Query on issue#2389 BIND 9.16.10

Ondřej Surý ondrej at isc.org
Wed Oct 27 15:57:58 UTC 2021 

--
Ondřej Surý (He/Him)
ondrej at isc.org

> On 27. 10. 2021, at 7:03, Mayank Maheshwari M <mayank.m.maheshwari at ericsson.com> wrote:
> 
> Hi Ondrej,
> 
> Thanks for all your responses so far.
> 
> As per the recommendation from BIND community we plan to proceed with an upgrade to latest BIND version (9.16.21) where, as per BIND this issue is fixed.
> But referring to your last email, where you stated that " All the information available is always written down in the issue you have already referenced."
> Based on our findings, we only able to see limited (Single line) information for this issue which is mentioned in below mail. 

Yes, that’s it. The issue states that issues like this were resolved by refactoring the TCPDNS component and it was already released by the time we got the report. And that’s it.

> I really appreciate if you could direct us with some more details on this issue, this will really help us in explaining the fault to our customers and reproduction of this issue in our labs.

There are no “more details” available anywhere. You should explain to your customers that you failed to upgrade the BIND 9 version on time and that’s what is causing the fault. There were at least 4 CVEs fixed since BIND 9.16.10.

> Or redirect it to correct person, who have this information.

There’s no other “correct person”.

> Really appreciated your support so far and looking forward for the same.

I already suggested that if you want somebody to look into it, you would have to pay for the extra time. Nobody is going to analyse bug in year old version of BIND 9 since the bug has been already fixed. But you seem to ignored that message and insist we do the work for you, so I am going to repeat it here again:

"""
BIND 9.16.10 was tagged and released in December 2020. That’s almost a year ago. You can’t and should not expect people do work for free when you slacked on updates. You have to carry the costs of the bad decision you made when you decided to stick with old version. The word “free” in free software is to be interpreted as the word “free” in free speech and not as in free beer. We do not limit what can you do with the software beyond MPL-2.0 license, but that’s it. There’s no obligation to do any work for free.

For everything else there’s a hint in the mailing list footer, I’ll copy it here for your convenience:

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
"""

> Best Regards
> Mayank Maheshwari
> 
> -----Original Message-----
> From: Rajnish Kamboj <rajnish.kamboj at ericsson.com> 
> Sent: Tuesday, October 26, 2021 5:50 PM
> To: Ondřej Surý <ondrej at isc.org>
> Cc: bind-users at lists.isc.org; Mayank Maheshwari M <mayank.m.maheshwari at ericsson.com>; Swaminathan Plsi <swaminathan.plsi at ericsson.com>
> Subject: RE: Query on issue#2389 BIND 9.16.10
> 
> Hi Ondřej
> 
> We have gone thru the issue " https://gitlab.isc.org/isc-projects/bind9/-/issues/2389" and could not find the scenario which causes this issue.
> Before upgrading to latest BIND, we want to reproduce the issue in our labs.
> 
> In the issue it is mentioned that "The sends is -1 in the coredump which means that there was a double call to the callback.  This class of issues were fixed in !4455 (merged)"
> It would be of great help if the scenario which causes this issue is shared, so that we can reproduce it in our labs, before upgrading BIND.
> 
> 
> 
> 
> Regards
> Rajnish Kamboj
> 
> -----Original Message-----
> From: Ondřej Surý <ondrej at isc.org>
> Sent: Monday, October 18, 2021 4:39 PM
> To: Rajnish Kamboj <rajnish.kamboj at ericsson.com>
> Cc: bind-users at lists.isc.org
> Subject: Re: Query on issue#2389 BIND 9.16.10
> 
> All the information available is always written down in the issue you have already referenced. That’s always the case - even with security issues, there’s only 1 month+ delay to give people chance to upgrade.
> 
> Ondřej
> --
> Ondřej Surý — ISC (He/Him)
> 
> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> 
>> On 18. 10. 2021, at 12:58, Rajnish Kamboj <rajnish.kamboj at ericsson.com> wrote:
>> 
>> Thanks Ondrej for your quick reply,
>> 
>> Upgrading to latest release will fix the issue.
>> Can you also help us with scenarios as to why this issue is occurring?
>> May be this will help us in quick workaround (if possible) till the time we plan for latest BIND.
>> 
>> 
>> Regards
>> Rajnish Kamboj
>> 
>> -----Original Message-----
>> From: Ondřej Surý <ondrej at isc.org>
>> Sent: Monday, October 18, 2021 3:28 PM
>> To: Rajnish Kamboj <rajnish.kamboj at ericsson.com>
>> Cc: bind-users at lists.isc.org
>> Subject: Re: Query on issue#2389 BIND 9.16.10
>> 
>> Hi,
>> 
>> there were several security issues since 9.16.10, you should be running either last 9.16.x release (9.16.21 as of time writing this email) or have all of the issues patched.
>> 
>> The thing you are asking for is so wrong on so many levels. Don’t do that, upgrade to last version instead.
>> 
>> Ondrej
>> --
>> Ondřej Surý (He/Him)
>> ondrej at isc.org
>> 
>>> On 18. 10. 2021, at 11:51, Rajnish Kamboj via bind-users <bind-users at lists.isc.org> wrote:
>>> 
>>> Hi Team,
>>> Currently we are using Bind version 9.16.10,
>>> 
>>> My Query
>>> I recently found that there is an issue with the 9.16.10 version. "Issue#2389 BIND 9.16.10: critical: xfrout.c:1643: INSIST(xfr->sends == 0) failed".
>>> Can anyone please help me to understand the scenario when this issue will appear?
>>> 
>>> Note: We are not planning an BIND upgrade currently. This will help me to skip scenarios which may lead to the above issue.
>>> 
>>> Thanks in advance.
>>> 
>>> Regards
>>> Rajnish Kamboj
>>> 
>>> _______________________________________________
>>> Please visit
>>> https://protect2.fireeye.com/v1/url?k=3d932c83-62081461-3d936c18-8607
>>> 3
>>> b36ea28-f7d6d84063e2a285&q=1&e=23ff5062-0b2e-498b-9c80-24ef397e50b9&u
>>> = https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users to 
>>> unsubscribe from this list
>>> 
>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://protect2.fireeye.com/v1/url?k=c1730537-9ee83dd5-c17345ac-86073b36ea28-c70881da19082619&q=1&e=23ff5062-0b2e-498b-9c80-24ef397e50b9&u=https%3A%2F%2Fwww.isc.org%2Fcontact%2F for more information.
>>> 
>>> 
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://protect2.fireeye.com/v1/url?k=a5091c00-fa9224e2-a5095c9b-8607
>>> 3
>>> b36ea28-4cde951fd696e271&q=1&e=23ff5062-0b2e-498b-9c80-24ef397e50b9&u
>>> = https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users

More information about the bind-users mailing list