Bug 217915 - dns/bind911: remove special handling for example.com etc.
Summary: dns/bind911: remove special handling for example.com etc.
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Mathieu Arnold
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-19 09:33 UTC by eserte12
Modified: 2017-06-14 22:58 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (mat)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description eserte12 2017-03-19 09:33:08 UTC
The default named.conf has special handling for a number of example domains
(see https://github.com/freebsd/freebsd-ports/blob/master/dns/bind911/files/named.conf.in#L236-L242 ). This special handling effectively causes such names to resolve to 127.0.0.1 (e.g. example.com) or do not resolve at all (e.g. www.example.com).

Reading chapter 6 of https://www.rfc-editor.org/rfc/rfc6761.txt it seems to me that there should be *no* special handling for such names. Note that RFC 6761 updates RFC 2606, which seems to be BCP 32 wrapped up in a RFC.

So probably these lines in named.conf.in should be removed.

Other bind ports (e.g. bind99) also have the same default configuration, and probably should also be changed.
Comment 1 Mathieu Arnold freebsd_committer 2017-03-23 11:59:40 UTC
What lines are you exactly referring to ? Are those the example.{com,net,org} zones ?
Comment 2 Mathieu Arnold freebsd_committer 2017-03-23 12:00:29 UTC
Or do you mean all the "BCP 32" group ?
Comment 3 Mathieu Arnold freebsd_committer 2017-04-11 10:20:56 UTC
ping ?
Comment 4 Mathieu Arnold freebsd_committer 2017-04-20 11:45:13 UTC
I don't understand what needs to be removed, and the OP doesn't seem to be interested any more.
Comment 5 eserte12 2017-05-20 11:12:10 UTC
I mean the whole BCP 32 group. Linking to the master version of the file was probably a good idea, as the lines moved. Maybe it's better to link to a branch version:
https://github.com/freebsd/freebsd-ports/blob/branches/2017Q2/dns/bind911/files/named.conf.in#L264-L270
Comment 6 Mathieu Arnold freebsd_committer 2017-05-23 13:24:39 UTC
It would have been better to submit a patch, so that I knew exactly what lines you wanted to remove :-)
I'll bundle that together with the next BIND9 update.
Comment 7 commit-hook freebsd_committer 2017-06-14 22:55:34 UTC
A commit references this bug:

Author: mat
Date: Wed Jun 14 22:54:44 UTC 2017
New revision: 443607
URL: https://svnweb.freebsd.org/changeset/ports/443607

Log:
  Remove special handling for testing and documentation domains, per RFC
  6761 recommendations.

  While there:
  - Fix invalid syntax in sample slave config.
  - Add a message about having syslogd working with BIND9 chroot.

  PR:		217915
  Reported by:	eserte12 yahoo de
  Sponsored by:	Absolight

Changes:
  head/dns/bind9-devel/files/named.conf.in
  head/dns/bind9-devel/files/pkg-message.in
  head/dns/bind910/files/named.conf.in
  head/dns/bind910/files/pkg-message.in
  head/dns/bind911/files/named.conf.in
  head/dns/bind911/files/pkg-message.in
  head/dns/bind99/files/named.conf.in
  head/dns/bind99/files/pkg-message.in
Comment 8 commit-hook freebsd_committer 2017-06-14 22:57:38 UTC
A commit references this bug:

Author: mat
Date: Wed Jun 14 22:56:46 UTC 2017
New revision: 443609
URL: https://svnweb.freebsd.org/changeset/ports/443609

Log:
  MFH: r443608 r443607

  Update to 9.9.10-P1, 9.10.5-P1, 9.11.1-P1.

  Security:	CVE-2017-3140
  Security:	CVE-2017-3141
  Sponsored by:	Absolight

  Remove special handling for testing and documentation domains, per RFC
  6761 recommendations.

  While there:
  - Fix invalid syntax in sample slave config.
  - Add a message about having syslogd working with BIND9 chroot.

  PR:		217915
  Reported by:	eserte12 yahoo de
  Sponsored by:	Absolight

Changes:
_U  branches/2017Q2/
  branches/2017Q2/dns/bind9-devel/files/named.conf.in
  branches/2017Q2/dns/bind9-devel/files/pkg-message.in
  branches/2017Q2/dns/bind910/Makefile
  branches/2017Q2/dns/bind910/distinfo
  branches/2017Q2/dns/bind910/files/named.conf.in
  branches/2017Q2/dns/bind910/files/pkg-message.in
  branches/2017Q2/dns/bind911/Makefile
  branches/2017Q2/dns/bind911/distinfo
  branches/2017Q2/dns/bind911/files/named.conf.in
  branches/2017Q2/dns/bind911/files/pkg-message.in
  branches/2017Q2/dns/bind99/Makefile
  branches/2017Q2/dns/bind99/distinfo
  branches/2017Q2/dns/bind99/files/named.conf.in
  branches/2017Q2/dns/bind99/files/pkg-message.in