End-user error can prevent BIND from restarting

2 posts / 0 new
Last post
#1 Sun, 01/31/2016 - 18:18
joe443

End-user error can prevent BIND from restarting

In a shared web-hosting environment, user error might cause that user's own DNS zone(s) to become invalid, but it should not cause the DNS server to die.

Still experimenting with Virtualmin 5.0GPL on CentOS 7.2.1511, I created an end-user account whose domain was (for this example only) "example.com".

Then, logged in as that end user, I went to:

Webmin : Servers : BIND DNS Server : example.com : Edit Zone Parameters

I changed the email address field to hostmaster @example.com (note the spurious blank before the at sign), and then I clicked on the Save button.

This creates a ticking time-bomb. The next time BIND is restarted, which will happen sooner or later, it will fail to restart, because the spurious blank went into /etc/named.conf.

If that isn't bad enough, it actually gets a little worse.

If the user edits the same record again, the email address will now appear only as "hostmaster". Doing a Save again now fixes the zone file so BIND will now restart correctly. But now, another serious problem occurs: The various numeric fields in the SOA record become corrupted. If previously the numeric fields were

2016013101 900 450 604800 900

they will have been changed to

1 2016013102 900 450 604800

and that's going to completely screw up zone transfers for example.com. The serial number is now 1 and the refresh value, previously 900 seconds, is now up to about 63 years.

Mon, 02/01/2016 - 10:26
andreychek

Howdy,

Yeah that's definitely not desirable!

You may want to make this into a bug report where Jamie can work with you to prevent that.

To do that, go into the Support link above, and there, create a new thread in the ticket tracker. Then, Jamie can take a look and offer his input on that.

Thanks!

-Eric

Topic locked