Menu

#71 nsupdate improperly deletes KEY

current_version
closed
wimpunk
None
5
2014-06-30
2014-06-24
Wellie Chao
No

Line 3857 of revision 163 of ddclient improperly deletes all/any resource record. What it should do instead is just delete "A" resource records.

Changing this line:
update delete $_.

to this:
update delete $_. A

would fix the problem. Right now it deletes even KEY RRs, which means that after one update, the KEY disappears, thus preventing future updates. I am using SIG(0) keys (RSASHA1) rather than symmetric keys.

Discussion

  • wimpunk

    wimpunk - 2014-06-25

    I posted a message on the mailinglist about it. I hope the original poster of the patch will comment on this.

     

  • Daniel Roethlisberger

    Daniel Roethlisberger - 2014-06-25

    With the configuration suggested by ddns-confgen(1), that is, using something like:

    key foobar {
    algorithm hmac-sha256;
    secret "...";
};
zone "dyn.foo.bar" {
    type master;
    file "dyn.foo.bar.db";
    update-policy {
        grant foobar zonesub ANY;
    };
    // ...
};

    Then there are no KEY RRs involved and this problem does not occur (double-checked with BIND 9.8.4). Can you share the relevant parts of your DDNS configuration with us so we understand in which cases this problem actually occurs?

    That being said, it is a good idea to be specific in the delete command anyway, since there may be other records which should not be removed as a side-effect of deleting the dynamic A record. I will prepare a patch.

     

  • wimpunk

    wimpunk - 2014-06-30

    Fixed in [r164].

     

    Related

    Commit: [r164]

  • wimpunk

    wimpunk - 2014-06-30
    • status: open --> closed
    • assigned_to: wimpunk
     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.