feature request - json stats output

Bug #1669193 reported by l0v3 on 2017-03-02
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Debian)
Fix Released
Unknown
bind9 (Ubuntu)
Wishlist
Andreas Hasenack

Bug Description

BIND with new 9.10 version supports JSON statistical output, but needs to be compiled with --with-libjson option. Is it possible to add this feature into the package as JSON format is popular nowadays and has less resource impact then XML.
Thank you very much!

Hi, thank you l0v3,
I think you are right and this would be a good thing to do.

But on zesty we are already feature frozen, and for zesty+1 we ahve a bit of time.
Since we always try to keep delta minimal and feed back to Debian - and this issue applies there jsut as well - I'd think it would be best fixed in Debian, and then Ubuntu will pick it up on the next merge.

Would you mind filing a bug with Debian please?

tags: added: bitesize needs-debian-report
Andreas Hasenack (ahasenack) wrote :

Simple debdiff to enable json support for the statistics.

To test, add this to /etc/bind/named.conf.local and restart bind:

statistics-channels {
  inet * port 8888
  allow { 127.0.0.1; };
};

(replace 127.0.0.1 with "any" if you prefer)

Then access the endpoint: wget http://localhost:8888/json

http://localhost:8888/xml also still works.

Andreas Hasenack (ahasenack) wrote :

I also updated the debian bug.

Changed in bind9 (Debian):
status: Unknown → New
tags: added: patch
Changed in bind9 (Ubuntu):
assignee: nobody → Andreas Hasenack (ahasenack)
status: New → In Progress
Nish Aravamudan (nacc) wrote :

For confirmation, src:json-c and all of its binary packages are in main, so adding the build-dep seems safe.

Changed in bind9 (Ubuntu):
importance: Undecided → Wishlist
Changed in bind9 (Ubuntu):
status: In Progress → Confirmed
assignee: Andreas Hasenack (ahasenack) → nobody
Changed in bind9 (Ubuntu):
assignee: nobody → Andreas Hasenack (ahasenack)
status: Confirmed → In Progress
Launchpad Janitor (janitor) wrote :
Download full text (4.1 KiB)

This bug was fixed in the package bind9 - 1:9.10.3.dfsg.P4-12.5ubuntu1

---------------
bind9 (1:9.10.3.dfsg.P4-12.5ubuntu1) artful; urgency=medium

  * Merge with Debian unstable (LP: #1701687). Remaining changes:
    - Add RemainAfterExit to bind9-resolvconf unit configuration file
      (LP #1536181).
    - rules: Fix path to libsofthsm2.so. (LP #1685780)
  * Drop:
    - SECURITY UPDATE: denial of service via assertion failure
      + debian/patches/CVE-2016-2776.patch: properly handle lengths in
        lib/dns/message.c.
      + CVE-2016-2776
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: assertion failure via class mismatch
      + debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
        records in lib/dns/resolver.c.
      + CVE-2016-9131
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
      + debian/patches/CVE-2016-9147.patch: fix logic when records are
        returned without the requested data in lib/dns/resolver.c.
      + CVE-2016-9147
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: assertion failure via unusually-formed DS record
      + debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
        lib/dns/message.c, lib/dns/resolver.c.
      + CVE-2016-9444
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
    - SECURITY UPDATE: regression in CVE-2016-8864
      + debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
        responses in lib/dns/resolver.c, added tests to
        bin/tests/system/dname/ns2/example.db,
        bin/tests/system/dname/tests.sh.
      + No CVE number
      + [Fixed in Debian 1:9.10.3.dfsg.P4-11 and 1:9.10.3.dfsg.P4-12]
    - SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
      a NULL pointer
      + debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
        combination in bin/named/query.c, lib/dns/message.c,
        lib/dns/rdataset.c.
      + CVE-2017-3135
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
    - SECURITY UPDATE: regression in CVE-2016-8864
      + debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
        was still being cached when it should have been in lib/dns/resolver.c,
        added tests to bin/tests/system/dname/ans3/ans.pl,
        bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
      + No CVE number
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
    - SECURITY UPDATE: Denial of Service due to an error handling
      synthesized records when using DNS64 with "break-dnssec yes;"
      + debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
        called.
      + CVE-2017-3136
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]
    - SECURITY UPDATE: Denial of Service due to resolver terminating when
      processing a response packet containing a CNAME or DNAME
      + debian/patches/CVE-2017-3137.patch: don't expect a specific
        ordering of answer components; add testcases.
      + CVE-2017-3137
      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3 with 3 patch files]
    - SECURITY UPDATE: Denial of Service when receiving a null command on
      ...

Read more...

Changed in bind9 (Ubuntu):
status: In Progress → Fix Released
Changed in bind9 (Debian):
status: New → Fix Released
Jay Eno (rhyas) wrote :

I'm new to this process, but is there a way to get a package for 16.04 with this json fix? If so, how?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.