input decoding fails, use whatever were passed as input directly.

That should remain mostly compatible enough while enabling desired IDN processing in all cases. Redirecting output will not change name queried if name is correctly formatted. It affects dig, host and nslookup commands.

After this change it would make host háčkyčárky.cz and "host háčkyčárky.cz | cat" commands query the same name.

It will make the query even with invalid input in special case, like:

echo www.tribunal-fédéral.ch | iconv -f utf-8 -t iso-8859-1 | xargs host | cat
Comment 4 Petr Menšík 2025-09-04 16:53:47 UTC 
Created relative simple test case for testing various behavior of utilities in IDN. Should pass also with 9.21 utilities, where behaviour were changed a bit.
Comment 5 Fedora Update System 2025-09-09 12:33:31 UTC 
FEDORA-2025-6583e6254c (bind-9.18.39-3.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-6583e6254c
Comment 6 Fedora Update System 2025-09-10 20:19:47 UTC 
FEDORA-2025-792e33d66b (bind-9.18.39-3.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-792e33d66b
Comment 7 Fedora Update System 2025-09-10 20:20:46 UTC 
FEDORA-2025-90ebed3884 (bind-9.18.39-3.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-90ebed3884
Comment 8 Fedora Update System 2025-09-10 20:55:12 UTC 
FEDORA-2025-4922878d8c (bind-9.18.39-3.fc41.1 and bind-dyndb-ldap-11.10-34.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-4922878d8c
Comment 9 Fedora Update System 2025-09-11 01:31:51 UTC 
FEDORA-2025-792e33d66b has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-792e33d66b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-792e33d66b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 10 Fedora Update System 2025-09-11 02:00:14 UTC 
FEDORA-2025-4922878d8c has been pushed to the Fedora 41 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-4922878d8c`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-4922878d8c

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 11 Fedora Update System 2025-09-11 02:22:41 UTC 
FEDORA-2025-90ebed3884 has been pushed to the Fedora 43 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-90ebed3884`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-90ebed3884

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 12 Fedora Update System 2025-09-12 02:07:05 UTC 
FEDORA-2025-792e33d66b (bind-9.18.39-3.fc42) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 13 Fedora Update System 2025-09-12 14:17:00 UTC 
FEDORA-2025-6583e6254c (bind-9.18.39-3.fc44) has been pushed to the Fedora 44 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 14 Fedora Update System 2025-09-16 01:24:11 UTC 
FEDORA-2025-4922878d8c (bind-9.18.39-3.fc41.1 and bind-dyndb-ldap-11.10-34.fc41) has been pushed to the Fedora 41 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 15 Fedora Update System 2025-09-20 00:19:06 UTC 
FEDORA-2025-38c04b3b25 (bind-9.18.39-4.fc43 and bind-dyndb-ldap-11.11-7.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 16 Fedora Update System 2025-10-13 09:43:39 UTC 
FEDORA-2025-c64854e3ed (bind-9.18.39-7.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-c64854e3ed
Comment 17 Fedora Update System 2025-10-13 10:33:36 UTC 
FEDORA-2025-c64854e3ed (bind-9.18.39-7.fc44) has been pushed to the Fedora 44 stable repository.
If problem still persists, please make note of it in this bug report.