group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #45905
[Bug 1732150] Re: Unbound behaviour changes (wrong) when domain-insecure is set for a stub zone with multiple stub-addr(s)
** Changed in: unbound (Ubuntu Bionic)
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1732150
Title:
Unbound behaviour changes (wrong) when domain-insecure is set for a
stub zone with multiple stub-addr(s)
Status in Unbound - Caching DNS Resolver:
Unknown
Status in unbound package in Ubuntu:
Fix Released
Status in unbound source package in Trusty:
Won't Fix
Status in unbound source package in Xenial:
Won't Fix
Status in unbound source package in Bionic:
Won't Fix
Bug description:
[Impact]
* DNSSEC setup with domain-insecure set fail to work.
The lookup will process all available servers leading to a very long
lookup time.
* Backport upstream fix to stop checking for further trust points in that
case.
[Test Case]
* TBD: Waiting for the bug reporter to provide the initial steps that we
migth refine
[Regression Potential]
* The change will make it stop iterating for further DNSSEC records in
certain configuration cases (domain-insecure). But this is just what
the respective configuration is meant to do (see
http://manpages.ubuntu.com/manpages/bionic/man5/unbound.conf.5.html)
So it should speed up certain cases were so far it still iterated
through servers, but giving that up early is just what it shoudl be per
config.
I can think of a slight behavior change due to being faster now, but
the end result should not change due to this. With that background I
could think of two regressions:
a) the faster lookup makes automation wonder
b) there would be a condition we (and upstream) missed which would
change the actual lookup return
Given that the code was not reverted upstream for quite a while I'd
think the latter is only theoretical, and the former should be of low
risk.
[Other Info]
* n/a
---
Unbound contains a bug when domain-insecure is set for a (stub) zone.
This bug is fixed, see https://www.nlnetlabs.nl/bugs-
script/show_bug.cgi?id=2882. Can you please backport this to the
Trusty package?
With regards,
Richard Arends
To manage notifications about this bug go to:
https://bugs.launchpad.net/unbound/+bug/1732150/+subscriptions