Ubuntu
bind9 package

Command "host non-existent-host-name" hangs forever in Ubuntu jammy

Bug #1964686 reported by Romain Geissler
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Fix Released
High
Sergio Durigan Junior

Bug Description

Hi,

We have found that on Ubuntu jammy the command "host non-existent-host-name" hangs for ever, while it was working with Ubuntu impish. We tested that under Docker:

> cat Dockerfile
ARG UBUNTU_VERSION
FROM ubuntu:${UBUNTU_VERSION}

RUN apt-get update && apt-get install -y dnsutils

> docker run -t -i --rm $(docker build --quiet --build-arg UBUNTU_VERSION=impish .) host -v non-existent-host-name
Trying "non-existent-host-name.rnd.amadeus.net"
Trying "non-existent-host-name"
Host non-existent-host-name not found: 2(SERVFAIL)
Received 40 bytes from 10.64.112.201#53 in 0 ms

> docker run -t -i --rm $(docker build --quiet --build-arg UBUNTU_VERSION=jammy .) host -v non-existent-host-name
Trying "non-existent-host-name.rnd.amadeus.net"
Trying "non-existent-host-name"
   This hangs for ever here.

Quickly looking at the latest bind9 issues, I have found this: https://gitlab.isc.org/isc-projects/bind9/-/issues/3145 which mentions this pull request: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5954 which is still being discussed. It may (or may not, I don't know !) fix this issue.

Cheers,
Romain

Related branches

~sergiodj/ubuntu/+source/bind9:merge-9.18.4-2-kinetic
Andreas Hasenack: Needs Information
Canonical Server Reporter: Pending requested
Diff: 1583 lines (+1384/-10)
7 files modified
debian/NEWS (+56/-0)
debian/bind9-dnsutils.install (+0/-2)
debian/bind9.apport (+24/-0)
debian/bind9.named.service (+2/-1)
debian/changelog (+1298/-0)
debian/control (+3/-5)
debian/rules (+1/-2)
~sergiodj/ubuntu/+source/bind9:merge-9.18.1-jammy
Andreas Hasenack: Approve
Canonical Server: Pending requested
Diff: 2458 lines (+2217/-10)
15 files modified
debian/NEWS (+56/-0)
debian/bind9-dnsutils.install (+0/-2)
debian/bind9.apport (+24/-0)
debian/bind9.named.service (+2/-1)
debian/changelog (+1243/-0)
debian/control (+3/-5)
debian/patches/lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe.patch (+49/-0)
debian/patches/lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo.patch (+206/-0)
debian/patches/lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error-.patch (+282/-0)
debian/patches/lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh.patch (+187/-0)
debian/patches/lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv.patch (+54/-0)
debian/patches/lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC.patch (+35/-0)
debian/patches/lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the.patch (+68/-0)
debian/patches/series (+7/-0)
debian/rules (+1/-2)

CVE References

Romain Geissler (rgeissler-1a)
tags: added: jammy
Revision history for this message
Romain Geissler (rgeissler-1a) wrote :

Note: it also impacts debian:testing and debian:sid which also ship bind 9.18. Should this bug report be reported to Debian instead ?

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the bug report, Romain.

I cannot seem to be able to reproduce it here. Here's what I'm doing:

$ docker run --rm ubuntu:jammy /bin/sh -c 'apt update && apt install dnsutils -y && host -v non-existent-host-name'
...
Trying "non-existent-host-name.localdomain"
Trying "non-existent-host-name"
Host non-existent-host-name not found: 3(NXDOMAIN)
Received 115 bytes from 192.168.30.1#53 in 3 ms

It's also working inside an lxd container (Jammy), and with debian:sid (both Docker and LXD containers).

