1647829 – dig handles IDN improperly when LANG=C (regression)

Bug 1647829 - dig handles IDN improperly when LANG=C (regression)

Summary: dig handles IDN improperly when LANG=C (regression)

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bind
Sub Component:
Version:	28
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Petr Menšík
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-11-08 13:08 UTC by Scott Schmit
Modified:	2019-02-21 02:57 UTC (History)
CC List:	8 users (show)
Fixed In Version:	bind-9.11.5-2.P1.fc29
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-02-21 02:57:16 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Fallback to ASCII for v9_11 (1.31 KB, patch) 2019-01-29 18:29 UTC, Petr Menšík	no flags	Details \| Diff
Modification of test (1.81 KB, patch) 2019-01-29 18:29 UTC, Petr Menšík	no flags	Details \| Diff
View All

Description Scott Schmit 2018-11-08 13:08:15 UTC

Description of problem:

When dig processes IDN names, it converts from the A-label to the U-label on output.  However, until recently, dig would always output the A-label when LANG=C.

Starting with the update from bind-utils-32:9.11.4-5.P1.fc28.x86_64 to bind-utils-32:9.11.4-10.P2.fc28.x86_64, this broke, and I started getting this error:

dig: 'ns1.xn--cg4bki.centralnic-dns.com.' is not a legal IDN name (string encoding error), use +noidnout

Version-Release number of selected component (if applicable):
bind-utils-9.11.4-10.P2.fc28.x86_64

How reproducible:
100%

Steps to Reproduce:
1. export LANG=C
2. dig NS xn--cg4bki.

Actual results:
dig: 'xn--cg4bki.' is not a legal IDN name (string encoding error), use +noidnout

Expected results:
+noidnout should occur automatically when LANG=C (or if you want to be hyper-correct, the A-label should be output anytime the locale doesn't support display in U-label form)

$ export LANG=C
$ dig NS xn--cg4bki.

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-10.P2.fc28 <<>> NS xn--cg4bki. +noidnout
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12481
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 17

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: f978b5d0a6855eb0863c09a55be42e53e886598cff18afe4 (good)
;; QUESTION SECTION:
;xn--cg4bki.			IN	NS

;; ANSWER SECTION:
xn--cg4bki.		86400	IN	NS	c.xn--cg4bki.dyntld.net.
xn--cg4bki.		86400	IN	NS	b.xn--cg4bki.dyntld.net.
xn--cg4bki.		86400	IN	NS	ns1.xn--cg4bki.centralnic-dns.com.
xn--cg4bki.		86400	IN	NS	a.xn--cg4bki.dyntld.net.
xn--cg4bki.		86400	IN	NS	ns2.xn--cg4bki.centralnic-dns.com.
xn--cg4bki.		86400	IN	NS	ns4.xn--cg4bki.centralnic-dns.com.
xn--cg4bki.		86400	IN	NS	d.xn--cg4bki.dyntld.net.
xn--cg4bki.		86400	IN	NS	ns3.xn--cg4bki.centralnic-dns.com.

;; ADDITIONAL SECTION:
a.xn--cg4bki.dyntld.net. 172800	IN	A	162.88.40.1
b.xn--cg4bki.dyntld.net. 172800	IN	A	162.88.41.1
c.xn--cg4bki.dyntld.net. 172800	IN	A	162.88.42.1
d.xn--cg4bki.dyntld.net. 172800	IN	A	162.88.43.1
ns1.xn--cg4bki.centralnic-dns.com. 171433 IN A	194.169.218.113
ns2.xn--cg4bki.centralnic-dns.com. 172800 IN A	185.24.64.113
ns3.xn--cg4bki.centralnic-dns.com. 172800 IN A	212.18.248.113
ns4.xn--cg4bki.centralnic-dns.com. 172800 IN A	212.18.249.113
a.xn--cg4bki.dyntld.net. 172800	IN	AAAA	2600:2000:3010::1
b.xn--cg4bki.dyntld.net. 172800	IN	AAAA	2600:2000:3011::1
c.xn--cg4bki.dyntld.net. 172800	IN	AAAA	2600:2000:3012::1
d.xn--cg4bki.dyntld.net. 172800	IN	AAAA	2600:2000:3013::1
ns1.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2001:67c:13cc::1:113
ns2.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2a04:2b00:13cc::1:113
ns3.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2a04:2b00:13ee::113
ns4.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2a04:2b00:13ff::113

;; Query time: 453 msec
;; SERVER: 192.168.2.8#53(192.168.2.8)
;; WHEN: Thu Nov 08 07:38:43 EST 2018
;; MSG SIZE  rcvd: 605


Additional info:
This change broke an automated script and corrupted 16 days of logs

Comment 1 Petr Menšík 2018-11-22 12:20:36 UTC

Sorry to hear that. It can be turned off by IDN_DISABLE environment defined to anything. Upstream also modified the default to be turned on only on tty console, which should help you as well. But I guess it should be able to print default ascii form if output conversion failed.

Comment 2 Petr Menšík 2019-01-29 18:24:36 UTC

I think I finally found a solution to that. At least on master dig branch, should be easy to backport to BIND 9.11.

https://gitlab.isc.org/isc-projects/bind9/merge_requests/1418

Comment 3 Petr Menšík 2019-01-29 18:29:24 UTC

Created attachment 1524782 [details]
Fallback to ASCII for v9_11

Comment 4 Petr Menšík 2019-01-29 18:29:55 UTC

Created attachment 1524783 [details]
Modification of test

Comment 5 Petr Menšík 2019-01-29 18:59:01 UTC

Disabling IDN output also if stdin is not a tty. Should help with AXFR with IDN data to be still valid zone file.

Comment 6 Petr Menšík 2019-02-12 18:24:16 UTC

Upstream found issue in ubuntu idn2 library, where it fails their tests. I think it can be used this way in Fedora.

Comment 7 Fedora Update System 2019-02-18 13:15:50 UTC

bind-dyndb-ldap-11.1-13.fc29 dhcp-4.3.6-29.fc29 dnsperf-2.2.1-1.fc29 bind-9.11.5-2.P1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e883ebcad3

Comment 8 Fedora Update System 2019-02-18 13:18:17 UTC

dhcp-4.3.6-22.fc28 dnsperf-2.2.1-1.fc28 bind-dyndb-ldap-11.1-13.fc28 bind-9.11.5-2.P1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0

Comment 9 Fedora Update System 2019-02-19 06:27:45 UTC

bind-9.11.5-2.P1.fc29, bind-dyndb-ldap-11.1-13.fc29, dhcp-4.3.6-29.fc29, dnsperf-2.2.1-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e883ebcad3

Comment 10 Fedora Update System 2019-02-19 07:07:13 UTC

bind-9.11.5-2.P1.fc28, bind-dyndb-ldap-11.1-13.fc28, dhcp-4.3.6-22.fc28, dnsperf-2.2.1-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0

Comment 11 Fedora Update System 2019-02-21 02:57:16 UTC

bind-9.11.5-2.P1.fc29, bind-dyndb-ldap-11.1-13.fc29, dhcp-4.3.6-29.fc29, dnsperf-2.2.1-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.