2019-04-21 11:29:46 |
Teemu Torma |
bug |
|
|
added bug |
2019-04-22 19:52:18 |
Andreas Hasenack |
bind9 (Ubuntu): status |
New |
Triaged |
|
2019-04-22 19:52:21 |
Andreas Hasenack |
bind9 (Ubuntu): importance |
Undecided |
Medium |
|
2019-04-22 19:53:37 |
Andreas Hasenack |
nominated for series |
|
Ubuntu Disco |
|
2019-04-22 19:53:37 |
Andreas Hasenack |
bug task added |
|
bind9 (Ubuntu Disco) |
|
2019-04-22 19:53:46 |
Andreas Hasenack |
bind9 (Ubuntu Disco): status |
New |
Triaged |
|
2019-04-22 19:53:49 |
Andreas Hasenack |
bind9 (Ubuntu Disco): importance |
Undecided |
Medium |
|
2019-04-23 17:52:48 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~ahasenack/ubuntu/+source/bind9/+git/bind9/+merge/366410 |
|
2019-04-23 17:55:15 |
Andreas Hasenack |
bind9 (Ubuntu): status |
Triaged |
In Progress |
|
2019-04-23 17:55:21 |
Andreas Hasenack |
bind9 (Ubuntu): assignee |
|
Andreas Hasenack (ahasenack) |
|
2019-04-23 17:55:27 |
Andreas Hasenack |
bind9 (Ubuntu Disco): assignee |
|
Andreas Hasenack (ahasenack) |
|
2019-04-23 17:55:30 |
Andreas Hasenack |
bind9 (Ubuntu Disco): status |
Triaged |
In Progress |
|
2019-04-23 18:18:57 |
Andreas Hasenack |
description |
In Ubuntu Disco Dingo, bind9_9.11.5.P1+dfsg-1ubuntu2 is built --with-eddsa=no, thus breaking DNSSEC zones using Ed25519 keys. This used to work fine in Cosmic Cattlefish. |
[Impact]
Bind9, either when acting as a resolver, or a master for a zone, does not have support for EdDSA algorithms like ED25519 or ED448. This is a regression from the package in Cosmic: this support was disabled by mistake in Disco.
[Test Case]
* Install the packages that will be tested:
sudo apt install dnsutils bind9utils bind9
* Offline test. Without EDDSA support, this command will fail:
$ dnssec-keygen -a ED25519 example.com
dnssec-keygen: fatal: unsupported algorithm: 15
* With EDDSA support, the command will succeed:
$ dnssec-keygen -a ED25519 example.com
Generating key pair.
Kexample.com.+015+02524
* Online test. Without EDDSA support, the command below will return "unsigned answer" and "no valid signature found":
$ delv +dnssec +multiline @127.0.0.1 ed25519.nl
;; validating ed25519.nl/A: no valid signature found
; unsigned answer
ed25519.nl. 3589 IN A 77.72.150.82
ed25519.nl. 3200171710 IN RRSIG A 15 2 3600 (
20190502000000 20190411000000 27662 ed25519.nl.
f7HjJcbvekrmuLtXDzjddWJZzZAAFO6fV+NoMCg+UiIl
nQjUxNcCvDWuR38XAJuHrctvQOlAg1JmIGwYyKM2DQ== )
* With EDDSA support, it will return "fully validated":
$ delv +dnssec +multiline @127.0.0.1 ed25519.nl
; fully validated
ed25519.nl. 3600 IN A 77.72.150.82
ed25519.nl. 3600 IN RRSIG A 15 2 3600 (
20190502000000 20190411000000 27662 ed25519.nl.
f7HjJcbvekrmuLtXDzjddWJZzZAAFO6fV+NoMCg+UiIl
nQjUxNcCvDWuR38XAJuHrctvQOlAg1JmIGwYyKM2DQ== )
[Regression Potential]
This change is fixing a regression already. It's adding support for a crypto algorithm used with DNSSEC which was enabled before.
[Other Info]
EdDSA requires openssl 1.1.1, so this change will also update the dependency chain to require libssl1.1 >= 1.1.1, as opposed to just 1.1.0 as is the case in Disco at the moment (this happens automatically during build). This is also true for the udebs that are built from this package.
[Original Description]
In Ubuntu Disco Dingo, bind9_9.11.5.P1+dfsg-1ubuntu2 is built --with-eddsa=no, thus breaking DNSSEC zones using Ed25519 keys. This used to work fine in Cosmic Cattlefish. |
|
2019-04-23 18:26:29 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~ahasenack/ubuntu/+source/bind9/+git/bind9/+merge/366414 |
|
2019-04-29 16:49:31 |
Launchpad Janitor |
bind9 (Ubuntu): status |
In Progress |
Fix Released |
|
2019-05-03 00:39:29 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~ahasenack/ubuntu/+source/bind9/+git/bind9/+merge/366871 |
|
2019-05-03 12:16:21 |
Andreas Hasenack |
merge proposal unlinked |
https://code.launchpad.net/~ahasenack/ubuntu/+source/bind9/+git/bind9/+merge/366871 |
|
|
2019-05-08 20:10:41 |
Brian Murray |
bind9 (Ubuntu Disco): status |
In Progress |
Fix Committed |
|
2019-05-08 20:10:44 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2019-05-08 20:10:46 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2019-05-08 20:10:51 |
Brian Murray |
tags |
|
verification-needed verification-needed-disco |
|
2019-05-09 07:53:24 |
Teemu Torma |
tags |
verification-needed verification-needed-disco |
verification-done-disco verification-needed |
|
2019-05-16 08:51:29 |
Launchpad Janitor |
bind9 (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
2019-05-16 08:51:36 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2020-02-27 15:48:07 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Bionic |
|
2020-02-27 15:48:07 |
Christian Ehrhardt |
bug task added |
|
bind9 (Ubuntu Bionic) |
|
2020-02-27 15:48:18 |
Christian Ehrhardt |
bind9 (Ubuntu Bionic): assignee |
|
Andreas Hasenack (ahasenack) |
|
2020-02-28 07:33:38 |
Christian Ehrhardt |
bug |
|
|
added subscriber Ubuntu Server |
2020-02-28 07:33:42 |
Christian Ehrhardt |
tags |
verification-done-disco verification-needed |
server-next verification-done-disco verification-needed |
|
2020-03-04 17:45:23 |
Andreas Hasenack |
bind9 (Ubuntu Bionic): status |
New |
Triaged |
|
2020-03-04 17:45:26 |
Andreas Hasenack |
bind9 (Ubuntu Bionic): importance |
Undecided |
Wishlist |
|
2020-09-04 01:08:49 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~sergiodj/ubuntu/+source/bind9/+git/bind9/+merge/390274 |
|
2021-06-16 08:33:59 |
Christian Ehrhardt |
tags |
server-next verification-done-disco verification-needed |
verification-done-disco verification-needed |
|
2023-05-16 12:14:23 |
Andreas Hasenack |
bind9 (Ubuntu Bionic): assignee |
Andreas Hasenack (ahasenack) |
|
|
2023-11-13 14:32:31 |
Athos Ribeiro |
bind9 (Ubuntu Bionic): status |
Triaged |
Won't Fix |
|