TSIG verify failure at DNS backend side
Bug #1466300 reported by
Liang Rong
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Designate |
Fix Released
|
High
|
sonu | ||
Bug Description
Create a pool and configure the pool with a managed DNS backend (BIND9 in my case), and also create a TSIG key to identify the pool.
Next create zones in this pool. The zone transfer from MiniDNS to BIND9 fails because of TSIG verify failure at BIND9.
This issue is likely to be caused by the TSIG MAC generation in _handle_axfr function in mdns/handler.py. In this function, the request.request_mac should be replaced with request.mac. After I made this change, the TSIG verification is passed at BIND9 and zone transfer is completed successfully.
Revision history for this message
| Kiall Mac Innes (kiall) wrote | #1 |
Revision history for this message
| Liang Rong (csulrong) wrote | #2 |
| information type: | Private Security → Public |
| Changed in designate: | |
| importance: | Undecided → High |
| status: | New → Triaged |
| Changed in designate: | |
| assignee: | nobody → sonu (sonu-bhumca11) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to designate (master) | #3 |
| Changed in designate: | |
| status: | Triaged → In Progress |
| Changed in designate: | |
| milestone: | none → liberty-rc1 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to designate (master) | #4 |
| Changed in designate: | |
| status: | In Progress → Fix Committed |
| Changed in designate: | |
| status: | Fix Committed → Fix Released |
| Changed in designate: | |
| milestone: | liberty-rc1 → 1.0.0 |
To post a comment you must log in.
Looking into this, I'm not sure it warrants Private Security as it sounds like it's not leaking info / privilege escalation etc - but let's leave it private for now until we know for sure.