Bug 1078295 - bind-dyndb-ldap crashes when handling DNS64 query
Summary: bind-dyndb-ldap crashes when handling DNS64 query
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: bind-dyndb-ldap
Version: 7.0
Hardware: All
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Petr Spacek
QA Contact: Namita Soman
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:9660416a741e7beebfc2903bafd...
Depends On: 1076775 1109759
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-03-19 14:46 UTC by Petr Spacek
Modified: 2015-03-05 09:29 UTC (History)
5 users (show)

Fixed In Version: bind-dyndb-ldap-5.2-1.el7
Doc Type: Bug Fix
Doc Text:
The bind-dyndb-ldap plug-in did not fully support the DNS64 technology. As a consequence, the BIND daemon configured with DNS64 terminated unexpectedly when a DNS64 query was processed by bind-dyndb-ldap. The bug was fixed and BIND daemon no longer terminates while processing DNS64 query.
Clone Of: 1076775
Environment:
Last Closed: 2015-03-05 09:29:15 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0424 normal SHIPPED_LIVE bind-dyndb-ldap bug fix and enhancement update 2015-03-05 14:26:27 UTC

Description Petr Spacek 2014-03-19 14:46:30 UTC
+++ This bug was initially created as a clone of Bug #1076775 +++
Version-Release number of selected component:
bind-9.9.3-14.P2.fc19
bind-dyndb-ldap-3.5-1.fc19

bind-dyndb-ldap-3.5-1.el7 has the same codebase.

Additional info:
cmdline:        /usr/sbin/named -u named
crash_function: assertion_failed
executable:     /usr/sbin/named
type:           CCpp
uid:            25

Truncated backtrace:
Thread no. 1 (8 frames)
 #2 assertion_failed at ./main.c:219
 #3 isc_assertion_failed at assertions.c:57
 #4 dns_db_detachnode at db.c:636
 #5 query_find at query.c:6507
 #6 ns_query_start at query.c:7790
 #7 client_request at client.c:1970
 #8 dispatch at task.c:1116
 #9 run at task.c:1286


--- Additional comment from Petr Spacek on 2014-03-18 13:05:39 CET ---
Do you know the DNS query which causes the crash?


--- Additional comment from William Brown on 2014-03-18 23:59:37 CET ---
Any query that requests a hostname that does NOT return a AAAA from an ldap backed domain. IE for example.com, if a host such as foo.example.com has an A record, but no AAAA and you run:

dig foo.example.com AAAA

You will crash the named server.


--- Additional comment from Petr Spacek on 2014-03-19 15:33:37 CET ---
I have reproduced the crash. You have DNS64 enabled, haven't you?

I added this snippet to my named.conf:
        dns64 ::ffff:0:0/96 {
            clients { any; };
            exclude { none; };
        };

And now it crashes if I do a DNS query for a name with A record but without AAAA record.

Comment 2 Petr Spacek 2014-03-19 15:04:19 UTC
Upstream ticket:
https://fedorahosted.org/bind-dyndb-ldap/ticket/132

Comment 3 Martin Kosek 2014-06-16 14:51:25 UTC
This issue will be solved as part of bind-dyndb-ldap rebase (Bug 1109759).

Comment 4 Namita Soman 2014-06-27 18:31:47 UTC
Please add steps to verify

Comment 5 Petr Spacek 2014-06-30 07:55:35 UTC
Please see the bug description, named.conf and necessary dig command are described there.

Comment 7 Namita Soman 2015-01-22 23:55:57 UTC
# ipa dnszone-add example.com
  Zone name: example.com.
  Active zone: TRUE
  Authoritative nameserver: qeblade6.testrelm.test.
  Administrator e-mail address: hostmaster
  SOA serial: 1421970261
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TESTRELM.TEST krb5-self * A; grant TESTRELM.TEST krb5-self * AAAA; grant TESTRELM.TEST krb5-self * SSHFP;
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;



# ipa dnsrecord-add example.com foo --a-rec=1.2.3.4
  Record name: foo
  A record: 1.2.3.4


# dig foo.example.com
<..snip..>
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.example.com.		IN	A

;; ANSWER SECTION:
foo.example.com.	86400	IN	A	1.2.3.4

<..snip..>

# dig foo.example.com AAAA

<..snip..>
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.example.com.		IN	AAAA

<..snip..>


updated /etc/named.conf to have th ebelow in options section:
dns64 ::ffff:0:0/96 {
            clients { any; };
            exclude { none; };
        };


# systemctl stop named
# systemctl start named

# dig foo.example.com A

<..snip..>
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.example.com.		IN	A

;; ANSWER SECTION:
foo.example.com.	86400	IN	A	1.2.3.4

<..snip..>


no crash messages in /var/log/messages.

Comment 9 errata-xmlrpc 2015-03-05 09:29:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0424.html


Note You need to log in before you can comment on or make changes to this bug.