However, while testing the issue described in the upstream bug, I did notice a problem when using "dig":

$ docker run --rm ubuntu:jammy /bin/sh -c 'apt update && apt install dnsutils -y && dig +nssearch isc.org.'
...
dighost.c:1651: REQUIRE(targetp != ((void *)0) && *targetp == ((void *)0)) failed, back trace
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(+0x32953)[0x7fb078558953]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(isc_assertion_failed+0x10)[0x7fb078557e40]
dig(+0x16f00)[0x5630acc32f00]
dig(+0xeeae)[0x5630acc2aeae]
dig(+0x10061)[0x5630acc2c061]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(isc__nm_async_readcb+0xb1)[0x7fb078546ff1]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(isc__nm_readcb+0x9b)[0x7fb07854712b]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(+0x226a5)[0x7fb0785486a5]
/lib/x86_64-linux-gnu/libuv.so.1(uv_run+0xce)[0x7fb0780596de]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(+0x2622e)[0x7fb07854c22e]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu2-Ubuntu.so(isc__trampoline_run+0x1a)[0x7fb07857f22a]
/lib/x86_64-linux-gnu/libc.so.6(+0x98927)[0x7fb078115927]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7fb0781a59e4]
Aborted (core dumped)

Can you reproduce this bug there?

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Athos just told me that there is already a bug filed for the problem I reported above:

https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1964400

So now we're left to trying to reproduce the hang that Romain is seeing when using the "host" command.

Changed in bind9 (Ubuntu):
status: New → Incomplete
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I'm marking this bug as Incomplete for now because I can't reproduce it. Feel free to set its status back to New when you provide more info.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Also, please provide the version of the bind9 package you're using for tests. Thanks!

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

As it turns out, the "dig" failure I mentioned in comment 2 may not be entirely related to bug #1964400. I took the liberty of repurposing one of bind9's old bugs to make sure we're also tracking those failures. It's bug #1258003, if you're interested.

Revision history for this message
Romain Geissler (rgeissler-1a) wrote :

Hi,

I guess to reproduce this I should find my DNS configuration and be able to hardcode it in Docker so it works the same way for everyone. But my environment is a corporate one, so I don't know possible it is to reproduce this with public DNS.

Anyway, https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5954 has been merged 15 minutes ago. Is there a way I can get my hands on an upgraded jammy package containing the latest state of bind 9 (including this just merged pull request) ? If there are some test packages somewhere I can install them over the official jammy packages and re-test in my corporate environment.

Cheers,
Romain

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the reply, Romain.

I have prepared a PPA with the current bind9 package in Ubuntu Jammy + the patches from the MR you linked. You can find it here:

https://launchpad.net/~sergiodj/+archive/ubuntu/bind9-lp1964686

Let me know if this solves the problem for you.

Although it would be nice to be able to reproduce this locally, I will rely on your test results to move forward with an MP for this bug (which also seems to fix https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1964400, btw).

Thanks.

Revision history for this message
Romain Geissler (rgeissler-1a) wrote :
Download full text (4.0 KiB)

Hi,

I could successfully validate that the fix works. I initially installed the current official jammy package, it was hanging again, then I installed your ppa repo and upgraded the packages, and it worked. See the following relevant part of my testing (ran in Docker):

Setting up liblmdb0:amd64 (0.9.24-1build1) ...
Setting up libmaxminddb0:amd64 (1.5.2-1build1) ...
Setting up libnghttp2-14:amd64 (1.43.0-1build2) ...
Setting up libuv1:amd64 (1.43.0-1) ...
Setting up libmd0:amd64 (1.0.4-1) ...
Setting up libbsd0:amd64 (0.11.5-1) ...
Setting up libjson-c5:amd64 (0.15-2build3) ...
Setting up libicu70:amd64 (70.1-2) ...
Setting up libedit2:amd64 (3.1-20210910-1) ...
Setting up libxml2:amd64 (2.9.13+dfsg-1) ...
Setting up bind9-libs:amd64 (1:9.18.0-2ubuntu2) ...
Setting up bind9-host (1:9.18.0-2ubuntu2) ...
Setting up bind9-dnsutils (1:9.18.0-2ubuntu2) ...
Setting up dnsutils (1:9.18.0-2ubuntu2) ...
Processing triggers for libc-bin (2.35-0ubuntu3) ...
root@9245c5040595:/# host some-host
(hangs forever, I interrupted the command)

