On Aug 18, 2011, at 10:28 AM, Lightner, Jeff wrote: > It was certainly a typo and a user error in that regard. > > However, he was suggesting it was bug because it should have rejected input > of negative numbers and I'll have to say I agree with that viewpoint. If I > typed "las" instead of "ls" on a command line and found out that "las" meant > "lose all systems" I'd certainly feel whoever had created such a program > should have put some safeguards in to keep it from doing something so > ridiculous.
Ever work with Warren Teitelman? http://www.hacker-dictionary.com/terms/DWIM W > > > > > > -----Original Message----- > From: bind-users-bounces+jlightner=water....@lists.isc.org > [mailto:bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf Of > /dev/rob0 > Sent: Wednesday, August 17, 2011 8:59 PM > To: bind-users@lists.isc.org > Subject: Re: syntax error in $GENERATE crashed all nameservers > > On Wed, Aug 17, 2011 at 04:45:38PM -0400, bl ton wrote: >> We had a syntax error in our inverse zone file using GENERATE and >> extra dash were added to the scope so '199--222' instead of >> '199-222': >> >> $GENERATE 199--222 $ PTR 10-100-60-$.dhcp-bl.indiana.edu. > > Ouch! Sorry to hear this! > >> I would assume named will check the syntax error and refuse to load >> this zone just like it normally does, but instead it tries to >> generate millions of erroneous entry because it scanned '-222' to >> the stop which created a huge number for the named to loop through >> and the CPU at 100% and locked up 15 of our nameservers, some of >> those need power recycle to respond to console. >> >> This is the first bug of that type we have seen, it's my 12th year >> of running BIND for large site, another team member has nearly 20 >> years experience with BIND and we're surprised named doesn't catch >> the syntax error. >> >> Should a syntax error in inverse zone file cause named to locking >> up the machine? > > You're calling this a bug and a syntax error. I disagree. I'd call > this a typo and a user error. > >> But there is checking in forward file and same syntax error were >> caught: >> >> Aug 16 19:09:19 named named[4169]: 16-Aug-2011 19:09:19.609 >> general: error: dns_rdata_fromtext: buffer-0x42200470 : near >> '10.100.60.256': bad dotted quad >> Aug 16 20:00:02 named named[4169]: 16-Aug-2011 22:00:02.649 >> general: error: $GENERATE: Domain/test.example.edu:1496: bad >> dotted quad >> Aug 16 20:00:02 named named[4169]: 16-Aug-2011 22:00:02.649 >> general: error: zone test.example.edu/IN: loading from master >> file Domain/test.example.edufailed: bad dotted quad > > It's not the same error. You can create PTR names and values of > anything you want. But the value for an A record is limited to the > set of valid IPv4 addresses. Note that your A $GENERATE was quite > happy until it reached 256. > > 4294967295.60.100.10.in-addr.arpa. IN PTR > 10-100-60-4294967295.dhcp-bl.indiana.edu. > -222.60.100.10.in-addr.arpa. IN PTR > 10-100-60--222.dhcp-bl.indiana.edu. > > Those are both valid, as was the entire $GENERATE range. > > 10-100-60-255.dhcp-bl.indiana.edu. IN A 10.100.60.255 > 10-100-60-256.dhcp-bl.indiana.edu. IN A 10.100.60.256 > > First one is valid, second one is not. > > That said, I wouldn't have thought that a $GENERATE range could go > "over the top" like that, so to speak. I could see calling that a > possible bug. > -- > Offlist mail to this address is discarded unless > "/dev/rob0" or "not-spam" is in Subject: header > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > > > Proud partner. Susan G. Komen for the Cure. > > > Please consider our environment before printing this e-mail or attachments. > > ---------------------------------- > CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential > information and is for the sole use of the intended recipient(s). If you are > not the intended recipient, any disclosure, copying, distribution, or use of > the contents of this information is prohibited and may be unlawful. If you > have received this electronic transmission in error, please reply immediately > to the sender that you have received the message in error, and delete it. > Thank you. > ---------------------------------- > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
