zone "example.tld" IN {
type master;
file "/etc/bind/example.tld.db";
};
- /etc/bind/example.tlb.db: create:
$TTL 5m
@ IN SOA ns.example.tld. email.example.tld. 90 4h 15m 8h 4m
@ IN NS ns.example.tld.
ns IN A 1.1.1.1
test IN A 1.2.3.4
$ sudo systemctl restart named.service
$ systemctl status named.service | grep Active:
Active: active (running) since ...
$ journalctl -u named.service | grep -e example.tld -e 'all zones loaded'
... named[3668]: zone example.tld/IN: loaded serial 90
... named[3668]: all zones loaded
2) Test the basics and AXFR:
Basics:
$ dig +noall +authority @127.0.0.1 -p 12753 example.tld
example.tld. 240 IN SOA ns.example.tld. email.example.tld. 90 14400 900 28800 240
$ dig +noall +answer @127.0.0.1 -p 12753 ns.example.tld
ns.example.tld. 300 IN A 1.1.1.1
$ dig +noall +answer @127.0.0.1 -p 12753 test.example.tld
test.example.tld. 300 IN A 1.2.3.4
AXFR:
$ dig +noall +answer @127.0.0.1 -p 12753 example.tld axfr
example.tld. 300 IN SOA ns.example.tld. email.example.tld. 90 14400 900 28800 240
example.tld. 300 IN NS ns.example.tld.
ns.example.tld. 300 IN A 1.1.1.1
test.example.tld. 300 IN A 1.2.3.4
example.tld. 300 IN SOA ns.example.tld. email.example.tld. 90 14400 900 28800 240
3) Test AXFR with dnspython:
Check same answers with python:
$ sudo apt install python3-dnspython
$ python3 -q
import dns.query
import dns.zone
axfr = dns.zone.from_xfr(dns.query.xfr(where='127.0.0.1', port=12753, zone='example.tld', rdtype=dns.rdatatype.AXFR))
for node in axfr.nodes.keys():
print(axfr.nodes[node].to_text(node))
@ 300 IN SOA ns email 90 14400 900 28800 240
@ 300 IN NS ns
ns 300 IN A 1.1.1.1
test 300 IN A 1.2.3.4
Now set dns.query.xfr(lifetime=None, timeout=not None) to hit the bug:
axfr = dns.zone.from_xfr(dns.query.xfr(where='127.0.0.1', port=12753, zone='example.tld', rdtype=dns.rdatatype.AXFR, lifetime=None, timeout=30))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3/dist-packages/dns/zone.py", line 1106, in from_xfr
for r in xfr:
File "/usr/lib/python3/dist-packages/dns/query.py", line 611, in xfr
if mexpiration is None or mexpiration > expiration:
TypeError: '>' not supported between instances of 'float' and 'NoneType'
As reported:
Aug 25 12:56:43 seal08 designate-mdns[116065]: ERROR designate.dnsutils TypeError: '>' not supported between instances of 'float' and 'NoneType'
4) With the patch applied, the issue doesn't happen.
Test Steps for dnspython only (no OpenStack Designate required)
----------
1) Setup bind9 for 'example.tld':
$ sudo apt install bind9
- /etc/bind/ named.conf. options: add in 'options':
listen-on port 12753 { 127.0.0.1/32; };
allow-query { any; };
allow-transfer { any; };
- /etc/bind/ named.conf. local: add:
zone "example.tld" IN { example. tld.db" ;
type master;
file "/etc/bind/
};
- /etc/bind/ example. tlb.db: create:
$TTL 5m
@ IN SOA ns.example.tld. email.example.tld. 90 4h 15m 8h 4m
@ IN NS ns.example.tld.
ns IN A 1.1.1.1
test IN A 1.2.3.4
$ sudo systemctl restart named.service
$ systemctl status named.service | grep Active:
Active: active (running) since ...
$ journalctl -u named.service | grep -e example.tld -e 'all zones loaded'
... named[3668]: zone example.tld/IN: loaded serial 90
... named[3668]: all zones loaded
2) Test the basics and AXFR:
Basics:
$ dig +noall +authority @127.0.0.1 -p 12753 example.tld
example.tld. 240 IN SOA ns.example.tld. email.example.tld. 90 14400 900 28800 240
$ dig +noall +answer @127.0.0.1 -p 12753 ns.example.tld
ns.example.tld. 300 IN A 1.1.1.1
$ dig +noall +answer @127.0.0.1 -p 12753 test.example.tld
test.example.tld. 300 IN A 1.2.3.4
AXFR:
$ dig +noall +answer @127.0.0.1 -p 12753 example.tld axfr
example.tld. 300 IN SOA ns.example.tld. email.example.tld. 90 14400 900 28800 240
example.tld. 300 IN NS ns.example.tld.
ns.example.tld. 300 IN A 1.1.1.1
test.example.tld. 300 IN A 1.2.3.4
example.tld. 300 IN SOA ns.example.tld. email.example.tld. 90 14400 900 28800 240
3) Test AXFR with dnspython:
Check same answers with python:
$ sudo apt install python3-dnspython
$ python3 -q
import dns.query
import dns.zone
axfr = dns.zone. from_xfr( dns.query. xfr(where= '127.0. 0.1', port=12753, zone='example.tld', rdtype= dns.rdatatype. AXFR)) axfr.nodes[ node].to_ text(node) )
for node in axfr.nodes.keys():
print(
@ 300 IN SOA ns email 90 14400 900 28800 240
@ 300 IN NS ns
ns 300 IN A 1.1.1.1
test 300 IN A 1.2.3.4
Now set dns.query. xfr(lifetime= None, timeout=not None) to hit the bug:
axfr = dns.zone. from_xfr( dns.query. xfr(where= '127.0. 0.1', port=12753, zone='example.tld', rdtype= dns.rdatatype. AXFR, lifetime=None, timeout=30)) python3/ dist-packages/ dns/zone. py", line 1106, in from_xfr python3/ dist-packages/ dns/query. py", line 611, in xfr
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/
for r in xfr:
File "/usr/lib/
if mexpiration is None or mexpiration > expiration:
TypeError: '>' not supported between instances of 'float' and 'NoneType'
As reported:
Aug 25 12:56:43 seal08 designate- mdns[116065] : ERROR designate.dnsutils TypeError: '>' not supported between instances of 'float' and 'NoneType'
4) With the patch applied, the issue doesn't happen.