From olli@secnetix.de  Thu Aug 16 13:09:50 2007
Return-Path: <olli@secnetix.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1AFE416A474
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 16 Aug 2007 13:09:50 +0000 (UTC)
	(envelope-from olli@secnetix.de)
Received: from pluto.secnetix.de (pluto.secnetix.de [88.198.44.136])
	by mx1.freebsd.org (Postfix) with ESMTP id 9339313C4D9
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 16 Aug 2007 13:09:49 +0000 (UTC)
	(envelope-from olli@secnetix.de)
Received: from pluto.secnetix.de (localhost.secnetix.de [127.0.0.1])
	by pluto.secnetix.de (8.14.1/8.14.1) with ESMTP id l7GD9jwI016276;
	Thu, 16 Aug 2007 15:09:45 +0200 (CEST)
	(envelope-from oliver.fromme@secnetix.de)
Received: (from olli@localhost)
	by pluto.secnetix.de (8.14.1/8.14.1/Submit) id l7GD9jqq016275;
	Thu, 16 Aug 2007 15:09:45 +0200 (CEST)
	(envelope-from olli)
Message-Id: <200708161309.l7GD9jqq016275@pluto.secnetix.de>
Date: Thu, 16 Aug 2007 15:09:45 +0200 (CEST)
From: Oliver Fromme <olli@secnetix.de>
Reply-To: Oliver Fromme <olli@secnetix.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Oliver Fromme <olli@secnetix.de>, Doug Barton <dougb@freebsd.org>
Subject: Typo in default named.conf locks out Sun
X-Send-Pr-Version: 3.113
X-GNATS-Notify: delphij@FreeBSD.org

>Number:         115573
>Category:       conf
>Synopsis:       Typo in default named.conf locks out Sun
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    dougb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 16 13:10:01 GMT 2007
>Closed-Date:    Fri Aug 17 04:41:20 GMT 2007
>Last-Modified:  Fri Aug 17 04:41:20 GMT 2007
>Originator:     Oliver Fromme
>Release:        FreeBSD 6.2-STABLE-20070808 i386
>Organization:
secnetix GmbH & Co. KG
		http://www.secnetix.de/bsd
>Environment:
System: FreeBSD pluto.secnetix.de 6.2-STABLE-20070808 FreeBSD 6.2-STABLE-20070808 #0: Wed Aug 8 14:35:59 CEST 2007 olli@pluto.secnetix.de:/usr/obj/usr/src/sys/PLUTO i386

    The problem described here affects HEAD and RELENG_6.

>Description:

    The current default configuration of BIND (named.conf)
    blocks the network 192.18/15.  This network belongs
    to Sun Microsystems Inc., Medical Research Council and
    Agere Systems Inc.

    The comment in the file claims that the network block
    is reserved for router benchmark testing in accordance
    with RFC 2544.  However, there's a typo in that RFC
    which has been corrected in an erratum:

    http://www.rfc-editor.org/cgi-bin/errataSearch.pl?rfc=2544

    So the correct network block is 198.18/15.  The correct
    network block is also mentioned in RFC 3330:

    http://www.rfc-editor.org/rfc/rfc3330.txt

    The error in the default named.conf file should be
    corrected ASAP.  As it stands now, the 192.18/15 network
    which belongs to Sun and others is locked out by default
    on FreeBSD machines!

>How-To-Repeat:

    whois 192.18
    whois 198.18

>Fix:

--- src/etc/namedb/named.conf.orig	2007-08-08 13:51:41.000000000 +0200
+++ src/etc/namedb/named.conf	2007-08-16 15:07:36.000000000 +0200
@@ -157,9 +157,9 @@
 // TEST-NET for Documentation (RFC 3330)
 zone "2.0.192.in-addr.arpa"	{ type master; file "master/empty.db"; };
 
-// Router Benchmark Testing (RFC 2544)
-zone "18.192.in-addr.arpa"	{ type master; file "master/empty.db"; };
-zone "19.192.in-addr.arpa"	{ type master; file "master/empty.db"; };
+// Router Benchmark Testing (RFC 2544 + erratum, RFC 3330)
+zone "18.198.in-addr.arpa"	{ type master; file "master/empty.db"; };
+zone "19.198.in-addr.arpa"	{ type master; file "master/empty.db"; };
 
 // IANA Reserved - Old Class E Space
 zone "240.in-addr.arpa"		{ type master; file "master/empty.db"; };


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dougb 
Responsible-Changed-By: delphij 
Responsible-Changed-When: Thu Aug 16 17:07:32 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115573 
State-Changed-From-To: open->analyzed 
State-Changed-By: dougb 
State-Changed-When: Thu Aug 16 17:10:45 UTC 2007 
State-Changed-Why:  

Thanks for submitting this, I'll get a patch to re@ ASAP. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115573 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: conf/115573: commit references a PR
Date: Fri, 17 Aug 2007 04:37:39 +0000 (UTC)

 dougb       2007-08-17 04:37:02 UTC
 
   FreeBSD src repository
 
   Modified files:
     etc/namedb           named.conf 
   Log:
   1. Remove root name servers from the list of possible masters in the
   commented out example who have either not responded, or specifically
   asked not to participate because they do not view AXFR as "a production
   service."
   
   2. Add f.root-servers.net to the example after confirmation from
   Paul Vixie.
   
   3. Add a warning to the commented out "root zone slave" example to the
   effect that it requires more attention than a hints file, and provides
   more benefit to larger sites than individual hosts.
   
   4. Correct a typo copied from RFC 2544 which was corrected in a later
   errata, and confirmed in RFC 3330. Update the comment to reflect that
   RFC 3330 got it right and to avoid confusion down the road. 3330 also
   contains a reference back to 2544 for anyone interested in pursuing the
   history. [1]
   
   PR:             conf/115573 [1]
   Submitted by:   Oliver Fromme <olli@secnetix.de> [1]
   
   Approved by:    re (kensmith)
   
   Revision  Changes    Path
   1.26      +12 -12    src/etc/namedb/named.conf
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: analyzed->closed 
State-Changed-By: dougb 
State-Changed-When: Fri Aug 17 04:40:17 UTC 2007 
State-Changed-Why:  

Thanks for bringing this to my attention. The change has been made 
in HEAD and 6-stable. I also did a thorough check of the other entries 
and believe that a similar issue should not arise again. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115573 
>Unformatted:
