Bug 912743
| Summary: | Invalid update policy can crash BIND with bind-dyndb-ldap | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Petr Spacek <pspacek> |
| Component: | bind-dyndb-ldap | Assignee: | Petr Spacek <pspacek> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | dpal, nsoman, pspacek |
| Target Milestone: | pre-dev-freeze | ||
| Target Release: | 7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | bind-dyndb-ldap-3.5-1.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 10:48:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Petr Spacek
2013-02-19 15:01:32 UTC
Please add steps to verify this The step is on top of the description:
Define a zone with following update policy:
{{{
grant R.TEST wildcard x*x;
}}}
Using bind-dyndb-ldap-3.5-3.el7.x86_64, ipa-server-3.3.3-15.el7.x86_64 Took steps below: # ipa dnszone-add Authoritative nameserver: cloud-qe-4.testrelm.com. Zone name: bz912743Zone Administrator e-mail address [hostmaster.bz912743zone.]: Zone name: bz912743zone Authoritative nameserver: cloud-qe-4.testrelm.com. Administrator e-mail address: hostmaster.bz912743zone. SOA serial: 1391111690 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; # ipa dnszone-mod bz912743Zone --update-policy="grant R.TEST wildcard x*x;" Zone name: bz912743zone Authoritative nameserver: cloud-qe-4.testrelm.com. Administrator e-mail address: hostmaster.bz912743zone. SOA serial: 1391111692 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant R.TEST wildcard x*x; Active zone: TRUE Allow query: any; Allow transfer: none; # ipa dnszone-mod --admin-email=nk bz912743Zone Zone name: bz912743zone Authoritative nameserver: cloud-qe-4.testrelm.com. Administrator e-mail address: nk.testrelm.com. SOA serial: 1391111692 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; # ipa dnszone-show bz912743Zone --all dn: idnsname=bz912743zone,cn=dns,dc=testrelm,dc=com Zone name: bz912743zone Authoritative nameserver: cloud-qe-4.testrelm.com. Administrator e-mail address: nk.testrelm.com. SOA serial: 1391111775 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant R.TEST wildcard x*x; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; nsrecord: cloud-qe-4.testrelm.com. objectclass: top, idnsrecord, idnszone # systemctl restart named Check /var/log/messages, saw no messages similar to "'x*x' is not a wildcard" Not sure - if that verifies this bug. Petr, any further steps/verifications needed? According to https://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=33bad9e66f346d40dc3510719898d03ccb79b2f4 you should see message "invalid update policy: name '%s' is expected to be a wildcard". Hmm, I just noticed this line: Dynamic update: FALSE. You have to enable updates - the update policy is not applied if updates are disabled. yes - that helped - thanks!! Verified bz taking steps below: # ipa dnszone-add Authoritative nameserver: cloud-qe-4.testrelm.com. Zone name: bz912743Zone Administrator e-mail address [hostmaster.bz912743zone.]: Zone name: bz912743zone Authoritative nameserver: cloud-qe-4.testrelm.com. Administrator e-mail address: hostmaster.bz912743zone. SOA serial: 1391532088 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; # ipa dnszone-mod bz912743Zone --dynamic-update=TRUE Zone name: bz912743zone Authoritative nameserver: cloud-qe-4.testrelm.com. Administrator e-mail address: hostmaster.bz912743zone. SOA serial: 1391532090 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Dynamic update: TRUE Allow query: any; Allow transfer: none; # ipa dnszone-mod bz912743Zone --update-policy="grant R.TEST wildcard x*x;" Zone name: bz912743zone Authoritative nameserver: cloud-qe-4.testrelm.com. Administrator e-mail address: hostmaster.bz912743zone. SOA serial: 1391532090 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant R.TEST wildcard x*x; Active zone: TRUE Allow query: any; Allow transfer: none; # grep "is expected to be a wildcard" /var/log/messages Feb 4 11:42:58 cloud-qe-4 named[20178]: zone bz912743zone/IN: invalid update policy: name 'x*x' is expected to be a wildcard This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |