Bug 36775 – bind exits with fatal error if {0,127,255}.in-addr.arpa exists in LDAP

Bug 36775 - bind exits with fatal error if {0,127,255}.in-addr.arpa exists in LDAP


Summary:	bind exits with fatal error if {0,127,255}.in-addr.arpa exists in LDAP

Status:	REOPENED

Product:	UCS
Classification:	Unclassified
Component:	UMC - DNS
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-11-17 20:04 CET by Florian Best
Modified:	2019-02-06 11:26 CET (History)
CC List:	2 users (show)

See Also:	36616 41005 45100
What kind of report is it?:	Bug Report
What type of bug is this?:	7: Crash: Bug causes crash or data loss
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.200
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Error handling
Max CVSS v3 score:

Flags:	best: Patch_Available+

Attachments
patch (1.29 KB, patch) 2016-02-23 14:22 CET, Florian Best	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2014-11-17 20:04:25 CET

I created - for no reason - a DNS zone "0" which causes that bind does not work anymore:

Nov 17 19:01:12 master5 named[5253]: loading configuration from '/etc/bind/named.conf.proxy'
Nov 17 19:01:12 master5 named[5253]: /etc/bind/univention.conf.d/0.in-addr.arpa.proxy:1: zone '0.in-addr.arpa': already exists previous definition: /etc/bind/named.conf.proxy:48
Nov 17 19:01:12 master5 named[5253]: loading configuration: failure
Nov 17 19:01:12 master5 named[5253]: exiting (due to fatal error)


/etc/bind/univention.conf.d/0.in-addr.arpa.proxy:
zone "0.in-addr.arpa" {
        type slave;
        file "0.in-addr.arpa.zone";
        masters port 7777 { 127.0.0.1; };
};

/etc/bind/named.conf.proxy:
zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

Comment 1 Philipp Hahn

2014-11-18 08:25:58 CET

0 is the broadcast zone, which is reserved and required for proper DNS operation. same for 127 and 255: <http://www.rfc-editor.org/rfc/rfc1912.txt> 4.1
>4.1 Boot file setup
>
>   Certain zones should always be present in nameserver configurations:
>
>           primary         localhost               localhost
>           primary         0.0.127.in-addr.arpa    127.0
>           primary         255.in-addr.arpa        255
>           primary         0.in-addr.arpa          0

As such the GUI/UDM should prevent the admin from doing "not so clever" things.

Comment 2 Florian Best

2016-02-23 14:22:42 CET

Created attachment 7496 [details]
patch

Comment 3 Florian Best

2016-10-20 18:29:06 CEST

It should also be prevented in the listener.

Comment 4 Stefan Gohmann

2019-01-03 07:16:56 CET

This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016.

Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.