[CVE-2019-6476] critical: resolver.c:4917: INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed
Summary
general: critical: resolver.c:4917: INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed
general: critical: exiting (due to assertion failure)
BIND version used
BIND 9.14.6 (Stable Release) <id:efd3496>
running on Linux x86_64 4.14.47-64.38.amzn2.x86_64 #1 SMP Mon Jun 18 22:33:07 UTC 2018
built by make with '--prefix=/data/named' '--enable-threads' '--enable-epoll' '--enable-fetchlimi' '--disable-openssl-version-check' '--with-dlz-filesystem' '--with-tuning=large' '--disable-crypto-rand'
compiled by GCC 7.3.1 20180303 (Red Hat 7.3.1-5)
compiled with OpenSSL version: OpenSSL 1.0.2k 26 Jan 2017
linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
compiled with zlib version: 1.2.7
linked to zlib version: 1.2.7
threads support is enabled
default paths:
named configuration: /data/named/etc/named.conf
rndc configuration: /data/named/etc/rndc.conf
DNSSEC root key: /data/named/etc/bind.keys
nsupdate session key: /data/named/var/run/named/session.key
named PID file: /data/named/var/run/named/named.pid
named lock file: /data/named/var/run/named/named.lock
Steps to reproduce
queries: info: client @0x7f18ed2eeec0 140.206.63.106#26724 (121.52.95.211.in-addr.arpa): view cnc-nanfang: query: 121.52.95.211.in-addr.arpa IN PTR + (172.16.2.66)
What is the current bug behavior?
When a PTR request occurs, bind exiting
Relevant configuration files
Too long...
Relevant logs and/or screenshots
queries: info: client @0x7f18ed2eeec0 140.206.63.106#26724 (121.52.95.211.in-addr.arpa): view cnc-nanfang: query: 121.52.95.211.in-addr.arpa IN PTR + (172.16.2.66)
general: critical: resolver.c:4917: INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed
general: critical: exiting (due to assertion failure)
Incident tracking page
https://wiki.isc.org/bin/view/Main/SecurityIncidentChecklist20196476QminAndForwarders