host utility doesn't support switch -U (force UDP)

Bug #1804648 reported by psl
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Fix Released
Low
Andreas Hasenack

Bug Description

Ubuntu 18.04.1

man page for host utility (man host) has information, that "-U" switch forces UDP mode. But there is no "-U" switch coded in host utility. Is it a bug in manpage or in host utility?

# host -V
host 9.11.3-1ubuntu1.3-Ubuntu

# host -T www.ubuntu.com
www.ubuntu.com has address 91.189.89.103

# host -U www.ubuntu.com
Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time]
            [-R number] [-m flag] hostname [server]
       -a is equivalent to -v -t ANY
....

Information in manpage (man host):

       -T, -U
           TCP/UDP: By default, host uses UDP when making queries. The -T
           option makes it use a TCP connection when querying the name server.
           TCP will be automatically selected for queries that require it,
           such as zone transfer (AXFR) requests. Type ANY queries default to
           TCP but can be forced to UDP initially using -U.

Related branches

CVE References

psl (slansky)
affects: iputils (Ubuntu) → bind9 (Ubuntu)
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi PLS (again),
yeah IMHO this is a bug in the

Eventually [1] and [2] disagree.
It was added to the docs in [3]
But I never saw a matching change to the .c file.

I think you should report that upstream to get their opinion if the manpage or the tool should be fixed. We can then follow them to avoid going back and forth all the time.

Submittins issues I think would be at [4]

[1]: https://github.com/isc-projects/bind9/blob/master/bin/dig/host.c
[2]: https://github.com/isc-projects/bind9/blob/master/bin/dig/host.1
[3]: https://github.com/isc-projects/bind9/commit/2d863323b67a5c0d19fcf49123583a9e19d7e07a
[4]: https://gitlab.isc.org/isc-projects/bind9/issues

Changed in bind9 (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

host.c does have "U": https://github.com/isc-projects/bind9/blob/master/bin/dig/host.c#L793

it's even in the optstring array: https://github.com/isc-projects/bind9/blob/master/bin/dig/host.c#L588

But the pre_parse() function in https://github.com/isc-projects/bind9/blob/master/bin/dig/host.c#L597 isn't handling it

I think this ought to fix it:
--- a/bin/dig/host.c
+++ b/bin/dig/host.c
@@ -657,6 +657,7 @@ pre_parse_args(int argc, char **argv) {
                case 'N': break;
                case 'R': break;
                case 'T': break;
+ case 'U': break;
                case 'W': break;
                default:
                        show_usage();

I'll give it a try and submit upstream if it works.

Changed in bind9 (Ubuntu):
assignee: nobody → Andreas Hasenack (ahasenack)
status: Confirmed → In Progress
Revision history for this message
Andreas Hasenack (ahasenack) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.5 KiB)

This bug was fixed in the package bind9 - 1:9.11.5+dfsg-1ubuntu1

---------------
bind9 (1:9.11.5+dfsg-1ubuntu1) disco; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Build without lmdb support as that package is in Universe
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1104.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap nor install dnstap.proto
  * Dropped:
    - SECURITY UPDATE: denial of service crash when deny-answer-aliases
      option is used
      + debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
        trigger a crash if deny-answer-aliases was set
      + debian/patches/CVE-2018-5740-2.patch: add tests
      + debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
        chainingp correctly, add test
      + CVE-2018-5740
        [Fixed in new upstream version 9.11.5]
    - d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
      line (Closes: #904983)
      [Fixed in 1:9.11.4+dfsg-4]
    - Add a patch to fix named-pkcs11 crashing on startup. (LP #1769440)
      [Fixed in 1:9.11.4.P1+dfsg-1]
    - Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
      (it depends on OpenSSL version) (Closes: #897643)
      [Fixed in 1:9.11.4.P1+dfsg-1]
  * Added:
    - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
      option (LP: #1804648)
    - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
      close to a query timeout (LP: #1797926)
    - d/t/simpletest: drop the internetsociety.org test as it requires
      network egress access that is not available in the Ubuntu autopkgtest
      farm.

bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium

  * Use <email address hidden> as Maintainer address
  * New upstream version 9.11.5+dfsg
  * Add EXTENSIONS= to version file programmatically, not with the patch
  * Rebase patches for BIND 9.11.5
  * Adjust package names for new SONAMEs

bind9 (1:9.11.4.P2+dfsg-3) unstable; urgency=medium

  * Also avoid OpenSSL 1.1.1 in udebs.
    Thanks to KiBi for the hint
  * autopkgtest: Make an external query and check for DNSSEC

bind9 (1:9.11.4.P2+dfsg-2) unstable; urgency=medium

  * Temporarily disable EDDSA to relax OpenSSL version requirement

bind9 (1:9.11.4.P2+dfsg-1) unstable; urgency=medium

  [ Bernhard Schmidt ]
  * Add a very simple autopkgtest (dig @127.0.0.1)

  [ Ondřej Surý ]
  * New upstream version 9.11.4.P2+dfsg
  * Rebase patches for BIND 9.11.4-P2

bind9 (1:9.11.4.P1+dfsg-1) unstable; urgency=medium

  [ Timo Aaltonen ]
  * skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11
    crashing on startup. (LP: #1769440)

  [ Bernhard Schmidt ]
  * Add gbp.conf for pristine-tar usage
  * d/watch: Properly deal with -P patch releases

  [ Ondřej Surý ]
  * Don't fail to start if /etc/default/bind9 doesn't exist
  * New upstream version 9.11.4.P1+dfsg
  * Rebase patches for BIND 9.11.4-P1
  * Add new dst__open...

Read more...

Changed in bind9 (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.