nsupdate fails on check-names while using comma in non-interactive mode
Summary
I tried to add an entry for the domain ,
(FQDN used in this issue: ,.example.com
) to my DNS server. For configuring domains I use Ansible which builds a file compatible to nsupdate and calls nsupdate respectively. However nsupdate fails and manual testing showed that the file was built correctly, however not accepted by nsupdate in non-interactive mode.
BIND version used
BIND 9.16.5-Debian (Stable Release) <id:c00b458>
running on Linux x86_64 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5+deb10u1 (2019-07-19)
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-libjson-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-9.16.5=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 8.3.0
compiled with OpenSSL version: OpenSSL 1.1.1d 10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d 10 Sep 2019
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
compiled with json-c version: 0.12.1
linked to json-c version: 0.12.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.3.2
compiled with protobuf-c version: 1.3.1
linked to protobuf-c version: 1.3.1
threads support is enabled
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
Steps to reproduce
This is an example configuration change in place of what I was to apply:
zone example.com.
ttl 86400
update delete ,.example.com. 0 IN A
update add ,.example.com. 86400 IN A 0.0.0.0
send
On a server running BIND enabled with dynamic updates and local-host mode support enabled for the zone example.com
, store the configuration from above in a file and call nsupdate -l [file]
or < [file] nsupdate -l
.
What is the current bug behavior?
nsupdate called with the file like exampled above fails with following error:
check-names failed: bad owner ',.example.com'
syntax error
What is the expected correct behavior?
Change the A
record for ,.example.com
to 0.0.0.0
.
Relevant configuration files
Seems to be an issue of nsupdate and not BIND, so configuration files should not matter.