Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SERVFAIL with HTTPS record (lmdb backend) #10521

Closed
peterthomassen opened this issue Jun 23, 2021 · 2 comments · Fixed by #10522
Closed

SERVFAIL with HTTPS record (lmdb backend) #10521

peterthomassen opened this issue Jun 23, 2021 · 2 comments · Fixed by #10522
Labels
auth defect
Milestone
auth-4.5.0

Comments

@peterthomassen
Copy link
Contributor

  • Program: Authoritative
  • Issue type: Bug report

Short description

With example.com IN HTTPS 0 foo.bar.com., queries are answered with SERVFAIL when a) the backend is lmdb, b) the zone is presigned (retrieved via AXFR). (Not sure if this is a necessary and/or sufficient set of conditions.)

Environment

  • Operating system: Ubuntu 18.04
  • Software version: 4.4.0-1pdns.bionic
  • Software source: PowerDNS repository

Steps to reproduce

@Habbie already reproduced (IRC on June 22, 2021).
@peterthomassen
Copy link
Contributor Author

peterthomassen commented Jun 23, 2021
edited
Loading

Log says:

Jun 15 01:27:29 lax-1 desec-ns/ns[1055]: Jun 15 01:27:29 Exception building answer packet for foo.bar.com/HTTPS (Attempt to DNSString an unset dnsname) sending out servfail

@Habbie Habbie added this to the auth-4.5.0 milestone Jun 23, 2021
Habbie added a commit to Habbie/pdns that referenced this issue Jun 23, 2021
@Habbie
auth SVCB additional processing: do not chase chains outside of zone
3a4a2f2 
fixes PowerDNS#10521
@Habbie Habbie mentioned this issue Jun 23, 2021
Merged
8 tasks
@Habbie
Copy link
Member

Habbie commented Jun 23, 2021

With example.com IN HTTPS 0 foo.bar.com., queries are answered with SERVFAIL when a) the backend is lmdb, b) the zone is presigned (retrieved via AXFR). (Not sure if this is a necessary and/or sufficient set of conditions.)

b) is not a condition. The record pointing outside the containing zone is :-)

Habbie added a commit to Habbie/pdns that referenced this issue Jun 24, 2021
@Habbie
auth SVCB additional processing: do not chase chains outside of zone
6690045 
fixes PowerDNS#10521
Habbie added a commit to Habbie/pdns that referenced this issue Jun 24, 2021
@Habbie
auth SVCB additional processing: delay inserts to avoid invalidating …
783c0e9 
…iterator

(cherry picked from commit ee2163c)

auth SVCB additional processing: do not chase chains outside of zone

fixes PowerDNS#10521

(cherry picked from commit 6690045)

Only perform AdditionalServiceProcessing for aliasform records.

Co-authored-by: Kees Monshouwer <mind04@monshouwer.org>
(cherry picked from commit 210b625)
@peterthomassen peterthomassen mentioned this issue Jul 1, 2021
Merged
@zeha zeha mentioned this issue Sep 23, 2024
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth defect
Projects
None yet
Milestone
auth-4.5.0
Development

Successfully merging a pull request may close this issue.

auth SVCB fixes: avoid a crash; don't chase chains outside of zones Habbie/pdns
2 participants
@Habbie @peterthomassen