BIND 10 #2503: Problem in inmem NSEC3 denial of existence handling

BIND 10 Development do-not-reply at isc.org
Tue Dec 11 10:22:08 UTC 2012 

#2503: Problem in inmem NSEC3 denial of existence handling
-------------------------------------+-------------------------------------
            Reporter:  jelte         |                        Owner:  muks
                Type:  defect        |                       Status:
            Priority:  medium        |  reviewing
           Component:  data source   |                    Milestone:
            Keywords:                |  Sprint-20121218
           Sensitive:  0             |                   Resolution:
         Sub-Project:  DNS           |                 CVSS Scoring:
Estimated Difficulty:  3             |              Defect Severity:  Low
         Total Hours:  0             |  Feature Depending on Ticket:
                                     |          Add Hours to Ticket:  0
                                     |                    Internal?:  0
-------------------------------------+-------------------------------------
Changes (by jelte):

 * owner:  jelte => muks


Comment:

 > >
 > > not related to the review or anything else in this ticket, but no,
 that was not a copy/paster error; the second SOA is part of the transfer
 protocol :)
 >
 > Aha. The zone data loader threw an exception when it hit the second SOA,
 so I thought it was a mistake. Didn't think of transfers then. :)
 >

 Yeah I actually have script somewhere that does 'dig axfr' then strips off
 the last soa :)

 > > Like in 2504 I replaced the zone contents with a zone 'example.com'
 instead of my zone origin.
 >
 > Have you pushed this? I don't see it in the branch.
 >

 Indeed I had forgotten, done so now

 > > I'm wondering if we shouldn't also test the case where the name exists
 but the type does not (in retrospect, maybe the same goes for 2504).
 >
 > Shall we do this as another ticket? It may involve code changes if there
 are bugs, and would be unrelated to this ticket.
 >

 ok, i'll create one shortly

 > I've updated the `ChangeLog` for #2504 in `master`.
 >
 > For this ticket, how about the following `ChangeLog` entry:
 > {{{
 > +XXX.   [bug]           muks
 > +       Fixed a problem in inmem NSEC3 lookup which caused exceptions
 > +       when the zone origin was not added as an explicit NSEC3 record.
 > +       (Trac #2503, git ...)
 > +
 > }}}
 >
 > (Note that the cause for this ticket is different from the issue in
 #2504.)

 I'd still put 'for instance when using a zone with no non-apex names' in
 those changelogs somewhere :) (that's what i would be looking for in a
 changelog if i had run into this problem)

 But the changes look ok, and it can be merged

-- 
Ticket URL: <http://bind10.isc.org/ticket/2503#comment:12>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development

More information about the bind10-tickets mailing list