Bug 2324186 - "host" utility doesn't always convert hostname argument into ACE string
Summary: "host" utility doesn't always convert hostname argument into ACE string
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: bind
Version: 42
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Petr Menšík
QA Contact: Fedora Extras Quality Assurance
URL: https://src.fedoraproject.org/rpms/bi...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-06 15:24 UTC by Renaud Métrich
Modified: 2025-10-13 10:33 UTC (History)
5 users (show)

Fixed In Version: bind-9.18.39-3.fc42 bind-9.18.39-3.fc44 bind-9.18.39-3.fc41.1 bind-9.18.39-4.fc43 bind-9.18.39-7.fc44
Clone Of:
Environment:
Last Closed: 2025-09-12 02:07:05 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Fedora Package Sources bind pull-request 44 0 None None None 2025-09-03 16:53:27 UTC
Gitlab redhat/centos-stream/tests bind merge_requests 18 0 None opened Initial test for IDN support in utilities 2025-09-04 16:53:47 UTC
Internet Systems Consortium (ISC) isc-projects bind9 issues 3527 0 None closed More lenient IDNA processing in dig 2024-11-06 20:38:05 UTC
Internet Systems Consortium (ISC) isc-projects bind9 merge_requests 9723 0 None opened Allow always IDN input in dig 2024-11-06 20:38:05 UTC
Red Hat Issue Tracker RHEL-66172 0 None None None 2024-11-06 20:38:05 UTC

Description Renaud Métrich 2024-11-06 15:24:16 UTC 
This is a "clone" of RHEL Jira https://issues.redhat.com/browse/RHEL-66172.

Resolving a hostname using *host* command works when having a TTY:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# host www.tribunal-fédéral.ch
www.xn--tribunal-fdral-kkbb.ch is an alias for bnetm.x.incapdns.net.
bnetm.x.incapdns.net has address 107.154.115.41
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

But it fails when not having a TTY, e.g.:
1. With piping the output

    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
    # host www.tribunal-fédéral.ch | cat
    Host www.tribunal-fédéral.ch not found: 3(NXDOMAIN)
    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

2. As a service

    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
    # systemd-run host www.tribunal-fédéral.ch
    Running as unit: run-r91b04b09794d4250884722ff003b9470.service
    # journalctl -u run-r91b04b09794d4250884722ff003b9470.service
    ... systemd[1]: Started /usr/bin/host -4 -T www.tribunal-fédéral.ch.
    ... host[33165]: Host www.tribunal-fédéral.ch not found: 3(NXDOMAIN){code}
    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

3.  As a cron

    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
    # crontab -e
    * * * * * host www.tribunal-fédéral.ch >/tmp/host.out
    # sleep 60; cat /tmp/host.out
    Host www.tribunal-fédéral.ch not found: 3(NXDOMAIN)
    -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

The reason for this is ACE conversion is performed only when having a TTY (line 607), which is wrong:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
 603 dig_lookup_t *
 604 make_empty_lookup(void) {
 605         dig_lookup_t *looknew;
 606 #ifdef HAVE_LIBIDN2
 607         bool idn_allowed = isatty(1) ? (getenv("IDN_DISABLE") == NULL) : false;
 608 #endif /* HAVE_LIBIDN2 */


2256 #ifdef HAVE_LIBIDN2 
2257         if (lookup->idnin) {
2258                 idn_locale_to_ace(textname, idn_textname, sizeof(idn_textname));
2259                 debug("idn_textname: %s", idn_textname);
2260                 textname = idn_textname;
2261         }
2262 #endif /* HAVE_LIBIDN2 */ 
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------


Reproducible: Always

Steps to Reproduce:
See details.




