Report information
The Basics
Id:
37093
Status:
resolved
Priority:
Medium/Medium
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
Mark Andrews <marka@isc.org>
Cc:
AdminCc:
BugTracker
Version Fixed:
9.8.8, 9.9.6, 9.9.6-S1, 9.10.1, 9.11.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
(no value)
Severity:
S1 High
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
bug
Dates
Created:Thu, 04 Sep 2014 19:11:17 -0400
Updated:Sat, 29 Jul 2017 02:28:20 -0400
Closed:Wed, 22 Oct 2014 01:40:44 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Thu, 04 Sep 2014 19:11:17 -0400 Mark Andrews <marka@isc.org> - Ticket created
Subject: this should not validate but it does.
Date: Fri, 05 Sep 2014 09:11:12 +1000
To: bind9-bugs@isc.org
From: Mark Andrews <marka@isc.org>

The mail2.clarion-hotels.cz NSEC proves that mail2.clarion-hotels.cz exist so the wildcard (*.clarion-hotels.cz) should not match. Mark ; <<>> DiG 9.11.0pre-alpha <<>> _tcp.mail2.clarion-hotels.cz tlsa +dnssec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18595 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;_tcp.mail2.clarion-hotels.cz. IN TLSA ;; ANSWER SECTION: _tcp.mail2.clarion-hotels.cz. 1778 IN CNAME clarion-hotels.cz. _tcp.mail2.clarion-hotels.cz. 1778 IN RRSIG CNAME 5 2 1800 20140924121306 20140825121306 13077 clarion-hotels.cz. M8OQ5fcnOYPX2XXvV9Cgefkjv2AHYFLAMeDfUpBuSk1PBFG6s/4tMSLb C/0r72TOjZupOHe5vizyzamAcE6m7dA4tlXGlWkTapf95lKFRokqjQow eRESgmZSS/b43jgxLv/+FRsu3rYnz77j3cC413qBn0PDDKLbepk0YEZC yTk= ;; AUTHORITY SECTION: mail2.clarion-hotels.cz. 1778 IN NSEC clarion-hotels.cz. A RRSIG NSEC mail2.clarion-hotels.cz. 1778 IN RRSIG NSEC 5 3 3600 20140924121306 20140825121306 13077 clarion-hotels.cz. WlUUsb1EqhP5mUfJ5DXpxvVs7Tw4h5802WCwXy4B2NByTbj3SfurhbV7 HBxPFA/I5OR4VkbWsFr7LlOpb93xRmEXt98afdrzzrKIgMIoNHu4oHDe ykeuV/7epjuHOxpZUKtfhe48ktKZ0NRievAyCUxiJA8evpgifR7AKKqS yGA= clarion-hotels.cz. 1625 IN SOA ns.forpsi.net. admin.forpsi.com. 2014082501 3600 1800 2592000 3600 clarion-hotels.cz. 1625 IN RRSIG SOA 5 2 3600 20140924121306 20140825121306 13077 clarion-hotels.cz. F5DurWWNlg9zQrvFMQrdNNjH58Zv/TTVBQSOtslMYlwXWp3ZcJGCC1Ra veDuerwFv5dQUsBQIJpQc5eZmyXXH8YA5rOLBK1x19ej0hl1T3yi3pG6 4SJFCrzSIIFVKzX7nKDtfnFK/Zq3X6db7oh9I+gpNnyojuDCccuQNwov kQw= clarion-hotels.cz. 1625 IN RRSIG NSEC 5 2 3600 20140924121306 20140825121306 13077 clarion-hotels.cz. OOeXzp0449w2dXf6zdvnidH69d27+9kPH6fJP9CK+coXuMiZ7WwheIn8 qZrhqYPu9xrnpgmYYkOeuaWDq2b+7rxKzzJTw/0hAjjO8vKRMr2sPyNi CpM2btBTM2FrKZvFJZegMYafo37QH05cg47hXAjEiyEYCMlJfNmMx+AN le8= clarion-hotels.cz. 1625 IN NSEC *.clarion-hotels.cz. A NS SOA MX RRSIG NSEC DNSKEY ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Sep 05 09:06:45 EST 2014 ;; MSG SIZE rcvd: 925 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Thu, 04 Sep 2014 20:42:24 -0400 Mark Andrews <marka@isc.org> - Taken
Thu, 04 Sep 2014 20:44:46 -0400 Mark Andrews <marka@isc.org> - Status changed from 'new' to 'open'
Thu, 04 Sep 2014 21:18:58 -0400 Mark Andrews <marka@isc.org> - Queue changed from #6 to #7
Thu, 04 Sep 2014 21:18:58 -0400 Mark Andrews <marka@isc.org> - Given to Nobody in particular
Thu, 04 Sep 2014 21:54:45 -0400 Evan Hunt <Evan_Hunt@isc.org> - Given to Mark Andrews <marka@isc.org>
Thu, 04 Sep 2014 22:16:15 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.8.8,9.9.6,9.9.6(sub),9.10.1,9.11.0 added
Thu, 04 Sep 2014 22:16:16 -0400 Mark Andrews <marka@isc.org> - Queue changed from #7 to #30
Thu, 04 Sep 2014 22:16:16 -0400 Mark Andrews <marka@isc.org> - Given to Nobody in particular
Thu, 04 Sep 2014 22:17:22 -0400 Mark Andrews <marka@isc.org> - Member #37094: added
Wed, 22 Oct 2014 01:40:44 -0400 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'open' to 'resolved'
Tue, 02 Aug 2016 17:51:25 -0400 Vicky Risk <vicky@isc.org> - Severity S1 High added
Tue, 02 Aug 2016 17:51:26 -0400 Vicky Risk <vicky@isc.org> - Area bug added
Wed, 21 Jun 2017 14:36:13 -0400 Brian Conry <bconry@isc.org> - Queue changed from #30 to #6
Mon, 26 Jun 2017 17:15:00 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #6 to bind9-public
Sat, 29 Jul 2017 02:28:20 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.8.8,9.9.6,9.9.6(sub),9.10.1,9.11.0 changed to 9.8.8, 9.9.6, 9.9.6-S1, 9.10.1, 9.11.0