root@9245c5040595:/# add-apt-repository ppa:sergiodj/bind9-lp1964686
Repository: 'deb https://ppa.launchpadcontent.net/sergiodj/bind9-lp1964686/ubuntu/ jammy main'
More info: https://launchpad.net/~sergiodj/+archive/ubuntu/bind9-lp1964686
Adding repository.
Press [ENTER] to continue or Ctrl-c to cancel.
Adding deb entry to /etc/apt/sources.list.d/sergiodj-ubuntu-bind9-lp1964686-jammy.list
Adding disabled deb-src entry to /etc/apt/sources.list.d/sergiodj-ubuntu-bind9-lp1964686-jammy.list
Adding key to /etc/apt/trusted.gpg.d/sergiodj-ubuntu-bind9-lp1964686.gpg with fingerprint 1D66A93D45649FD3B4319D337CD01F95D2AA1673
Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:5 https://ppa.launchpadcontent.net/sergiodj/bind9-lp1964686/ubuntu jammy InRelease [18.1 kB]
Get:6 https://ppa.launchpadcontent.net/sergiodj/bind9-lp1964686/ubuntu jammy/main amd64 Packages [2214 B]
Fetched 20.3 kB in 1s (14.8 kB/s)
Reading package lists... Done
root@9245c5040595:/# apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  bind9-dnsutils bind9-host bind9-libs dnsutils libudev1 login passwd
7 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 2595 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 login amd64 1:4.8.1-2ubuntu2 [187 kB]
Get:2 https://ppa.launchpadcontent.net/sergiodj/bind9-lp1964686/ubuntu jammy/main amd64 bind9-host amd64 1:9.18.0-2ubuntu4 [83.7 kB]
Get:3 http://archive.ubuntu.com/ubuntu jammy/main amd64 libudev1 amd64 249.11-0ubuntu1 [77.1 kB]
Get:4 http://archive.ubuntu.com/ubuntu jammy/main amd64 passwd amd64 1:4.8.1-2ubuntu2 [767 kB]
Get:5 https://ppa.launchpadcontent.net/sergiodj/bind9-lp1964686/ubuntu jammy/main amd64 bind9-dnsutils amd64 1:9.18.0-2ubuntu4 [189 k...

Read more...

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote : Re: [Bug 1964686] Re: Command "host non-existent-host-name" hangs forever in Ubuntu jammy
Download full text (4.6 KiB)

On Friday, March 18 2022, Romain Geissler wrote:

> I could successfully validate that the fix works. I initially installed
> the current official jammy package, it was hanging again, then I
> installed your ppa repo and upgraded the packages, and it worked. See
> the following relevant part of my testing (ran in Docker):
>
> Setting up liblmdb0:amd64 (0.9.24-1build1) ...
> Setting up libmaxminddb0:amd64 (1.5.2-1build1) ...
> Setting up libnghttp2-14:amd64 (1.43.0-1build2) ...
> Setting up libuv1:amd64 (1.43.0-1) ...
> Setting up libmd0:amd64 (1.0.4-1) ...
> Setting up libbsd0:amd64 (0.11.5-1) ...
> Setting up libjson-c5:amd64 (0.15-2build3) ...
> Setting up libicu70:amd64 (70.1-2) ...
> Setting up libedit2:amd64 (3.1-20210910-1) ...
> Setting up libxml2:amd64 (2.9.13+dfsg-1) ...
> Setting up bind9-libs:amd64 (1:9.18.0-2ubuntu2) ...
> Setting up bind9-host (1:9.18.0-2ubuntu2) ...
> Setting up bind9-dnsutils (1:9.18.0-2ubuntu2) ...
> Setting up dnsutils (1:9.18.0-2ubuntu2) ...
> Processing triggers for libc-bin (2.35-0ubuntu3) ...
> root@9245c5040595:/# host some-host
> (hangs forever, I interrupted the command)
>
>
> root@9245c5040595:/# add-apt-repository ppa:sergiodj/bind9-lp1964686
> Repository: 'deb https://ppa.launchpadcontent.net/sergiodj/bind9-lp1964686/ubuntu/ jammy main'
> More info: https://launchpad.net/~sergiodj/+archive/ubuntu/bind9-lp1964686
> Adding repository.
> Press [ENTER] to continue or Ctrl-c to cancel.
> Adding deb entry to /etc/apt/sources.list.d/sergiodj-ubuntu-bind9-lp1964686-jammy.list
> Adding disabled deb-src entry to /etc/apt/sources.list.d/sergiodj-ubuntu-bind9-lp1964686-jammy.list
> Adding key to /etc/apt/trusted.gpg.d/sergiodj-ubuntu-bind9-lp1964686.gpg with fingerprint 1D66A93D45649FD3B4319D337CD01F95D2AA1673
> Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
> Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
> Hit:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
> Hit:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
> Get:5 https://ppa.launchpadcontent.net/sergiodj/bind9-lp1964686/ubuntu jammy InRelease [18.1 kB]
> Get:6 https://ppa.launchpadcontent.net/sergiodj/bind9-lp1964686/ubuntu jammy/main amd64 Packages [2214 B]
> Fetched 20.3 kB in 1s (14.8 kB/s)
> Reading package lists... Done
> root@9245c5040595:/# apt-get upgrade
> Reading package lists... Done
> Building dependency tree... Done
> Reading state information... Done
> Calculating upgrade... Done
> The following packages will be upgraded:
> bind9-dnsutils bind9-host bind9-libs dnsutils libudev1 login passwd
> 7 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> Need to get 2595 kB of archives.
> After this operation, 0 B of additional disk space will be used.
> Do you want to continue? [Y/n] y
> Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 login amd64 1:4.8.1-2ubuntu2 [187 kB]
> Get:2 https://ppa.launchpadcontent.net/sergiodj/bind9-lp1964686/ubuntu jammy/main amd64 bind9-host amd64 1:9.18.0-2ubuntu4 [83.7 kB]
> Get:3 http://archive.ubuntu.com/ubuntu jammy/main amd64 libudev1 amd64 249.11-0ubuntu1 [77.1 kB]
> Get:4 http://archive.ubuntu.com/ubuntu jammy/main amd64 passwd amd64 1:4.8.1...

