syntax error in $GENERATE crashed all nameservers

bl ton bloomingtonian at gmail.com
Wed Aug 17 20:45:38 UTC 2011 

We had a syntax error in our inverse zone file using GENERATE and extra dash
were added to the scope so '199--222' instead of '199-222':

$GENERATE 199--222 $ PTR 10-100-60-$.dhcp-bl.indiana.edu.

I would assume named will check the syntax error and refuse to load this
zone just like it normally does, but instead it tries to generate millions
of
erroneous entry because it scanned '-222' to the stop which created a huge
number for the named to loop through and the CPU at 100% and locked up 15 of
our nameservers, some of those need power recycle to respond to console.

This is the first bug of that type we have seen, it's my 12th year of
running BIND for large site, another team member has nearly 20 years
experience
with BIND and we're surprised named doesn't catch the syntax error.

Should a syntax error in inverse zone file cause named to locking up the
machine?

But there is checking in forward file and same syntax error were caught:

Aug 16 19:09:19 named named[4169]: 16-Aug-2011 19:09:19.609 general: error:
dns_rdata_fromtext: buffer-0x42200470 : near '10.100.60.256': bad dotted
quad
Aug 16 20:00:02 named named[4169]: 16-Aug-2011 22:00:02.649 general: error:
$GENERATE: Domain/test.example.edu:1496: bad dotted quad
Aug 16 20:00:02 named named[4169]: 16-Aug-2011 22:00:02.649 general: error:
zone test.example.edu/IN: loading from master file
Domain/test.example.edufailed: bad dotted quad


Here is some test code we copied from master.c

#include<stdio.h>

main()
{
   int n;
        unsigned int start, stop, step;

        n = sscanf("199--222", "%u-%u/%u", &start, &stop, &step);

        printf("Start of generated range: %u\n", start);
        printf("End of generated range: %u\n", stop);

}

Output:

Start of generated range: 199
End of generated range: 4294967074

As you might expect, this is followed later by a loop:
for (i = start; i <= stop; i += step) {


Thanks,
Sue
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110817/5feb25be/attachment.html>

More information about the bind-users mailing list