Re: Bug#521791: pdns-server: wildcard match returned if qtype doesn't match existing record
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sami Haahtinen wrote:
> There is a bug in 2.9.21 releases that makes the server return wildcard
> entries even if the zone has a valid entry for the queried name but
> lacks the matching type.
>
> This usually presents itself with AAAA queries which might not match the
> actual zone entry. In such a case the wildcard cname is returned and
> cached on the receiving end.
>
> The bug is also reported in the upstream bugtracker as bug #125 and the
> fix is to apply changesets 1081 and 1147. I'm attaching a dpatch file
> that fixes the problem.
As version 2.9.22 has been uploaded a while ago which contain your
mentioned changesets I think this bug can be considered fixed by the
upstream in "unstable".
However it's not a security problem and I don't believe it qualifies for
a stable ("Lenny") update as specified in
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
as it's not a security-related issue nor makes pdns uninstallable on any
architecture nor is "a truly critical functionality problem". I
understand that it's annoying. But I'd rather say it's a "normal"
problem as it doesn't destroy data and affects just part of pdns's
functionality. If the release team can be convinced to accept an updated
version for Lenny then I'll happily provide one though.
> The bug is a regression from etch and should be pushed to lenny updates.
IMHO the bug is a problem in the 2.9.21 upstream release and not exactly
the fault of the Debian package.
What is the release team's opinion on that? Do we have a chance to get
this into Lenny?
Kindly
Christoph
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkqdeCkACgkQCV53xXnMZYaPBwCfQ+KVv+e95/REC/E5HhGGwVeI
yh8An19RyjUk3Df05Hj0/BCnqfAkjGD3
=Z0p+
-----END PGP SIGNATURE-----
Reply to: