X-Scanned-BY: MIMEDefang 2.68 on 10.5.11.27 MIME-Version: 1.0 X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0 content-type: text/plain; charset="utf-8"; format="flowed" Message-ID: <538EF176.5050302@redhat.com> Organization: Red Hat Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) by bugs.isc.org (Postfix) with ESMTP id 249C32D20051 for ; Wed, 4 Jun 2014 10:14:20 +0000 (UTC) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.pao1.isc.org (Postfix) with ESMTP id B43613493B1 for ; Wed, 4 Jun 2014 10:14:18 +0000 (UTC) (envelope-from pspacek@redhat.com) Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s54AEHTC001524 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 4 Jun 2014 06:14:17 -0400 Received: from pspacek.brq.redhat.com (vpn1-6-107.ams2.redhat.com [10.36.6.107]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s54AEFbI012467 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Wed, 4 Jun 2014 06:14:16 -0400 Delivered-To: bind9-bugs@bugs.isc.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 Subject: in-line signing: raw and secure zones getting out-of-sync Return-Path: X-Original-To: bind9-bugs@bugs.isc.org Date: Wed, 04 Jun 2014 12:14:14 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org To: bind9-bugs@isc.org Content-Transfer-Encoding: 7bit From: Petr Spacek X-RT-Original-Encoding: ISO-8859-1 Content-Length: 1642 Hello, I have found a bug in in-line signing. Raw and secure zones can get out-of-sync in one (weird) corner case. Version: bind-9.9.4-12.P2.fc20.x86_64 Steps to reproduce the problem ============================== 1) Configure insecure master zone "inline.test." and allow dynamic updates for it. 2) Do a dynamic update: # nsupdate << EOF update add a.inline.test. 3600 IN A 10.0.0.1 send EOF 3) Shutdown server: # rndc halt 4) Enable in-line signing for zone "inline.test." and start server. 5) Shutdown server again. # rndc halt 6) Disable in-line signing for zone "inline.test." and start server. 7) Do more dynamic updates: # nsupdate << EOF update del a.inline.test. 3600 IN A 10.0.0.1 send update add a.inline.test. 3600 IN A 10.0.0.2 send EOF 8) Shutdown server once again. # rndc halt 9) Enable in-line signing for zone "inline.test." and start server. 10) See what happened: dig a.inline.test ;; ANSWER SECTION: a.inline.test. 3600 IN A 10.0.0.1 a.inline.test. 3600 IN A 10.0.0.2 Problem analysis ================ IMHO the problem is that receive_secure_db() doesn't record source serial to secure zone's journal. Consequently, receive_secure_serial() re-reads more journal records than it should. As a result, dns_diff_appendminimal() calls in sync_secure_journal() coalesce changes which should not be coalesced. In the example above it means that sequence: update add a.inline.test. 3600 IN A 10.0.0.1 update del a.inline.test. 3600 IN A 10.0.0.1 is deleted from to-be-applied diff. Is this analysis correct? Are you planning to fix it in 9.9 or 9.10? Thank you for answer! -- Petr Spacek @ Red Hat