Red Hat Bugzilla – Bug 1078295
bind-dyndb-ldap crashes when handling DNS64 query
Last modified: 2015-03-05 04:29:15 EST
+++ This bug was initially created as a clone of Bug #1076775 +++ Version-Release number of selected component: bind-9.9.3-14.P2.fc19 bind-dyndb-ldap-3.5-1.fc19 bind-dyndb-ldap-3.5-1.el7 has the same codebase. Additional info: cmdline: /usr/sbin/named -u named crash_function: assertion_failed executable: /usr/sbin/named type: CCpp uid: 25 Truncated backtrace: Thread no. 1 (8 frames) #2 assertion_failed at ./main.c:219 #3 isc_assertion_failed at assertions.c:57 #4 dns_db_detachnode at db.c:636 #5 query_find at query.c:6507 #6 ns_query_start at query.c:7790 #7 client_request at client.c:1970 #8 dispatch at task.c:1116 #9 run at task.c:1286 --- Additional comment from Petr Spacek on 2014-03-18 13:05:39 CET --- Do you know the DNS query which causes the crash? --- Additional comment from William Brown on 2014-03-18 23:59:37 CET --- Any query that requests a hostname that does NOT return a AAAA from an ldap backed domain. IE for example.com, if a host such as foo.example.com has an A record, but no AAAA and you run: dig foo.example.com AAAA You will crash the named server. --- Additional comment from Petr Spacek on 2014-03-19 15:33:37 CET --- I have reproduced the crash. You have DNS64 enabled, haven't you? I added this snippet to my named.conf: dns64 ::ffff:0:0/96 { clients { any; }; exclude { none; }; }; And now it crashes if I do a DNS query for a name with A record but without AAAA record.
Upstream ticket: https://fedorahosted.org/bind-dyndb-ldap/ticket/132
This issue will be solved as part of bind-dyndb-ldap rebase (Bug 1109759).
Please add steps to verify
Please see the bug description, named.conf and necessary dig command are described there.
# ipa dnszone-add example.com Zone name: example.com. Active zone: TRUE Authoritative nameserver: qeblade6.testrelm.test. Administrator e-mail address: hostmaster SOA serial: 1421970261 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.TEST krb5-self * A; grant TESTRELM.TEST krb5-self * AAAA; grant TESTRELM.TEST krb5-self * SSHFP; Dynamic update: FALSE Allow query: any; Allow transfer: none; # ipa dnsrecord-add example.com foo --a-rec=1.2.3.4 Record name: foo A record: 1.2.3.4 # dig foo.example.com <..snip..> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;foo.example.com. IN A ;; ANSWER SECTION: foo.example.com. 86400 IN A 1.2.3.4 <..snip..> # dig foo.example.com AAAA <..snip..> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;foo.example.com. IN AAAA <..snip..> updated /etc/named.conf to have th ebelow in options section: dns64 ::ffff:0:0/96 { clients { any; }; exclude { none; }; }; # systemctl stop named # systemctl start named # dig foo.example.com A <..snip..> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;foo.example.com. IN A ;; ANSWER SECTION: foo.example.com. 86400 IN A 1.2.3.4 <..snip..> no crash messages in /var/log/messages.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0424.html