Report information
The Basics
Id:
46645
Status:
resolved
Priority:
Low/Low
Queue:
bind9-public
People
BugTracker
Version Fixed:
9.11.3, 9.12.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P3 Low
Severity:
S3 Low
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
BIND Server
Area:
bug
Dates
Created:Tue, 21 Nov 2017 05:56:11 -0500
Updated:Thu, 23 Nov 2017 03:50:27 -0500
Closed:Thu, 23 Nov 2017 03:50:27 -0500

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Tue, 21 Nov 2017 05:56:12 -0500 Michał Kępień <michal@isc.org> - Ticket created
To: bind9-public@isc.org
From: michal@isc.org
Subject: Prevent bogus "DNSSEC validation may be at risk" warning from being logged
Date: Tue, 21 Nov 2017 11:56:11 +0100

If two key refreshes are triggered (using "rndc managed-keys refresh") and completed within the same second and both receive successfully validated, identical responses that do not cause a new key to be added or an already existing key to be removed, the following message will be logged: 21-Nov-2017 11:45:03.871 managed-keys-zone: error during managed-keys processing (no more): DNSSEC validation may be at risk This message should be suppressed, because the sequence of events causing it to be logged is harmless to DNSSEC validation.
  Tue, 21 Nov 2017 06:08:55 -0500 Michał Kępień <michal@isc.org> - Correspondence added

Please review rt46645 which fixes the problem by resetting result to ISC_R_SUCCESS before the "failure" label is reached when result is ISC_R_NOMORE and the list of records to modify after processing a key fetch is empty.
Tue, 21 Nov 2017 06:08:56 -0500 The RT System itself - Status changed from 'new' to 'open'
Tue, 21 Nov 2017 06:08:56 -0500 Michał Kępień <michal@isc.org> - Status changed from 'open' to 'review'
  Thu, 23 Nov 2017 01:16:08 -0500 Mark Andrews <marka@isc.org> - Correspondence added

looks fine
Thu, 23 Nov 2017 01:16:09 -0500 Mark Andrews <marka@isc.org> - Given to Michał Kępień <michal@isc.org>
  Thu, 23 Nov 2017 03:50:26 -0500 Michał Kępień <michal@isc.org> - Correspondence added

4825. [bug] Prevent a bogus "error during managed-keys processing (no more)" warning from being logged. [RT #46645] 9.11.3, 9.12.0 (Skipped 9.9 and 9.10; even though the patch would apply cleanly, those branches do not support "rndc managed-keys refresh", so I see no way this bug could be triggered there.)
Thu, 23 Nov 2017 03:50:27 -0500 Michał Kępień <michal@isc.org> - Status changed from 'review' to 'resolved'
Thu, 23 Nov 2017 03:50:27 -0500 Michał Kępień <michal@isc.org> - Version Fixed 9.11.3, 9.12.0 added