Bug 13442 - axfr only transfer subset of zone (may be trailing . mishandling)
Summary: axfr only transfer subset of zone (may be trailing . mishandling)
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.8.2
Hardware: All All
: P5 major (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-18 01:30 UTC by William Brown
Modified: 2018-05-18 01:47 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description William Brown 2018-05-18 01:30:41 UTC
A zone with a large number of records:

# /usr/local/samba/bin/samba-tool dns query ash.prd.blackhats.net.au blackhats.net.au @ ALL | wc -l
76

when zone transferred only a subset of these are displayed. 

;; XFR size: 23 records (messages 1, bytes 848)

This seems to be inconsistent what records are sent. Some records are subdomains IE x.dev.blackhats.net.au where .dev has multiple childdren but only some are sent, others are single A record (correlating AAAA missing), others are CNAMEs, some are in the origin. No corelation to serials seems to exist either (some axfr recs are new, some old). 

This completely breaks DNS zone replication to a non-dc.

Usinc rndc trace, the issue *may* be due to records with trailing '.'.

May 18 11:29:11 ash.prd.blackhats.net.au named[327]: dns_rdata_fromtext: buffer-0x7fbd842a2f20:1: near eof: unexpected end of input
May 18 11:29:11 ash.prd.blackhats.net.au named[327]: Failed to put named rr '_carddav._tcp.blackhats.net.au.'
May 18 11:29:11 ash.prd.blackhats.net.au named[327]: dns_rdata_fromtext: buffer-0x7fbd842a2f20:1: near eof: unexpected end of input
May 18 11:29:11 ash.prd.blackhats.net.au named[327]: Failed to put named rr '_imap._tcp.blackhats.net.au.'
May 18 11:29:11 ash.prd.blackhats.net.au named[327]: dns_rdata_fromtext: buffer-0x7fbd842a2f20:1: near eof: unexpected end of input
May 18 11:29:11 ash.prd.blackhats.net.au named[327]: Failed to put named rr '_pop3._tcp.blackhats.net.au.'
May 18 11:29:11 ash.prd.blackhats.net.au named[327]: dns_rdata_fromtext: buffer-0x7fbd842a2f20:1: near eof: unexpected end of input
May 18 11:29:11 ash.prd.blackhats.net.au named[327]: Failed to put named rr '_caldav._tcp.blackhats.net.au.'
May 18 11:29:11 ash.prd.blackhats.net.au named[327]: client @0x7fbd7c7624a0 172.24.12.43#21073 (blackhats.net.au): transfer of 'blackhats.net.au/IN': AXFR started (serial 1465435624)
May 18 11:29:11 ash.prd.blackhats.net.au named[327]: client @0x7fbd7c7624a0 172.24.12.43#21073 (blackhats.net.au): transfer of 'blackhats.net.au/IN': AXFR ended


Package versions: 
# rpm -qa | grep -i bind 
bind-libs-lite-9.11.3-4.fc27.x86_64
bind-9.11.3-4.fc27.x86_64
bind-libs-9.11.3-4.fc27.x86_64
python3-bind-9.11.3-4.fc27.noarch
bind-utils-9.11.3-4.fc27.x86_64
bind-license-9.11.3-4.fc27.noarch


Please note: similar issues exist when adding a zone with a trailing '.' which causes named to completely stop and unable to restart. 

Trailing '.' are valid in records, and should be allowed.
Comment 1 William Brown 2018-05-18 01:35:03 UTC
This is indeed the issue:

sh-4.4# /usr/local/samba/bin/samba-tool dns delete ash.blackhats.net.au blackhats.net.au _caldav._tcp.blackhats.net.au. SRV ". 0 0 0"
Record deleted successfully
sh-4.4# /usr/local/samba/bin/samba-tool dns add ash.blackhats.net.au blackhats.net.au _caldav._tcp.blackhats.net.au SRV ". 0 0 0"
Record added successfully

;; XFR size: 35 records (messages 1, bytes 1636)

So during the zone list, if there is a rec with a trailing '.', it's unable to be processed and this stops the axfr prematurely.
Comment 2 William Brown 2018-05-18 01:47:49 UTC
/usr/local/samba/bin/samba-tool dns add ash.blackhats.net.au blackhats.net.au _pop3._tcp SRV ". 0 0 0"

The following record will break DNS additionally.