Bug #45641 for bind9-public: dnssec-keymgr reports syntax error when dnssec-policy.conf contains zones beginning with a digit, does not exit correctly

Fri, 28 Jul 2017 10:51:36 -0400 Cathy Almond <cathya@isc.org> - Ticket created

To:	bind9-confidential@isc.org
Date:	Fri, 28 Jul 2017 14:51:35 +0000
From:	cathya@isc.org
Subject:	dnssec-keymgr reports syntax error when dnssec-policy.conf contains zones beginning with a digit, does not exit correctly

For example, with this dnssec-policy.conf: ################################################################################ ## Do not edit this file, it is autogenerated, edit dnssec-policy.conf.proto ## ################################################################################ policy default-dnssec { directory "/etc/namedb/keys"; algorithm rsasha512; key-size zsk 1024; key-size ksk 2048; pre-publish zsk 2w; post-publish zsk 2w; roll-period zsk 2mo; roll-period ksk 0; coverage 6mo; }; algorithm-policy RSASHA1 { post-publish zsk 2w; pre-publish zsk 2w; roll-period zsk 2mo; roll-period ksk 0; coverage 6mo; }; zone 99example.com { policy default-dnssec; }; Output when run: # dnssec-keymgr /usr/local/etc/namedb/dnssec-policy.conf:23:syntax error near '99' ... never exits. Domains beginning with numbers do exist, hence the script should be able to work with them.

Fri, 28 Jul 2017 13:01:10 -0400 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'new' to 'review'

Fri, 28 Jul 2017 13:01:10 -0400 Evan Hunt <Evan_Hunt@isc.org> - Queue changed from #6 to bind9-public

Fri, 28 Jul 2017 13:23:12 -0400 Evan Hunt <Evan_Hunt@isc.org> - Correspondence added

Please review rt45641. The python lex/yacc module won't allow names to begin with digits because it's ambiguous whether it's parsing a number or a name. However, if the name is quoted, then digits are okay, so I've added QSTRING to the allowable tokens when parsing a domain name. zone "99example.com" { ... };

Mon, 31 Jul 2017 02:52:22 -0400 Mark Andrews <marka@isc.org> - Correspondence added

Looks fine as a workaround. We should see if we can remove the restriction in the future.

Mon, 31 Jul 2017 02:52:23 -0400 Mark Andrews <marka@isc.org> - Given to Evan Hunt <Evan_Hunt@isc.org>

Mon, 31 Jul 2017 13:45:31 -0400 Evan Hunt <Evan_Hunt@isc.org> - Correspondence added

4666. [bug] dnssec-keymgr: Domain names beginning with digits (0-9) could cause a parser error when reading the policy file. This now works correctly so long as the domain name is quoted. [RT #45641] 9.12.0, 9.11.3

Mon, 31 Jul 2017 13:45:31 -0400 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'review' to 'qa'

Mon, 31 Jul 2017 13:45:44 -0400 Evan Hunt <Evan_Hunt@isc.org> - Untaken

Mon, 31 Jul 2017 13:45:45 -0400 Evan Hunt <Evan_Hunt@isc.org> - Version Fixed 9.12.0, 9.11.3 added

Wed, 02 Aug 2017 06:54:56 -0400 Stephen Morris <stephen@isc.org> - Severity S2 Normal added

Wed, 02 Aug 2017 06:54:56 -0400 Stephen Morris <stephen@isc.org> - Component BIND Utilities added

Wed, 02 Aug 2017 06:54:56 -0400 Stephen Morris <stephen@isc.org> - Priority P2 Normal added

Thu, 03 Aug 2017 22:46:23 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.12.0, 9.11.3 changed to 9.11.3, 9.12.0

Mon, 18 Sep 2017 09:47:19 -0400 Stephen Morris <stephen@isc.org> - Correspondence added

This fixes the issues with zones starting with a number. The issue about dnssec-keymgr not exiting is a different issue: it depends on the operation system and/or version of Python. A separate ticket has been created to cover it (#46027). Resolving.

Mon, 18 Sep 2017 09:47:20 -0400 Stephen Morris <stephen@isc.org> - Status changed from 'qa' to 'resolved'

Created:	Fri, 28 Jul 2017 10:51:35 -0400
Updated:	Mon, 18 Sep 2017 09:47:20 -0400
Closed:	Mon, 18 Sep 2017 09:47:20 -0400

Bug #45641 for bind9-public: dnssec-keymgr reports syntax error when dnssec-policy.conf contains zones beginning with a digit, does not exit correctly

This bug tracker is no longer active.