Report information
The Basics
Id:
46368
Status:
resolved
Priority:
Low/Low
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
Mark Andrews <marka@isc.org>
Cc:
AdminCc:
BugTracker
Version Fixed:
9.11.3, 9.12.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
bug
Dates
Created:Sun, 22 Oct 2017 23:55:38 -0400
Updated:Mon, 23 Oct 2017 18:57:16 -0400
Closed:Mon, 23 Oct 2017 18:57:16 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Sun, 22 Oct 2017 23:55:40 -0400 Mark Andrews <marka@isc.org> - Ticket created
From: marka@isc.org
Date: Sun, 22 Oct 2017 17:55:38 -1000
To: bind9-public@isc.org
Subject: dnssec: system test failing for: NTA persistence across restarts

I: testing NTA persistence across restarts (126) I:ns4 Negative trust anchor added: bogus.example/_default, expires 22-Oct-2017 12:23:54.000 I:ns4 Negative trust anchor added: badds.example/_default, expires 22-Oct-2017 12:23:34.000 I:failed - NTA persistence: adding NTA's failed I:killing ns4 with SIGTERM I:waiting till 14s have passed since NTAs were added before restarting ns4 I:restarted server ns4 I:sleeping for an additional 4 seconds for ns4 to fully startup head rndc.out.ns4.test126.* ==> rndc.out.ns4.test126.1 <== fakenode.secure.example: expired 22-Oct-2017 12:23:17.000 ==> rndc.out.ns4.test126.2 <== badds.example: expiry 22-Oct-2017 12:23:34.000 bogus.example: expiry 22-Oct-2017 12:23:54.000 fakenode.secure.example: expiry 22-Oct-2017 12:23:24.000 ==> rndc.out.ns4.test126.3 <== bogus.example: expiry 22-Oct-2017 12:23:54.000 ==> rndc.out.ns4.test126.6 <== Negative trust anchor removed: bogus.example/_default
Mon, 23 Oct 2017 04:06:36 -0400 Mark Andrews <marka@isc.org> - Priority P2 Normal added
Mon, 23 Oct 2017 04:06:36 -0400 Mark Andrews <marka@isc.org> - Severity S2 Normal added
  Mon, 23 Oct 2017 04:06:37 -0400 Mark Andrews <marka@isc.org> - Correspondence added

ready for review When the fetch completed nta->expiry was set to now which was treated as active rather than expired. Expire at the start of the second rather than at then end of the second.
Mon, 23 Oct 2017 04:06:37 -0400 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'review'
  Mon, 23 Oct 2017 17:04:38 -0400 Evan Hunt <Evan_Hunt@isc.org> - Correspondence added

Code looks fine, dnssec test passes, okay to commit.
Mon, 23 Oct 2017 17:04:39 -0400 Evan Hunt <Evan_Hunt@isc.org> - Given to Mark Andrews <marka@isc.org>
Mon, 23 Oct 2017 18:57:15 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.11.3, 9.12.0 added
Mon, 23 Oct 2017 18:57:15 -0400 Mark Andrews <marka@isc.org> - Area feature changed to bug
  Mon, 23 Oct 2017 18:57:15 -0400 Mark Andrews <marka@isc.org> - Correspondence added

4779. [bug] Expire NTA at the start of the second. Don't update the expiry value if the record has already expired after a successful check. [RT #46368]
Mon, 23 Oct 2017 18:57:16 -0400 Mark Andrews <marka@isc.org> - Status changed from 'review' to 'resolved'
Mon, 23 Oct 2017 18:57:16 -0400 Mark Andrews <marka@isc.org> - Untaken