Report information
The Basics
Id:
47009
Status:
open
Priority:
Medium/Medium
Queue:
bind9-public
People
Owner:
Mukund Sivaraman <muks@isc.org>
Requestors:
Cc:
AdminCc:
BugTracker
Version Fixed:
9.13.0, 9.12.1, 9.11.3, 9.10.7, 9.9.12
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
bug
Dates
Created:Tue, 16 Jan 2018 12:32:56 -0500
Updated:Fri, 26 Jan 2018 13:43:48 -0500
Closed:Mon, 22 Jan 2018 15:11:20 -0500

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Tue, 16 Jan 2018 12:32:56 -0500 Mukund Sivaraman <muks@isc.org> - Ticket created
To: bind9-confidential@isc.org
Subject: named accepts TKEY to load to a zone
Date: Tue, 16 Jan 2018 23:02:43 +0530
From: "Mukund Sivaraman" <muks@isc.org>

named allows TKEY RDATA in zone files.
Tue, 16 Jan 2018 12:34:42 -0500 Mukund Sivaraman <muks@isc.org> - Reference by https://support.isc.org/Ticket/Display.html?id=12292 added
  Tue, 16 Jan 2018 12:43:30 -0500 Mukund Sivaraman <muks@isc.org> - Correspondence added
Date: Tue, 16 Jan 2018 23:13:23 +0530
From: "Mukund Sivaraman" <muks@isc.org>
To: "Mukund Sivaraman via RT" <bind9-confidential@isc.org>
Subject: Re: [ISC-Bugs #47009] named accepts TKEY to load to a zone

Please review rt47009. Mukund
Tue, 16 Jan 2018 12:43:31 -0500 The RT System itself - Status changed from 'new' to 'open'
Tue, 16 Jan 2018 12:44:05 -0500 Mukund Sivaraman <muks@isc.org> - Status changed from 'open' to 'review'
  Tue, 16 Jan 2018 15:34:06 -0500 Mark Andrews <marka@isc.org> - Correspondence added

similar code needs to be added to generate()
  Tue, 16 Jan 2018 16:57:55 -0500 Mukund Sivaraman <muks@isc.org> - Correspondence added
Subject: Re: [ISC-Bugs #47009] named accepts TKEY to load to a zone
To: "Mark Andrews via RT" <bind9-confidential@isc.org>
From: "Mukund Sivaraman" <muks@isc.org>
Date: Wed, 17 Jan 2018 03:27:46 +0530

On Tue, Jan 16, 2018 at 08:34:06PM +0000, Mark Andrews via RT wrote: > similar code needs to be added to generate() Done. Please re-review. Mukund
Tue, 16 Jan 2018 16:58:05 -0500 Mukund Sivaraman <muks@isc.org> - Given to Mark Andrews <marka@isc.org>
  Tue, 16 Jan 2018 18:24:25 -0500 Evan Hunt <Evan_Hunt@isc.org> - Correspondence added

I don't think it's necessary to worry about xfrin, but I do think UPDATE is a good idea. I pushed a suggested change, but I haven't been able to come up with a working test, nsupdate doesn't seem to want to parse a TKEY rdata. I'm probably doing something wrong.
  Tue, 16 Jan 2018 18:58:06 -0500 Mark Andrews <marka@isc.org> - Correspondence added
From: "Mark Andrews" <marka@isc.org>
Subject: Re: [ISC-Bugs #47009] named accepts TKEY to load to a zone
Date: Wed, 17 Jan 2018 10:57:58 +1100
To: bind9-confidential@isc.org

Already handled. if (update_class == zoneclass) { /* * Check for meta-RRs. The RFC2136 pseudocode says * check for ANY|AXFR|MAILA|MAILB, but the text adds * "or any other QUERY metatype" */ if (dns_rdatatype_ismeta(rdata.type)) { FAILC(DNS_R_FORMERR, "meta-RR in update"); } result = dns_zone_checknames(zone, name, &rdata); if (result != ISC_R_SUCCESS) FAIL(DNS_R_REFUSED); > On 17 Jan 2018, at 10:24 am, Evan Hunt via RT <bind9-confidential@isc.org> wrote: > > I don't think it's necessary to worry about xfrin, but I do think UPDATE is > a good idea. I pushed a suggested change, but I haven't been able to come up > with a working test, nsupdate doesn't seem to want to parse a TKEY rdata. > I'm probably doing something wrong. > > -- > Ticket History: https://bugs.isc.org/Ticket/Display.html?id=47009 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
  Tue, 16 Jan 2018 23:49:53 -0500 Mark Andrews <marka@isc.org> - Correspondence added

Added TKEY rejection test to nsupdate. Removed redundant is meta test. looks good to go.
Tue, 16 Jan 2018 23:49:54 -0500 Mark Andrews <marka@isc.org> - Priority P2 Normal added
Tue, 16 Jan 2018 23:49:54 -0500 Mark Andrews <marka@isc.org> - Severity S2 Normal added
Tue, 16 Jan 2018 23:50:51 -0500 Mark Andrews <marka@isc.org> - Given to Mukund Sivaraman <muks@isc.org>
Mon, 22 Jan 2018 15:11:21 -0500 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'review' to 'resolved'
Mon, 22 Jan 2018 15:11:22 -0500 Evan Hunt <Evan_Hunt@isc.org> - Version Fixed 9.13.0, 9.12.1, 9.11.3, 9.10.7, 9.9.12 added
Fri, 26 Jan 2018 13:41:46 -0500 Cathy Almond <cathya@isc.org> - Queue changed from #6 to bind9-public
  Fri, 26 Jan 2018 13:43:46 -0500 Cathy Almond <cathya@isc.org> - Correspondence added

Will be included in: 9.13.0, 9.12.1, 9.11.3, 9.10.7, 9.9.12 4872. [bug] Don't permit loading meta RR types such as TKEY from master files. [RT #47009]
Fri, 26 Jan 2018 13:43:48 -0500 The RT System itself - Status changed from 'resolved' to 'open'