Bug #46213 for bind9-public: logging of local update-policy failures in maintenance releases

Report information

The Basics

Id:

46213

Status:

resolved

Priority:

Low/Low

Queue:

bind9-public

People

Owner:

Evan Hunt <Evan_Hunt@isc.org>

Requestors:

Evan Hunt <Evan_Hunt@isc.org>

Cc:

AdminCc:

BugTracker

Version Fixed:

9.12.0, 9.11.3, 9.10.7, 9.9.12

Version Found:

(no value)

Versions Affected:

(no value)

Versions Planned:

(no value)

Priority:

P2 Normal

Severity:

S2 Normal

CVSS Score:

(no value)

CVE ID:

(no value)

Component:

(no value)

Area:

feature

Dates

Created:	Fri, 06 Oct 2017 18:46:42 -0400
Updated:	Wed, 25 Oct 2017 04:15:45 -0400
Closed:	Wed, 25 Oct 2017 04:15:45 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History

Fri, 06 Oct 2017 18:46:43 -0400 Evan Hunt <Evan_Hunt@isc.org> - Ticket created

Subject:	logging of local update-policy failures in maintenance releases
To:	bind9-public@isc.org
From:	Evan_Hunt@isc.org
Date:	Fri, 06 Oct 2017 22:46:42 +0000

After merging 45492, update-policy local is now restricted to updates from local addresses that are signed by the local session key; previously only the session key was checked. This change was backported to 9.9 through 9.11 but support has asked for additional logging and/or documentation so users aren't taken by surprise.

Fri, 06 Oct 2017 19:54:01 -0400 Evan Hunt <Evan_Hunt@isc.org> - Correspondence added

Please review rt46213.

Fri, 06 Oct 2017 19:54:02 -0400 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'open' to 'review'

Fri, 06 Oct 2017 19:54:02 -0400 Evan Hunt <Evan_Hunt@isc.org> - Untaken

Wed, 25 Oct 2017 02:41:20 -0400 Mark Andrews <marka@isc.org> - Correspondence added

The local source port was being forced to port 5300. This is the same port as named is using which caused the test to fail. Fixed pushed. Good to commit.

Wed, 25 Oct 2017 02:41:20 -0400 Mark Andrews <marka@isc.org> - Given to Evan Hunt <Evan_Hunt@isc.org>

Wed, 25 Oct 2017 02:41:40 -0400 Mark Andrews <marka@isc.org> - Severity S2 Normal added

Wed, 25 Oct 2017 02:41:40 -0400 Mark Andrews <marka@isc.org> - Priority P2 Normal added

Wed, 25 Oct 2017 04:15:44 -0400 Evan Hunt <Evan_Hunt@isc.org> - Correspondence added

4788. [cleanup] When using "update-policy local", log a warning when an update matching the session key is received from a remote host. [RT #46213] 9.12.0, 9.11.3, 9.10.7, 9.9.12

Wed, 25 Oct 2017 04:15:45 -0400 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'review' to 'resolved'

Wed, 25 Oct 2017 04:15:45 -0400 Evan Hunt <Evan_Hunt@isc.org> - Version Fixed 9.12.0, 9.11.3, 9.10.7, 9.9.12 added