Report information
The Basics
Id:
46435
Status:
resolved
Priority:
Low/Low
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
Cc:
AdminCc:
BugTracker
Version Fixed:
9.11.3, 9.12.0
Version Found:
9.11.1-P3
Versions Affected:
9.11.0+(?)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
BIND Server
Area:
bug
Dates
Created:Mon, 30 Oct 2017 14:00:40 -0400
Updated:Wed, 03 Jan 2018 17:51:49 -0500
Closed:Tue, 02 Jan 2018 15:02:41 -0500

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Mon, 30 Oct 2017 14:00:41 -0400 Brian Conry <bconry@isc.org> - Ticket created
To: bind9-public@isc.org
From: bconry@isc.org
Subject: Duplicate zone names in NZF
Date: Mon, 30 Oct 2017 18:00:40 +0000

A customer has observed rare instances when a NZF contains duplicate zone names after a sequence of zone additions and removals. No triggering sequences have been captured yet.
  Tue, 31 Oct 2017 17:20:01 -0400 Brian Conry <bconry@isc.org> - Correspondence added

Looking at do_addzone in bin/named/server.c, I see that there's a gap between the check in the view->zonetable to confirm that the zone doesn't already exist and when taskexclusive is started to actually add the zone, so it looks like all it will take is rndc commands recieved sufficiently close together to cause this. Clearly the check for the existence of the zone needs to be in the exclusive section.
Tue, 31 Oct 2017 17:20:02 -0400 The RT System itself - Status changed from 'new' to 'open'
Wed, 01 Nov 2017 10:48:58 -0400 Brian Conry <bconry@isc.org> - Reference by https://support.isc.org/Ticket/Display.html?id=12026 added
Wed, 01 Nov 2017 17:10:17 -0400 Brian Conry <bconry@isc.org> - Priority P2 Normal added
Fri, 03 Nov 2017 09:47:07 -0400 Brian Conry <bconry@isc.org> - Reference by https://support.isc.org/Ticket/Display.html?id=11993 added
  Wed, 13 Dec 2017 18:03:15 -0500 Brian Conry <bconry@isc.org> - Correspondence added

I have discovered a sequence that reliably reproduces the issue in ISC BIND 9.11.1-P3: rndc addzone "test1.baz" '{ type master; file "e.db"; };' rndc addzone "test2.baz" '{ type master; file "dne.db"; };' rndc addzone "test2.baz" '{ type master; file "dne.db"; };' rndc addzone "test3.baz" '{ type master; file "e.db"; };' rndc delzone "test3.baz" As hinted at by the filenames, "e.db" should exist and be a proper zone file while "dne.db" should not exist or not be a proper zone file. This will allow test1.baz and test3.baz to be created but test2.baz will not be created because the zone will fail to load. On the delete of "test3.baz" the .nzf file will suddenly have two entries for test2.baz. This suggests that the issue is in how the addzone is rolled back when a zone fails to load.
  Fri, 15 Dec 2017 13:07:49 -0500 Brian Conry <bconry@isc.org> - Correspondence added

On Wed Dec 13 23:03:15 2017, bconry wrote: > This suggests that the issue is in how the addzone is rolled back when a > zone fails to load. I have done additional testing and confirmed that the root issue is that the backing out of the zone due to it being unable to load (and probably some other conditions) is incomplete, with the zone remaining listed in view->nzf_config. This doesn't show up with only 'addzone' operations because 'addzone' uses the "optimization" of merely appending the new information to the existing file rather than rewriting the file from the nzf_config. I think it may be as simple as the '#ifndef HAVE_LMDB' block that adds the entry to the view's nzf_config being too soon. It ought to either be after the check for the zone being loaded or else logic needs to be added to the failure path to remove that data.
Fri, 15 Dec 2017 14:19:55 -0500 Brian Conry <bconry@isc.org> - Versions Affected 9.11.0+(?) added
Fri, 15 Dec 2017 15:09:24 -0500 Mark Andrews <marka@isc.org> - Taken
  Fri, 15 Dec 2017 16:37:14 -0500 Mark Andrews <marka@isc.org> - Correspondence added

Ready for review. Of the two cases where cfg_parser_mapadd is called only one needed reversal on failure.
Fri, 15 Dec 2017 16:37:15 -0500 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'review'
Fri, 15 Dec 2017 16:37:15 -0500 Mark Andrews <marka@isc.org> - Untaken
  Mon, 18 Dec 2017 09:21:26 -0500 Ray Bellis <ray@isc.org> - Correspondence added
From: "Ray Bellis" <ray@isc.org>
Subject: Re: [ISC-Bugs #46435] Duplicate zone names in NZF
Date: Mon, 18 Dec 2017 14:20:15 +0000
To: bind9-public@isc.org

