Univention Bugzilla – Bug 36775
bind exits with fatal error if {0,127,255}.in-addr.arpa exists in LDAP
Last modified: 2019-02-06 11:26:46 CET
I created - for no reason - a DNS zone "0" which causes that bind does not work anymore: Nov 17 19:01:12 master5 named[5253]: loading configuration from '/etc/bind/named.conf.proxy' Nov 17 19:01:12 master5 named[5253]: /etc/bind/univention.conf.d/0.in-addr.arpa.proxy:1: zone '0.in-addr.arpa': already exists previous definition: /etc/bind/named.conf.proxy:48 Nov 17 19:01:12 master5 named[5253]: loading configuration: failure Nov 17 19:01:12 master5 named[5253]: exiting (due to fatal error) /etc/bind/univention.conf.d/0.in-addr.arpa.proxy: zone "0.in-addr.arpa" { type slave; file "0.in-addr.arpa.zone"; masters port 7777 { 127.0.0.1; }; }; /etc/bind/named.conf.proxy: zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; };
0 is the broadcast zone, which is reserved and required for proper DNS operation. same for 127 and 255: <http://www.rfc-editor.org/rfc/rfc1912.txt> 4.1 >4.1 Boot file setup > > Certain zones should always be present in nameserver configurations: > > primary localhost localhost > primary 0.0.127.in-addr.arpa 127.0 > primary 255.in-addr.arpa 255 > primary 0.in-addr.arpa 0 As such the GUI/UDM should prevent the admin from doing "not so clever" things.
Created attachment 7496 [details] patch
It should also be prevented in the listener.
This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016. Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.