group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1732150] Re: Unbound behaviour changes (wrong) when domain-insecure is set for a stub zone with multiple stub-addr(s)

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Sergio Durigan Junior <1732150@xxxxxxxxxxxxxxxxxx>
Date: Thu, 10 Feb 2022 20:19:41 -0000
Reply-to: Bug 1732150 <1732150@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Xenial and Trusty have reached end of standard support.

** Changed in: unbound (Ubuntu Trusty)
       Status: Triaged => Won't Fix

** Changed in: unbound (Ubuntu Xenial)
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1732150

Title:
  Unbound behaviour changes (wrong) when domain-insecure is set for a
  stub zone with multiple stub-addr(s)

Status in Unbound - Caching DNS Resolver:
  Unknown
Status in unbound package in Ubuntu:
  Fix Released
Status in unbound source package in Trusty:
  Won't Fix
Status in unbound source package in Xenial:
  Won't Fix
Status in unbound source package in Bionic:
  Incomplete

Bug description:
  [Impact]

   * DNSSEC setup with domain-insecure set fail to work.
     The lookup will process all available servers leading to a very long 
     lookup time.

   * Backport upstream fix to stop checking for further trust points in that 
     case.

  [Test Case]

   * TBD: Waiting for the bug reporter to provide the initial steps that we 
     migth refine

  [Regression Potential]

   * The change will make it stop iterating for further DNSSEC records in 
     certain configuration cases (domain-insecure). But this is just what 
     the respective configuration is meant to do (see 
     http://manpages.ubuntu.com/manpages/bionic/man5/unbound.conf.5.html)
     So it should speed up certain cases were so far it still iterated
     through servers, but giving that up early is just what it shoudl be per 
     config.
     I can think of a slight behavior change due to being faster now, but 
     the end result should not change due to this. With that background I 
     could think of two regressions:
       a) the faster lookup makes automation wonder
       b) there would be a condition we (and upstream) missed which would 
          change the actual lookup return
     Given that the code was not reverted upstream for quite a while I'd 
     think the latter is only theoretical, and the former should be of low 
     risk.

  [Other Info]
   
   * n/a

  
  ---

  Unbound contains a bug when domain-insecure is set for a (stub) zone.
  This bug is fixed, see https://www.nlnetlabs.nl/bugs-
  script/show_bug.cgi?id=2882. Can you please backport this to the
  Trusty package?

  With regards,
  Richard Arends

To manage notifications about this bug go to:
https://bugs.launchpad.net/unbound/+bug/1732150/+subscriptions