syntax error in $GENERATE crashed all nameservers

/dev/rob0 rob0 at
Thu Aug 18 00:58:58 UTC 2011

On Wed, Aug 17, 2011 at 04:45:38PM -0400, bl ton wrote:
> We had a syntax error in our inverse zone file using GENERATE and 
> extra dash were added to the scope so '199--222' instead of 
> '199-222':
> $GENERATE 199--222 $ PTR 10-100-60-$

Ouch! Sorry to hear this!

> I would assume named will check the syntax error and refuse to load 
> this zone just like it normally does, but instead it tries to 
> generate millions of erroneous entry because it scanned '-222' to 
> the stop which created a huge number for the named to loop through 
> and the CPU at 100% and locked up 15 of our nameservers, some of 
> those need power recycle to respond to console.
> This is the first bug of that type we have seen, it's my 12th year 
> of running BIND for large site, another team member has nearly 20 
> years experience with BIND and we're surprised named doesn't catch 
> the syntax error.
> Should a syntax error in inverse zone file cause named to locking 
> up the machine?

You're calling this a bug and a syntax error. I disagree. I'd call 
this a typo and a user error.

> But there is checking in forward file and same syntax error were 
> caught:
> Aug 16 19:09:19 named named[4169]: 16-Aug-2011 19:09:19.609 
> general: error: dns_rdata_fromtext: buffer-0x42200470 : near 
> '': bad dotted quad
> Aug 16 20:00:02 named named[4169]: 16-Aug-2011 22:00:02.649 
> general: error: $GENERATE: Domain/ bad
> dotted quad
> Aug 16 20:00:02 named named[4169]: 16-Aug-2011 22:00:02.649 
> general: error: zone loading from master
> file Domain/test.example.edufailed: bad dotted quad

It's not the same error. You can create PTR names and values of 
anything you want. But the value for an A record is limited to the 
set of valid IPv4 addresses. Note that your A $GENERATE was quite 
happy until it reached 256.	IN	PTR		IN	PTR

Those are both valid, as was the entire $GENERATE range.	IN	A	IN	A

First one is valid, second one is not.

That said, I wouldn't have thought that a $GENERATE range could go 
"over the top" like that, so to speak. I could see calling that a 
possible bug.
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

More information about the bind-users mailing list