Read more...

Sergio Durigan Junior (sergiodj)
Changed in bind9 (Ubuntu):
status: Incomplete → Confirmed
tags: added: server-todo
Changed in bind9 (Ubuntu):
importance: Undecided → High
Christian Ehrhardt  (paelzer)
Changed in bind9 (Ubuntu):
assignee: nobody → Sergio Durigan Junior (sergiodj)
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package bind9 - 1:9.18.1-1ubuntu1

---------------
bind9 (1:9.18.1-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1965981). Remaining changes:
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1104.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap nor install dnstap.proto
    - Add back apport:
      + d/bind9.apport: add back old bind9 apport hook, but without calling
        attach_conffiles() since that is already done by apport itself, with
        confirmation from the user.
      + d/control, d/rules: build-depends on dh-apport and use it
    - d/NEWS: mention some of the bigger changes in 9.16.0 packaging
    - d/bind9.named.service: use systemd Type=forking to signal daemon init.
      This fixes a regression of #900788 where services whose startup depend
      on name resolutions may fail due to bind9 not being ready (LP #1899902).
    - d/control: remove optional libjemalloc-dev Build-Depends as it is not in
      main.
    - d/NEWS: mention some of the relevant changes in 9.18.0 packaging
      or functionality that may affect usability.
  * Dropped changes:
    - d/p/0003-Remove-spurious-debugging-true.patch: remove development leftover
      debugging flag from nslookup code (LP: #1961556).
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: cache poisoning via bogus NS records
      + debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of
        records into the cache in lib/dns/resolver.c.
      + CVE-2021-25220
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: DoS via specially crafted TCP stream
      + debian/patches/CVE-2022-0396.patch: ensure correct ordering in
        lib/isc/netmgr/netmgr.c.
      + CVE-2022-0396
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: DNAME insist with synth-from-dnssec enabled
      + debian/patches/CVE-2022-0635.patch: fix logic in lib/dns/rbtdb.c.
      + CVE-2022-0635
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: Assertion failure on delayed DS lookup
      + debian/patches/CVE-2022-0667.patch: fix logic in lib/dns/resolver.c.
      + CVE-2022-0667
      [ Incorporated in 9.18.1. ]
  * Added changes:
    - d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe.patch,
      d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo.patch,
      d/p/lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error-.patch,
      d/p/lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh.patch,
      d/p/lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv.patch,
      d/p/lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC.patch,
      d/p/lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the.patch:
      Fix dig error when trying the next server after a TCP connection
      failure. This upstream patchset also fixes a crash when using
      the "host" com...

Read more...

Changed in bind9 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.