dig compiled without -DDIG_SIGCHASE!

Bug #257682 reported by Ted Lemon on 2008-08-13
26
This bug affects 4 people
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Undecided
LaMont Jones
Hardy
Undecided
Unassigned
Intrepid
Undecided
Unassigned

Bug Description

Binary package hint: dnsutils

I'm trying to validate my DNSSEC zone signatures using dig. To do this I need to use the +sigchase flag to dig. When I do so, this is what I see:

toccata% dig +sigchase +dnssec DS fugue.se.
Invalid option: +sigchase
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
            {global-d-opt} host [@local-server] {local-d-opt}
            [ host [@local-server] {local-d-opt} [...]]

Use "dig -h" (or "dig -h | more") for complete list of options
toccata%

I think what's going on here is that dig has not been compiled with the -DDIG_SIGCHASE option.

Given all the excitement recently with Dan Kaminsky's DNS bug, I think the ability to check DNSSEC signatures is now a requirement, not something that should be optional. Dig is a debugging tool for DNS administrators, and in order for us to debug our DNSSEC installations, we need dig to be able to verify signatures.

toccata% lsb_release -rd
Description: Ubuntu 8.04.1
Release: 8.04
toccata% apt-cache policy dnsutils
dnsutils:
  Installed: 1:9.4.2-10ubuntu0.1
  Candidate: 1:9.4.2-10ubuntu0.1
  Version table:
 *** 1:9.4.2-10ubuntu0.1 0
        500 http://us.archive.ubuntu.com hardy-updates/main Packages
        500 http://security.ubuntu.com hardy-security/main Packages
        100 /var/lib/dpkg/status
     1:9.4.2-10 0
        500 http://us.archive.ubuntu.com hardy/main Packages
toccata%

LaMont Jones (lamont) on 2008-08-28
Changed in bind9:
assignee: nobody → lamont
status: New → Fix Committed
Martin Pitt (pitti) wrote :

I assume this is fixed in Intrepid's 1:9.5.0.dfsg.P2-1ubuntu2, since it was fixed upstream in 1:9.4.2.dfsg.P2.

Changed in bind9:
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

bug 279316 has more information about the Hardy SRU.

Changed in bind9:
status: New → Fix Committed
Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Martin Pitt (pitti) wrote :

This needs to be tested thoroughly, the diff is not exactly small.

Jamie Strandboge (jdstrand) wrote :

Today I noticed that libdns35 ended up in universe:

Get:1 http://archive.ubuntu.com hardy-proposed/main libisc35 1:9.4.2.dfsg.P2-2 [139kB]
Get:2 http://archive.ubuntu.com hardy-proposed/main bind9 1:9.4.2.dfsg.P2-2 [283kB]
Get:3 http://archive.ubuntu.com hardy-proposed/main libisccc30 1:9.4.2.dfsg.P2-2 [24.9kB]
Get:4 http://archive.ubuntu.com hardy-proposed/main libisccfg30 1:9.4.2.dfsg.P2-2 [44.9kB]
Get:5 http://archive.ubuntu.com hardy-proposed/main liblwres30 1:9.4.2.dfsg.P2-2 [43.0kB]
Get:6 http://archive.ubuntu.com hardy-proposed/universe libdns35 1:9.4.2.dfsg.P2-2 [550kB]
Get:7 http://archive.ubuntu.com hardy-proposed/main libbind9-30 1:9.4.2.dfsg.P2-2 [27.4kB]
Get:8 http://archive.ubuntu.com hardy-proposed/main bind9-host 1:9.4.2.dfsg.P2-2 [60.2kB]
Get:9 http://archive.ubuntu.com hardy-proposed/main dnsutils 1:9.4.2.dfsg.P2-2 [144kB]
Get:10 http://archive.ubuntu.com hardy-proposed/main bind9-doc 1:9.4.2.dfsg.P2-2 [240kB]

While this is ok (I guess) for testing hardy-proposed, this will need to be adjusted when going to hardy-updates.

Martin Pitt (pitti) wrote :

Ah, sorry. I moved libisc35, but missed libdns35. Fixed now.

Jamie Strandboge (jdstrand) wrote :

I've been running 1:9.4.2.dfsg.P2-2 for several days on low volume servers and everything works fine. sigchase also now works.

Martin Pitt (pitti) wrote :

Copied to hardy-updates.

Changed in bind9:
status: Fix Committed → Fix Released
Anderson (amg1127) wrote :

This bug needs to be fixed in Intrepid, also!

# dig +sigchase
Invalid option: +sigchase
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
            {global-d-opt} host [@local-server] {local-d-opt}
            [ host [@local-server] {local-d-opt} [...]]

Use "dig -h" (or "dig -h | more") for complete list of options

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.10
Release: 8.10
Codename: intrepid

# apt-cache policy dnsutils
dnsutils:
  Instalado: 1:9.5.0.dfsg.P2-1ubuntu3.1
  Candidato: 1:9.5.0.dfsg.P2-1ubuntu3.1
  Tabela de versão:
 *** 1:9.5.0.dfsg.P2-1ubuntu3.1 0
        500 http://debs.cefetrs.tche.br intrepid-security/main Packages
        500 http://debs.cefetrs.tche.br intrepid-updates/main Packages
        500 http://security.ubuntu.com intrepid-updates/main Packages
        500 http://security.ubuntu.com intrepid-security/main Packages
        500 http://archive.ubuntu.com intrepid-security/main Packages
        500 http://archive.ubuntu.com intrepid-updates/main Packages
        100 /var/lib/dpkg/status
     1:9.5.0.dfsg.P2-1ubuntu2 0
        500 http://debs.cefetrs.tche.br intrepid/main Packages
        500 http://security.ubuntu.com intrepid/main Packages
        500 http://archive.ubuntu.com intrepid/main Packages

Anderson (amg1127) wrote :

This bug is still present in Intrepid (but not in Hardy, nor in Jaunty).

Changed in bind9:
status: Fix Released → New
Anderson (amg1127) wrote :

Wrong selection. Sorry...

Changed in bind9:
status: New → Fix Released
Chuck Short (zulcss) wrote :

Closing this SRU request based on the fact Intrepid has reached EOL.

Changed in bind9 (Ubuntu Intrepid):
status: New → Won't Fix
Mike van Stijn (shadow07) wrote :

This bug seems to be back in Ubuntu 16.04

# dig +sigchase
Invalid option: +sigchase
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
            {global-d-opt} host [@local-server] {local-d-opt}
            [ host [@local-server] {local-d-opt} [...]]

Use "dig -h" (or "dig -h | more") for complete list of options

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial

# apt-cache policy dnsutils
dnsutils:
  Installiert: 1:9.10.3.dfsg.P4-8ubuntu1.4
  Installationskandidat: 1:9.10.3.dfsg.P4-8ubuntu1.4
  Versionstabelle:
 *** 1:9.10.3.dfsg.P4-8ubuntu1.4 500
        500 http://de.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1:9.10.3.dfsg.P4-8 500
        500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers