Bug 36775

Summary: bind exits with fatal error if {0,127,255}.in-addr.arpa exists in LDAP
Product: UCS Reporter: Florian Best <best>
Component: UMC - DNSAssignee: UMC maintainers <umc-maintainers>
Status: REOPENED --- QA Contact:
Severity: normal    
Priority: P5 CC: gohmann, hahn
Version: UCS 4.4Flags: best: Patch_Available+
Target Milestone: ---   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=36616
https://forge.univention.org/bugzilla/show_bug.cgi?id=41005
https://forge.univention.org/bugzilla/show_bug.cgi?id=45100
What kind of report is it?: Bug Report What type of bug is this?: 7: Crash: Bug causes crash or data loss
Who will be affected by this bug?: 1: Will affect a very few installed domains How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.200 Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Error handling
Max CVSS v3 score:
Attachments: patch

Description Florian Best univentionstaff 2014-11-17 20:04:25 CET 
I created - for no reason - a DNS zone "0" which causes that bind does not work anymore:

Nov 17 19:01:12 master5 named[5253]: loading configuration from '/etc/bind/named.conf.proxy'
Nov 17 19:01:12 master5 named[5253]: /etc/bind/univention.conf.d/0.in-addr.arpa.proxy:1: zone '0.in-addr.arpa': already exists previous definition: /etc/bind/named.conf.proxy:48
Nov 17 19:01:12 master5 named[5253]: loading configuration: failure
Nov 17 19:01:12 master5 named[5253]: exiting (due to fatal error)


/etc/bind/univention.conf.d/0.in-addr.arpa.proxy:
zone "0.in-addr.arpa" {
        type slave;
        file "0.in-addr.arpa.zone";
        masters port 7777 { 127.0.0.1; };
};

/etc/bind/named.conf.proxy:
zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};
Comment 1 Philipp Hahn univentionstaff 2014-11-18 08:25:58 CET 
0 is the broadcast zone, which is reserved and required for proper DNS operation. same for 127 and 255: <http://www.rfc-editor.org/rfc/rfc1912.txt> 4.1
>4.1 Boot file setup
>
>   Certain zones should always be present in nameserver configurations:
>
>           primary         localhost               localhost
>           primary         0.0.127.in-addr.arpa    127.0
>           primary         255.in-addr.arpa        255
>           primary         0.in-addr.arpa          0

As such the GUI/UDM should prevent the admin from doing "not so clever" things.
Comment 2 Florian Best univentionstaff 2016-02-23 14:22:42 CET 
Created attachment 7496 [details]
patch
Comment 3 Florian Best univentionstaff 2016-10-20 18:29:06 CEST 
It should also be prevented in the listener.
Comment 4 Stefan Gohmann univentionstaff 2019-01-03 07:16:56 CET 
This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016.

Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.