1399738 – DNS records served through recursive bind which have a CNAME pointing to a DNAME result in a servfail

Bug 1399738 - DNS records served through recursive bind which have a CNAME pointing to a DNAME result in a servfail

Summary: DNS records served through recursive bind which have a CNAME pointing to a DN...

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	bind
Sub Component:
Version:	5.11
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Menšík
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-29 15:51 UTC by Dan Bradley
Modified:	2016-12-01 09:44 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-12-01 09:44:10 UTC
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Dan Bradley 2016-11-29 15:51:31 UTC

Description of problem:  If you have a DNS record which is a CNAME pointing to a DNAME record, DNS resolution attempts through Redhat bind result in a servfail instead of returning the record when the cache expires.  


Version-Release number of selected component (if applicable):  I think we have isolated this to bind93-CVE-2016-8864.patch being applied.  bind-9.3.6-25.P1.el5_11.11


How reproducible: 100% reproducible. 


Steps to Reproduce:
1.  Install and setup bind to be a caching forwarder to any DNS service (googles DNS at 8.8.8.8 is reliable) using forward only.   
2.  On a separate DNS service, create a record (uses 2 zones) which looks like this (set the TTL to 0 to reproduce every time.  You will get intermittent responses if you have a cacheable TTL):
abc4.test.stevenngo.me.		IN	CNAME	roy.osd.test.stevenngo.me.
osd.test.stevenngo.me.		IN	DNAME	test2.stevenngo.me.
roy.test2.stevenngo.me.		IN	A	12.12.12.12

3. send a dig through your recursive resolver in an attempt to resolve the request.

Actual results:
[root@ip-172-31-53-34 etc]# dig @localhost abc4.test.stevenngo.me.

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.11 <<>> @localhost abc4.test.stevenngo.me.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61216
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;abc4.test.stevenngo.me.		IN	A

;; Query time: 53 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Nov 29 10:47:51 2016
;; MSG SIZE  rcvd: 40

[root@ip-172-31-53-34 etc]#


Expected results:
[root@ip-172-31-53-34 etc]# dig @8.8.8.8 abc4.test.stevenngo.me.

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.11 <<>> @8.8.8.8 abc4.test.stevenngo.me.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5920
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;abc4.test.stevenngo.me.		IN	A

;; ANSWER SECTION:
abc4.test.stevenngo.me.	0	IN	CNAME	roy.osd.test.stevenngo.me.
osd.test.stevenngo.me.	0	IN	DNAME	test2.stevenngo.me.
roy.osd.test.stevenngo.me. 0	IN	CNAME	roy.test2.stevenngo.me.
roy.test2.stevenngo.me.	0	IN	A	12.12.12.12

;; Query time: 27 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Nov 29 10:48:53 2016
;; MSG SIZE  rcvd: 134

[root@ip-172-31-53-34 etc]#


Additional info:
[root@ip-172-31-53-34 etc]# rpm -qa | grep bind
bind-chroot-9.3.6-25.P1.el5_11.11
bind-libs-9.3.6-25.P1.el5_11.11
bind-9.3.6-25.P1.el5_11.11
bind-utils-9.3.6-25.P1.el5_11.11
[root@ip-172-31-53-34 etc]#
[root@ip-172-31-53-34 etc]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.11 (Tikanga)
[root@ip-172-31-53-34 etc]#
[root@ip-172-31-53-34 etc]# cat named.conf
options {
  directory "/var/named";
  version "get lost";
  recursion yes;
  allow-transfer {"none";};
  allow-recursion {127.0.0.1/32;};
  forwarders {
                8.8.8.8;
                8.8.4.4;
  };
  forward only;
};
include "/etc/named.root.hints";
[root@ip-172-31-53-34 etc]#

Comment 1 Tomáš Hozza 2016-11-29 17:32:18 UTC

Thank you for taking the time to report this issue to us. We appreciate the feedback and use reports such as this one to guide our efforts at improving our products. That being said, this bug tracking system is not a mechanism for requesting support, and we are not able to guarantee the timeliness or suitability of a resolution.

If this issue is critical or in any way time sensitive, please raise a ticket through the regular Red Hat support channels to ensure it receives the proper attention and prioritization to assure a timely resolution. 

For information on how to contact the Red Hat production support team, please visit:
    https://www.redhat.com/support/process/production/#howto

Also RHEL-5 is already in production phase 3, which means that only Critical impact Security Advisories and selected Urgent Priority Bug Fix Advisories may be addressed. Please see https://access.redhat.com/support/policy/updates/errata#Production_3_Phase for further information.

Comment 2 Dan Bradley 2016-11-30 18:06:07 UTC

This seems to be in the upstream bind implementation from the ISC.  I'll get a bug filed up there and you can remove this one.

Comment 3 Tomáš Hozza 2016-12-01 09:44:10 UTC

Thank you for the information. Closing as UPSTERAM

Note You need to log in before you can comment on or make changes to this bug.