Report information
The Basics
Id:
45937
Status:
open
Priority:
Medium/Medium
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
Tony Finch <dot@dotat.at>
Cc:
AdminCc:
BugTracker
Version Fixed:
(no value)
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
(no value)
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
bug
Dates
Created:Wed, 06 Sep 2017 18:09:44 -0400
Updated:Wed, 27 Sep 2017 14:38:37 -0400
Closed:Not set

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Wed, 06 Sep 2017 18:09:45 -0400 Tony Finch <dot@dotat.at> - Ticket created
From: "Tony Finch" <dot@dotat.at>
CC: "Tony Finch" <dot@dotat.at>
Subject: conflicting zones make catz crash
Date: Wed, 6 Sep 2017 23:09:33 +0100
To: bind9-bugs@isc.org

I was trying an experiment to see what happens if I have an explicitly configured zone which is also listed in a catalog zone. e.g. initial config snippet catalog-zones { zone "catz.arpa.cam.ac.uk" zone-directory "/zs"; }; zone catz.arpa.cam.ac.uk { type slave; file "/zs/catz.arpa.cam.ac.uk"; masters { ucam; }; }; The catz has an entry for 10.in-addr.arpa. I add the following to named.conf zone 10.in-addr.arpa { type master; file "/zm/ten"; allow-query { cudn; }; }; then `rndc reconfig` says rndc: 'reconfig' failed: already exists and named logs: 2017-09-06.22:55:55.573 config: error: /etc/named.conf:202: zone '30.172.in-addr.arpa' already exists 2017-09-06.22:55:55.573 general: error: reloading configuration failed: already exists OK, I delete the zone 10 configuration clause, and run `rndc reconfig` again. named logs up to: 2017-09-06.22:56:04.490 general: info: automatic empty zone: view rec: EMPTY.AS112.ARPA 2017-09-06.22:56:04.490 config: warning: /etc/named.conf:192: catz: catalog zone 'catz.arpa.cam.ac.uk' will not be reconfigured then crashes :-( The wider question is what should happen when there is a conflict like this. For instance, we also act as a secondary for Imperial College, so it would be handy to use a catalog zone to do that. But I don't want to have to trust them not to break our servers by adding a cam.ac.uk zone. So ideally, I think explicitly configured zones should override / shadow zones listed in a catalog. And if there are multiple catalog zones, there should have a priority order so that zones listed in a higher priority catalog will override / shadow zones in a lower priority catalog. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ - I xn--zr8h punycode Biscay: Westerly or northwesterly 3 or 4, occasionally 5 in north. Moderate, occasionally rough in north. Mainly fair. Good.
  Wed, 06 Sep 2017 21:25:25 -0400 Mark Andrews <marka@isc.org> - Correspondence added
From: "Mark Andrews" <marka@isc.org>
Date: Thu, 07 Sep 2017 11:25:11 +1000
To: bind9-confidential@isc.org
Subject: Re: [ISC-Bugs #45937] conflicting zones make catz crash

Well it shouldn't crash. We are chasing down a similar issue on another ticket. When we get that sorted out we will send you a patch to check if it fixes the crash issue. As for the empty zone, it should be replaced if if a explicit declaration comes it. Similarly if a explicit declaration for a potential empty zone is removes we should check if we should instantiate it. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Wed, 06 Sep 2017 21:25:30 -0400 The RT System itself - Status changed from 'new' to 'open'
  Wed, 06 Sep 2017 21:27:21 -0400 Mark Andrews <marka@isc.org> - Correspondence added
Subject: Re: [ISC-Bugs #45937] conflicting zones make catz crash
To: bind9-confidential@isc.org
From: "Mark Andrews" <marka@isc.org>
Date: Thu, 07 Sep 2017 11:27:12 +1000

In general named.conf should trump catz. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
  Thu, 07 Sep 2017 06:27:33 -0400 Tony Finch <dot@dotat.at> - Correspondence added
Date: Thu, 7 Sep 2017 11:27:25 +0100
To: "Mark Andrews via RT" <bind9-confidential@isc.org>
Subject: Re: [ISC-Bugs #45937] conflicting zones make catz crash
From: "Tony Finch" <dot@dotat.at>

Mark Andrews via RT <bind9-confidential@isc.org> wrote: > > Well it shouldn't crash. We are chasing down a similar issue on > another ticket. When we get that sorted out we will send you a > patch to check if it fixes the crash issue. Thanks! Let me know if you need any more details on how to reproduce. > In general named.conf should trump catz. Good to know, thanks. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ - I xn--zr8h punycode Viking: Southerly 3 or 4, backing southeast 5 to 7, perhaps gale 8 later, then becoming variable 3 later in southwest. Slight or moderate, occasionally rough later. Rain. Moderate.
Wed, 27 Sep 2017 14:38:37 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #6 to bind9-public
Wed, 27 Sep 2017 14:38:37 -0400 Vicky Risk <vicky@isc.org> - Area bug added
Wed, 27 Sep 2017 14:38:37 -0400 Vicky Risk <vicky@isc.org> - Severity S2 Normal added