Project

General

Profile

Actions
Copy link

Bug #8254

closed

BIND, Register DHCP static mappings and Subzones

Added by name name over 6 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
BIND
Target version:
-
Start date:
01/03/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.2_1
Affected Plus Version:
Affected Architecture:
amd64

Description

If BIND is configured so that it has master zones for example.com and sub.example.com
(assuming proper delegation from one to the other, etc.), then all DHCP static mappings that would
only belong to example.com are also added to all subzones.

For example: host.example.com is added as static mapping to both example.com.DB and sub.example.com.DB,
so that there are two entries now leading to the same ip address, while there should only be one.

host.example.com
host.sub.example.com

Line 558 of

https://github.com/pfsense/pfsense-packages/blob/master/config/bind/bind.inc

has an error, should the above not be by design. The reverse zone part is correctly written
so that the above problem does not arise.

The arrays inside array_diff_assoc should be the other way around.

array_diff_assoc($parts, $zoneparts) returns all values of $parts that are NOT in $zoneparts.

Here $parts are the '.' exploded parts of the domain name of the static mapping and
$zoneparts are the '.' exploded parts of the zone name currently being parsed.

For example: 

$parts =     array( 0 => com, 1 => example );
$zoneparts = array( 0 => com, 1 => example, 2 => sub );

The check on line 559

count($diff) == 0

is true if there are no values in $parts, that are not also in $zoneparts.

Comparing the domain of a mapping ( com, example ) to the zone ( com, example ) gives an empty array,
since all entries of $parts are also in $zoneparts. OK.

Comparing the domain of a mapping ( com, example ) to the zone ( com, example, sub ) gives an empty array,
since all entries of $parts are also in $zoneparts, in fact, there is one more in $zoneparts than in $parts. PROBLEM.

The same would be true for any possible sub, subsub, ... domains of example.com.

It needs to be the other way around:

Check that all entries of $zoneparts are all in $parts (domain name of the static mapping). Otherwise they are added for all the subdomain zones, even if they don't belong there.

Then we would compare

Comparing the zone ( com, example ) to the domain of a mapping ( com, example ) gives an empty array,
since all entries of $zoneparts are also in $parts. OK.

Comparing the zone ( com, example, sub ) to the domain of a mapping ( com, example ) gives an array with one value: array( 2 => "sub" ),
since there is one entry in $zoneparts that is not also in $parts. OK.

Should this be by design, then please explain to me the reason for it and how I can circumvent the problem I'm having, thanks!

Actions
Copy link
 #1

Updated by Viktor Gurov almost 4 years ago

  • Status changed from New to Resolved

no such issue with 9.16_1, https://github.com/pfsense/FreeBSD-ports/blob/devel/dns/pfSense-pkg-bind/files/usr/local/pkg/bind.inc#L576-L579:

$parts = array_reverse(explode('.', $domain));
    if ($parts === $zoneparts) {
        $zone_conf .= "{$host['hostname']}\tIN A\t{$host['ipaddr']}\n";
    }

it works fine

Actions
Copy link

Also available in: Atom PDF