Re: Only zones with wildcards affected on authoritative servers
John, yes, all ISC packages have fix to W problem either as a full release or a patch set. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 18. 6. 2021, at 21:33, John Thurston wrote: > > On 6/17/2021 11:03 PM, Ondřej Surý wrote: >> # Are the ISC packages affected? >> The packages with the hotfix applied were pushed into the repository and are >> either already built >> or are building and will be available shortly > > The Ubuntu and Centos Copr packages are showing different version numbers, > though I suspect they both contain the updated code. Can someone confirm my > suspicion? > > > The CentOS 8 Copr went from > 9.16.17-1.1.el8 > to > 9.16.17-1.2.el8 > > While the Ubuntu "Personal Package Archive" ppa:isc/bind went from > 9.16.17-1 > to > 9.16.18-1 > > from 'named -v' the two return > BIND 9.16.17 (Stable Release) > BIND 9.16.18-Ubuntu (Stable Release) > > > -- > Do things because you should, not just because you can. > > John Thurston907-465-8591 > john.thurs...@alaska.gov > Department of Administration > State of Alaska > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Only zones with wildcards affected on authoritative servers
On 6/17/2021 11:03 PM, Ondřej Surý wrote: # Are the ISC packages affected? The packages with the hotfix applied were pushed into the repository and are either already built or are building and will be available shortly The Ubuntu and Centos Copr packages are showing different version numbers, though I suspect they both contain the updated code. Can someone confirm my suspicion? The CentOS 8 Copr went from 9.16.17-1.1.el8 to 9.16.17-1.2.el8 While the Ubuntu "Personal Package Archive" ppa:isc/bind went from 9.16.17-1 to 9.16.18-1 from 'named -v' the two return BIND 9.16.17 (Stable Release) BIND 9.16.18-Ubuntu (Stable Release) -- Do things because you should, not just because you can. John Thurston907-465-8591 john.thurs...@alaska.gov Department of Administration State of Alaska ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Only zones with wildcards affected on authoritative servers (Was: Important: A significant flaw is present in June BIND releases 9.16.17 and 9.17.14)
Hi again, let me give you quick update again: the development and support teams has found other use cases that would affect both `w` and `W` letters in authoritative zones. The linked issue currently talks just about the wildcards and we are going to update the issue shortly, but I wanted to give you an update in case you already read the issue (and/or my previous email). Ondrej -- Ondřej Surý (He/Him) ond...@isc.org > On 18. 6. 2021, at 9:03, Ondřej Surý wrote: > > Hi, > > let me add more details to the issue. > > # Who’s affected > > Authoritative server operators operating zones with wildcard records (f.e. > *.example.com) > > # What’s affected > > Queries hitting the wildcard records with capital `W` > > # How to test? > > dig IN A W.example.com @127.0.0.1 > > You need to adjust this to match your zone name, server IP address and the > rrclass and rrtype of the wildcard record. > > # Is there a hotfix? > > The patch to fix this issue is available at: > https://gitlab.isc.org/isc-projects/bind9/-/commit/52cc9ff372ba637289d1e8f35d1f3f35d46ea25f.patch > > # Are the ISC packages affected? > > The packages with the hotfix applied were pushed into the repository and are > either already built > or are building and will be available shortly > > # When there will be official upstream release fixing this? > > We are working on preparing the release tarball as of this moment and the > fixed tarballs will be published as soon as they are ready. > > Sorry for any inconvenience this might have caused, we wish we would have > caught this during our extensive testing, but alas we didn’t. > > Thanks, > Ondrej > -- > Ondřej Surý (He/Him) > ond...@isc.org > >> On 18. 6. 2021, at 5:56, Michael McNally wrote: >> >> Dear BIND users: >> >> Yesterday, 16 June 2021, we released monthly maintenance snapshot releases of >> our currently supported release branches of BIND. >> >> Specifically, we released BIND 9.11.33, 9.16.17, and 9.17.14 >> >> There's no way to say this that isn't embarrassing, but only after the >> release >> was an error in a recently optimized routine discovered by a user -- an error >> that will definitely cause operational problems for almost all server >> operators >> who upgrade to either of these affected versions: >> >> - BIND 9.16.17 >> - BIND 9.17.14 >> >> BIND 9.11.33 is NOT affected. >> >> If you have not yet updated to the 16 June releases, we ask that you hold off >> on any plans to install 9.16.17 or 9.17.14 until replacement releases can be >> prepared and tested. >> >> The specific issue in question is being tracked in our issue tracker: >> >> https://gitlab.isc.org/isc-projects/bind9/-/issues/2779 >> >> and more information about our plans for issuing replacement releases will be >> provided later; at the moment our priority is getting the news to parties as >> quickly as possible so that those who have not already adopted the new >> releases >> can postpone until corrected versions are available. >> >> Michael McNally >> Internet Systems Consortium >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Only zones with wildcards affected on authoritative servers (Was: Important: A significant flaw is present in June BIND releases 9.16.17 and 9.17.14)
Hi, let me add more details to the issue. # Who’s affected Authoritative server operators operating zones with wildcard records (f.e. *.example.com) # What’s affected Queries hitting the wildcard records with capital `W` # How to test? dig IN A W.example.com @127.0.0.1 You need to adjust this to match your zone name, server IP address and the rrclass and rrtype of the wildcard record. # Is there a hotfix? The patch to fix this issue is available at: https://gitlab.isc.org/isc-projects/bind9/-/commit/52cc9ff372ba637289d1e8f35d1f3f35d46ea25f.patch # Are the ISC packages affected? The packages with the hotfix applied were pushed into the repository and are either already built or are building and will be available shortly # When there will be official upstream release fixing this? We are working on preparing the release tarball as of this moment and the fixed tarballs will be published as soon as they are ready. Sorry for any inconvenience this might have caused, we wish we would have caught this during our extensive testing, but alas we didn’t. Thanks, Ondrej -- Ondřej Surý (He/Him) ond...@isc.org > On 18. 6. 2021, at 5:56, Michael McNally wrote: > > Dear BIND users: > > Yesterday, 16 June 2021, we released monthly maintenance snapshot releases of > our currently supported release branches of BIND. > > Specifically, we released BIND 9.11.33, 9.16.17, and 9.17.14 > > There's no way to say this that isn't embarrassing, but only after the release > was an error in a recently optimized routine discovered by a user -- an error > that will definitely cause operational problems for almost all server > operators > who upgrade to either of these affected versions: > > - BIND 9.16.17 > - BIND 9.17.14 > > BIND 9.11.33 is NOT affected. > > If you have not yet updated to the 16 June releases, we ask that you hold off > on any plans to install 9.16.17 or 9.17.14 until replacement releases can be > prepared and tested. > > The specific issue in question is being tracked in our issue tracker: > > https://gitlab.isc.org/isc-projects/bind9/-/issues/2779 > > and more information about our plans for issuing replacement releases will be > provided later; at the moment our priority is getting the news to parties as > quickly as possible so that those who have not already adopted the new > releases > can postpone until corrected versions are available. > > Michael McNally > Internet Systems Consortium > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
