Menu
▾
▴
#41 commit.php (smbind 0.4.8) + named-checkzone (9.7.3) bug
Hi,
There is a bug with smbind when using "named-checkzone" utility.
The problem is as following:
- When you add a zone, ie. "example.com", and set nameservers to be subdomains of the same zone ie. "ns1.example.com" and "ns2.example.com", then trying to commit SMBIND will give error "The following zone contains bad or uncommitted records: example.com"
I've done investigation on this for hours until I found the source of the problem.
Namely; the "named-checkzone" utlity checks the generated zone file and gives exit status 1, because of missing "A" records for the "ns1.example.com" and "ns2.example.com" which are not generated by SMBIND (commit.php to be exact).
Following example will illustrate this better:
- Create new zone "example.com" -> NS1: ns1.example.com -> NS2: ns2.example.com
- Commit changes
We get the above mentioned error and the following zone file "example.com":
$TTL 86400
@ IN SOA ns1.example.com. hostmaster.ipercast.net. (
2013092500 ; Serial
28800 ; Refresh
7200 ; Retry
1209600 ; Expire
86400) ; Negative Cache TTL
;
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
When run through the "named-checkzone" utility (which commit.php uses) we get the following result (and exit status 1 instead of 0):
/usr/sbin/named-checkzone example.com zones/example.com
zone example.com/IN: NS 'ns1.example.com' has no address records (A or AAAA)
zone example.com/IN: NS 'ns2.example.com' has no address records (A or AAAA)
zone example.com/IN: not loaded due to errors.
Workaround which I used for this is to disable the "named-checkzone" utility checking in "src/commit.php", to be able to have SMBIND generate the zone file properly, but then this means there is no syntax checking of the records I add through SMBIND.
I commented the following lines in "src/commit.php":
//$cmd = $_CONF['namedcheckzone'] . " " . $zone[1] . " " . $_CONF['path'] . preg_replace('/\//','-',$zone[1]) . " > /dev/null";
//system($cmd, $exit);
And added:
$exit = 0;
As I said, this resolves the issue, but I lose syntax checking of the Zone file generated by SMBIND, which I would prefer to have.
Regards,
I have been using this software for years to manage 800+ domains. Time to give back.
As somebody may have noticed, bind 9.x broke at some point, the check feature of smbind. This set of patches restores that capabilities, fixes a couple of pgsql and adds zone/record filtering. And then some. Code tested in production.
From the README.PATCH:
2013-11-22 - Modena
This set of patches, applied to smbind, does four things. In order of
decreasing importance:
1) Makes all the commit machinery work under bind 9.x
The core idea of smbind's commit is:
a) write a zone stub to disk, run named-checkxxx
b) append records to the stub, run named-checkxxx
c) restart named and mark failed records (if any) for examination.
The way the zone stub was written in (a) stopped working at some
bind release (I do not know which) because named-checkzone now
requires that nameservers for a zone also have A records if they
are in that zone. So, in this case, one needs to insert the A
records for the NSs in the stub zone file
2) Fixes a couple of postgresql bugs that (a) makes the number of
records/page configuration not functional (b) makes zone
deletion impossible.
3) Adds zone and record search/filtering forms on the appropriate
pages.
4) Adds a logging facility (wrapping Kenny Katzgrau's
katzgrau@gmail.com class), debugging code, CLI testing code,
and a way to run commands (commit, above all) from the command
line. This makes it possible to run scripts without having to
commit manually (but remember to fix permissions ont the zone
files). For instance, I have a script that pushes a number of new
zones to the DBMS then calls on commit.php. Useful when you are
adding tens of zones in a single sweep.
Note that the bind changes detailed in (1) make smbind basically
nonfunctional unless you set the path to named-checkxxx to something
like /bin/true in config.php. That pretty much cripples smbind, tho'.
Also, you may live WITHOUT applying the patch if you keep the
nameserver's A records in a separate zone that you manage outside
smbind (say directly within named.conf). The disfunctional behavior
described above is noticeable only for the zones that also contain
their NSs.
Changes to single files are detailed below.
To apply:
copy the patch file somewhere, name it (for instance)
smbind-0.4.8xbind9.patch. Then:
# unzip smbind-0.4.8.zip
# cd smbind-0.4.8
# patch -p1 < smbind-0.4.8xbind9.patch
That should be it.
Caveat Emptor:
Code provided AS IS, no warranty, no responsibility implied by the
part of the author.
Also, have fun.
Cheers,
Alessandro Forghieri alf@orion.it
Hi Alessandro,
The patch fixes the issue of #1, except a small thing. When I add a host "@", to make a record for the top level domain of the zone, it marks the record as invalid.
For example if I want to add an "A" or "MX" record for "example.com" in the zone "example.com", I would put "@" in the "host" field, but as I said, now with the patch, it marks the record as invalid :/.
Any ideas?
Regards,
Hello.
On Tue, Nov 26, 2013 at 12:46:33PM +0000, Nedzad Campara wrote:
No idea, except that I cannot reproduce it (all my zones have
@...records, by the way). I added a zone, added
+--+--+--+---------------------+
| @|MX|10|amailserver.fubar.com|
+--+--+--+---------------------+
And saw no problem whatsoever. You are not putting the final period in
the hostname, by any chance? That would mark the record as invalid, as
smbind adds it automatically.
Cheers,
alf
Related
Bugs:
#41Resolved in smbind-0.4.8.1.