syntax error in $GENERATE crashed all nameservers
Warren Kumari
warren at kumari.net
Thu Aug 18 19:47:31 UTC 2011
On Aug 18, 2011, at 1:53 PM, Lightner, Jeff wrote:
> No but you're missing the point. I don't think the OP was and I certainly wasn't suggesting it should have done what he "meant" to do.
Nah, I was just referring you your 'If I typed "las" instead of "ls" on a command line and found out that "las" meant "lose all systems"...' comment -- with DWIM it would "helpfully" try and find something that it though you meant, and, when I used it, would basically always choose something bad... I really wasn't promoting this approach (and think we are in violent agreement) -- I probably missed a smily in my response...
> However, I DO think it should have errored out because it was invalid input.
Yah...
W
> (That is to say unless you think negative numbers should be considered valid input for this command? Please don't respond that negative numbers are integers and therefore valid - that would be pure sophistry.)
>
> -----Original Message-----
> From: Warren Kumari [mailto:warren at kumari.net]
> Sent: Thursday, August 18, 2011 1:26 PM
> To: Lightner, Jeff
> Cc: bind-users at lists.isc.org
> Subject: Re: syntax error in $GENERATE crashed all nameservers
>
>
> On Aug 18, 2011, at 10:28 AM, Lightner, Jeff wrote:
>
>> It was certainly a typo and a user error in that regard.
>>
>> However, he was suggesting it was bug because it should have rejected input of negative numbers and I'll have to say I agree with that viewpoint. If I typed "las" instead of "ls" on a command line and found out that "las" meant "lose all systems" I'd certainly feel whoever had created such a program should have put some safeguards in to keep it from doing something so ridiculous.
>
> Ever work with Warren Teitelman?
>
> http://www.hacker-dictionary.com/terms/DWIM
>
> W
>
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: bind-users-bounces+jlightner=water.com at lists.isc.org [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf Of /dev/rob0
>> Sent: Wednesday, August 17, 2011 8:59 PM
>> To: bind-users at lists.isc.org
>> Subject: Re: syntax error in $GENERATE crashed all nameservers
>>
>> On Wed, Aug 17, 2011 at 04:45:38PM -0400, bl ton wrote:
>>> We had a syntax error in our inverse zone file using GENERATE and
>>> extra dash were added to the scope so '199--222' instead of
>>> '199-222':
>>>
>>> $GENERATE 199--222 $ PTR 10-100-60-$.dhcp-bl.indiana.edu.
>>
>> Ouch! Sorry to hear this!
>>
>>> I would assume named will check the syntax error and refuse to load
>>> this zone just like it normally does, but instead it tries to
>>> generate millions of erroneous entry because it scanned '-222' to
>>> the stop which created a huge number for the named to loop through
>>> and the CPU at 100% and locked up 15 of our nameservers, some of
>>> those need power recycle to respond to console.
>>>
>>> This is the first bug of that type we have seen, it's my 12th year
>>> of running BIND for large site, another team member has nearly 20
>>> years experience with BIND and we're surprised named doesn't catch
>>> the syntax error.
>>>
>>> Should a syntax error in inverse zone file cause named to locking
>>> up the machine?
>>
>> You're calling this a bug and a syntax error. I disagree. I'd call
>> this a typo and a user error.
>>
>>> But there is checking in forward file and same syntax error were
>>> caught:
>>>
>>> Aug 16 19:09:19 named named[4169]: 16-Aug-2011 19:09:19.609
>>> general: error: dns_rdata_fromtext: buffer-0x42200470 : near
>>> '10.100.60.256': bad dotted quad
>>> Aug 16 20:00:02 named named[4169]: 16-Aug-2011 22:00:02.649
>>> general: error: $GENERATE: Domain/test.example.edu:1496: bad
>>> dotted quad
>>> Aug 16 20:00:02 named named[4169]: 16-Aug-2011 22:00:02.649
>>> general: error: zone test.example.edu/IN: loading from master
>>> file Domain/test.example.edufailed: bad dotted quad
>>
>> It's not the same error. You can create PTR names and values of
>> anything you want. But the value for an A record is limited to the
>> set of valid IPv4 addresses. Note that your A $GENERATE was quite
>> happy until it reached 256.
>>
>> 4294967295.60.100.10.in-addr.arpa. IN PTR 10-100-60-4294967295.dhcp-bl.indiana.edu.
>> -222.60.100.10.in-addr.arpa. IN PTR 10-100-60--222.dhcp-bl.indiana.edu.
>>
>> Those are both valid, as was the entire $GENERATE range.
>>
>> 10-100-60-255.dhcp-bl.indiana.edu. IN A 10.100.60.255
>> 10-100-60-256.dhcp-bl.indiana.edu. IN A 10.100.60.256
>>
>> First one is valid, second one is not.
>>
>> That said, I wouldn't have thought that a $GENERATE range could go
>> "over the top" like that, so to speak. I could see calling that a
>> possible bug.
>> --
>> Offlist mail to this address is discarded unless
>> "/dev/rob0" or "not-spam" is in Subject: header
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>>
>> Proud partner. Susan G. Komen for the Cure.
>>
>>
>> Please consider our environment before printing this e-mail or attachments.
>>
>> ----------------------------------
>> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
>> ----------------------------------
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
More information about the bind-users
mailing list