syntax error in $GENERATE crashed all nameservers

/dev/rob0 rob0 at gmx.co.uk
Thu Aug 18 00:58:58 UTC 2011


On Wed, Aug 17, 2011 at 04:45:38PM -0400, bl ton wrote:
> We had a syntax error in our inverse zone file using GENERATE and 
> extra dash were added to the scope so '199--222' instead of 
> '199-222':
> 
> $GENERATE 199--222 $ PTR 10-100-60-$.dhcp-bl.indiana.edu.

Ouch! Sorry to hear this!

> I would assume named will check the syntax error and refuse to load 
> this zone just like it normally does, but instead it tries to 
> generate millions of erroneous entry because it scanned '-222' to 
> the stop which created a huge number for the named to loop through 
> and the CPU at 100% and locked up 15 of our nameservers, some of 
> those need power recycle to respond to console.
> 
> This is the first bug of that type we have seen, it's my 12th year 
> of running BIND for large site, another team member has nearly 20 
> years experience with BIND and we're surprised named doesn't catch 
> the syntax error.
> 
> Should a syntax error in inverse zone file cause named to locking 
> up the machine?

You're calling this a bug and a syntax error. I disagree. I'd call 
this a typo and a user error.

> But there is checking in forward file and same syntax error were 
> caught:
> 
> Aug 16 19:09:19 named named[4169]: 16-Aug-2011 19:09:19.609 
> general: error: dns_rdata_fromtext: buffer-0x42200470 : near 
> '10.100.60.256': bad dotted quad
> Aug 16 20:00:02 named named[4169]: 16-Aug-2011 22:00:02.649 
> general: error: $GENERATE: Domain/test.example.edu:1496: bad
> dotted quad
> Aug 16 20:00:02 named named[4169]: 16-Aug-2011 22:00:02.649 
> general: error: zone test.example.edu/IN: loading from master
> file Domain/test.example.edufailed: bad dotted quad

It's not the same error. You can create PTR names and values of 
anything you want. But the value for an A record is limited to the 
set of valid IPv4 addresses. Note that your A $GENERATE was quite 
happy until it reached 256.

4294967295.60.100.10.in-addr.arpa.	IN	PTR	10-100-60-4294967295.dhcp-bl.indiana.edu.
-222.60.100.10.in-addr.arpa.		IN	PTR	10-100-60--222.dhcp-bl.indiana.edu.

Those are both valid, as was the entire $GENERATE range.

10-100-60-255.dhcp-bl.indiana.edu.	IN	A	10.100.60.255
10-100-60-256.dhcp-bl.indiana.edu.	IN	A	10.100.60.256

First one is valid, second one is not.

That said, I wouldn't have thought that a $GENERATE range could go 
"over the top" like that, so to speak. I could see calling that a 
possible bug.
-- 
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header



More information about the bind-users mailing list