On 15/12/2017 21:37, Mark Andrews via RT wrote: > Ready for review. Of the two cases where cfg_parser_mapadd is called only one needed reversal on failure. Build error with --enable-developer on FC27: gcc -I/home/ray/src/bind9 -I../.. -I./include -I./unix/include -I. -I/home/ray/src/bind9/lib/ns/include -I../../lib/ns/include -I/home/ray/src/bind9/lib/dns/include -I../../lib/dns/include -I/home/ray/src/bind9/lib/bind9/include -I../../lib/bind9/include -I/home/ray/src/bind9/lib/isccfg/include -I../../lib/isccfg/include -I/home/ray/src/bind9/lib/isccc/include -I../../lib/isccc/include -I/home/ray/src/bind9/lib/isc/include -I../../lib/isc -I../../lib/isc/include -I../../lib/isc/unix/include -I../../lib/isc/pthreads/include -I../../lib/isc/x86_32/include -I../../contrib/dlz/drivers/include -I/home/ray/src/bind9/unit/atf/include -D_REENTRANT -DCONTRIB_DLZ -DDLZ_FILESYSTEM -DOPENSSL -DISC_MEM_DEFAULTFILL=1 -DISC_LIST_CHECKINIT=1 -DNS_HOOKS_ENABLE=1 -D_GNU_SOURCE -DNS_HOOKS_ENABLE=1 -g -O2 -I/usr/include/libxml2 -fPIC -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing -fno-delete-null-pointer-checks -Wshadow -Werror \ -DPRODUCT=\""BIND"\" \ -DVERSION=\"9.13.0-dev\" -c ./server.c ./server.c: In function ‘do_addzone’: ./server.c:12758:16: error: declaration of ‘tresult’ shadows a previous local [-Werror=shadow] isc_result_t tresult; ^~~~~~~ ./server.c:12606:23: note: shadowed declaration is here isc_result_t result, tresult; ^~~~~~~ cc1: all warnings being treated as errors
  Mon, 18 Dec 2017 17:35:59 -0500 Mark Andrews <marka@isc.org> - Correspondence added

On Mon Dec 18 04:21:26 2017, ray wrote: > On 15/12/2017 21:37, Mark Andrews via RT wrote: > > Ready for review. Of the two cases where cfg_parser_mapadd is called > > only one needed reversal on failure. > Build error with --enable-developer on FC27: > > gcc -I/home/ray/src/bind9 -I../.. -I./include -I./unix/include -I. > -I/home/ray/src/bind9/lib/ns/include -I../../lib/ns/include > -I/home/ray/src/bind9/lib/dns/include -I../../lib/dns/include > -I/home/ray/src/bind9/lib/bind9/include -I../../lib/bind9/include > -I/home/ray/src/bind9/lib/isccfg/include -I../../lib/isccfg/include > -I/home/ray/src/bind9/lib/isccc/include -I../../lib/isccc/include > -I/home/ray/src/bind9/lib/isc/include -I../../lib/isc > -I../../lib/isc/include -I../../lib/isc/unix/include > -I../../lib/isc/pthreads/include -I../../lib/isc/x86_32/include > -I../../contrib/dlz/drivers/include > -I/home/ray/src/bind9/unit/atf/include -D_REENTRANT -DCONTRIB_DLZ > -DDLZ_FILESYSTEM -DOPENSSL -DISC_MEM_DEFAULTFILL=1 > -DISC_LIST_CHECKINIT=1 -DNS_HOOKS_ENABLE=1 -D_GNU_SOURCE > -DNS_HOOKS_ENABLE=1 -g -O2 -I/usr/include/libxml2 -fPIC -W -Wall > -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat > -Wpointer-arith -fno-strict-aliasing -fno-delete-null-pointer-checks > -Wshadow -Werror \ > -DPRODUCT=\""BIND"\" \ > -DVERSION=\"9.13.0-dev\" -c ./server.c > ./server.c: In function ‘do_addzone’: > ./server.c:12758:16: error: declaration of ‘tresult’ shadows a > previous > local [-Werror=shadow] > isc_result_t tresult; > ^~~~~~~ > ./server.c:12606:23: note: shadowed declaration is here > isc_result_t result, tresult; > ^~~~~~~ > cc1: all warnings being treated as errors It looks like you failed to pull the latest change on that branch. Mark
Mon, 18 Dec 2017 17:36:00 -0500 Mark Andrews <marka@isc.org> - Severity S2 Normal added
  Tue, 19 Dec 2017 03:46:46 -0500 Ray Bellis <ray@isc.org> - Correspondence added
Date: Tue, 19 Dec 2017 08:46:40 +0000
Subject: Re: [ISC-Bugs #46435] Duplicate zone names in NZF
To: bind9-public@isc.org
From: "Ray Bellis" <ray@isc.org>

> It looks like you failed to pull the latest change on that branch. We must have overlapped. I had pulled very shortly before building, but it was a little while later that I made the report, presumably after you already fixed it.
  Wed, 20 Dec 2017 01:10:57 -0500 Mark Andrews <marka@isc.org> - Correspondence added

Approved by Ray over jabber
Wed, 20 Dec 2017 01:28:55 -0500 Mark Andrews <marka@isc.org> - Version Fixed 9.11.3, 9.12.1 added
  Wed, 20 Dec 2017 01:28:56 -0500 Mark Andrews <marka@isc.org> - Correspondence added

4849. [bug] Duplicate zones could appear in the .nzf file if addzone failed. [RT #46435]
Wed, 20 Dec 2017 01:28:57 -0500 Mark Andrews <marka@isc.org> - Status changed from 'review' to 'resolved'
Tue, 02 Jan 2018 14:01:45 -0500 Brian Conry <bconry@isc.org> - Status changed from 'resolved' to 'open'
Tue, 02 Jan 2018 15:02:41 -0500 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'open' to 'resolved'
Wed, 03 Jan 2018 17:51:49 -0500 Mark Andrews <marka@isc.org> - Version Fixed 9.11.3, 9.12.1 changed to 9.11.3, 9.12.0