ADDITIONALLY (but unrelated somehow), even when there is a TTY, the result is "wrong somehow", since the FQDN returned as first line of "host" result is an ACE string:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# host www.tribunal-fédéral.ch
www.xn--tribunal-fdral-kkbb.ch is an alias for bnetm.x.incapdns.net.
bnetm.x.incapdns.net has address 107.154.115.41
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Here above "www.xn--tribunal-fdral-kkbb.ch" is returned instead of "www.tribunal-fédéral.ch".
RHEL9 returns the expected output.
Comment 1 Petr Menšík 2024-11-06 20:38:06 UTC 
Posted simple proposal to upstream: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9723
This is already changed in 9.20, fixed by upstream issue https://gitlab.isc.org/isc-projects/bind9/-/issues/3527
Comment 2 Aoife Moloney 2025-02-26 13:14:41 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 42 development cycle.
Changing version to 42.
Comment 3 Petr Menšík 2025-09-03 16:53:27 UTC 
Okay, upstream refused the proposal for bind 9.18. I agree in the end that proposal were not ideal. Will include a downstream change to enable IDN decoding even when stdout is not a terminal. In that case, disable just IDN output AND if input decoding fails, use whatever were passed as input directly.

That should remain mostly compatible enough while enabling desired IDN processing in all cases. Redirecting output will not change name queried if name is correctly formatted. It affects dig, host and nslookup commands.

After this change it would make host háčkyčárky.cz and "host háčkyčárky.cz | cat" commands query the same name.

It will make the query even with invalid input in special case, like:

echo www.tribunal-fédéral.ch | iconv -f utf-8 -t iso-8859-1 | xargs host | cat
Comment 4 Petr Menšík 2025-09-04 16:53:47 UTC 
Created relative simple test case for testing various behavior of utilities in IDN. Should pass also with 9.21 utilities, where behaviour were changed a bit.
Comment 5 Fedora Update System 2025-09-09 12:33:31 UTC 
FEDORA-2025-6583e6254c (bind-9.18.39-3.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-6583e6254c
Comment 6 Fedora Update System 2025-09-10 20:19:47 UTC 
FEDORA-2025-792e33d66b (bind-9.18.39-3.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-792e33d66b
Comment 7 Fedora Update System 2025-09-10 20:20:46 UTC 
FEDORA-2025-90ebed3884 (bind-9.18.39-3.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-90ebed3884
Comment 8 Fedora Update System 2025-09-10 20:55:12 UTC 
FEDORA-2025-4922878d8c (bind-9.18.39-3.fc41.1 and bind-dyndb-ldap-11.10-34.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-4922878d8c
Comment 9 Fedora Update System 2025-09-11 01:31:51 UTC 
FEDORA-2025-792e33d66b has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-792e33d66b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-792e33d66b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 10 Fedora Update System 2025-09-11 02:00:14 UTC 
FEDORA-2025-4922878d8c has been pushed to the Fedora 41 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-4922878d8c`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-4922878d8c

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 11 Fedora Update System 2025-09-11 02:22:41 UTC 
FEDORA-2025-90ebed3884 has been pushed to the Fedora 43 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-90ebed3884`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-90ebed3884

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 12 Fedora Update System 2025-09-12 02:07:05 UTC 
FEDORA-2025-792e33d66b (bind-9.18.39-3.fc42) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 13 Fedora Update System 2025-09-12 14:17:00 UTC 
FEDORA-2025-6583e6254c (bind-9.18.39-3.fc44) has been pushed to the Fedora 44 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 14 Fedora Update System 2025-09-16 01:24:11 UTC 
FEDORA-2025-4922878d8c (bind-9.18.39-3.fc41.1 and bind-dyndb-ldap-11.10-34.fc41) has been pushed to the Fedora 41 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 15 Fedora Update System 2025-09-20 00:19:06 UTC 
FEDORA-2025-38c04b3b25 (bind-9.18.39-4.fc43 and bind-dyndb-ldap-11.11-7.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 16 Fedora Update System 2025-10-13 09:43:39 UTC 
FEDORA-2025-c64854e3ed (bind-9.18.39-7.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-c64854e3ed
Comment 17 Fedora Update System 2025-10-13 10:33:36 UTC 
FEDORA-2025-c64854e3ed (bind-9.18.39-7.fc44) has been pushed to the Fedora 44 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.