Bug #69696 for Net-DNS-ZoneParse: fix for parsing NSEC3 and NSEC3PARAM records

Fri Jul 22 12:43:11 2011 anthony [...] anthony.org - Ticket created

Subject:	fix for parsing NSEC3 and NSEC3PARAM records
Date:	Fri, 22 Jul 2011 17:43:02 +0100
To:	bug-Net-DNS-ZoneParse [...] rt.cpan.org
From:	Anthony Kirby <anthony [...] anthony.org>

Hi Benjamin, thank you for Net::DNS::ZoneParse - I'm finding it very useful! I think I've fixed a problem with parsing NSEC3 and NSEC3PARAM records; the pattern used to match TTLs also inadvertently matches "NSEC3" and "NSEC3PARAM". It can be easily fixed by anchoring the regex that looks for the TTL. ZoneParse::Parser::_dns_parse_line use regex "$_dns_ttlre" to match the TTL, with BIND's W/d/h/m/s extensions if($type =~ $_dns_ttlre) { $prep{ttl} = $1; next; } but this matches _anything_ with a number in it :-( Suggested patch is ZoneParse/Parser/Native.pm 39c39 < my $_dns_ttlre = qr/(\d+[\dwdhms]*)/; --- Show quoted text

> my $_dns_ttlre = qr/^(\d+[\dwdhms]*)$/;

context: Net-DNS-ZoneParse-0.102 Perl v5.10.1 (*) built for x86_64-linux-gnu-thread-multi Linux 2.6.32-32-generic #62-Ubuntu SMP Wed Apr 20 21:52:38 UTC 2011 x86_64 GNU/Linux I hope this is helpful... many thanks! Anthony

Fri Jul 22 15:02:09 2011 benjamin [...] micronet24.de - Correspondence added

Subject:	Re: [rt.cpan.org #69696] fix for parsing NSEC3 and NSEC3PARAM records
Date:	Fri, 22 Jul 2011 21:01:57 +0200
To:	Anthony Kirby via RT <bug-Net-DNS-ZoneParse [...] rt.cpan.org>
From:	Benjamin Tietz <benjamin [...] micronet24.de>

Hello Anthony, Thank you for the pointer. Could you please submit a test or a DNS-Entry which triggered the error? regards Benjamin

Fri Jul 22 15:02:10 2011 The RT System itself - Status changed from 'new' to 'open'

Thu Jul 28 13:01:25 2011 anthony [...] anthony.org - Correspondence added

Subject:	Re: [rt.cpan.org #69696] fix for parsing NSEC3 and NSEC3PARAM records
Date:	Thu, 28 Jul 2011 18:01:15 +0100
To:	bug-Net-DNS-ZoneParse [...] rt.cpan.org
From:	Anthony Kirby <anthony [...] anthony.org>

On 22 July 2011 20:02, Benjamin Tietz via RT <bug-Net-DNS-ZoneParse@rt.cpan.org> wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=69696 > > > Could you please submit a test or a DNS-Entry which triggered the error?

Hi Benjamin sorry for the delay, I've been away. Here's a test (attached): It relies on Net::DNS::SEC, but I've copied your example of how to make it skip the test if necessary - I've learned a bit about Perl tests, which is good. You might want to remove my comments about the other parsers, but I wanted to explain why I'd cut those bits. Anthony p.s. I'll follow up the NSEC3PARAM problem with Net::DNS::ZoneFile::Fast when I get time.

Message body is not shown because sender requested not to inline it.

Sun Jul 31 11:12:10 2011 benjamin [...] micronet24.de - Correspondence added

Subject:	Re: [rt.cpan.org #69696] fix for parsing NSEC3 and NSEC3PARAM records
Date:	Sun, 31 Jul 2011 17:11:59 +0200
To:	Anthony Kirby via RT <bug-Net-DNS-ZoneParse [...] rt.cpan.org>
From:	Benjamin Tietz <benjamin [...] micronet24.de>

Hi Anthony, thank you very much for the test. Is there a specific reason for commenting out the entry for nsec3param? As this is a parser-issue, I'll think, the corresponding fixes might be done within the parsing modules, not in the Wrappers for N::D::Z. So, if you don't have any issues left, I'ld merge your fixes and release them in 0.103. best regards Benjamin

Mon Aug 01 05:05:13 2011 anthony [...] anthony.org - Correspondence added

Subject:	Re: [rt.cpan.org #69696] fix for parsing NSEC3 and NSEC3PARAM records
Date:	Mon, 1 Aug 2011 10:05:03 +0100
To:	bug-Net-DNS-ZoneParse [...] rt.cpan.org
From:	Anthony Kirby <anthony [...] anthony.org>

Hi Benjamin, it's actually an RRSIG that's commented out, it's a signature over an NSEC3PARAM record. (Each RRSIG is a signature of another record in the zone; I guess the reason for including the "type covered" field is to make it possible to distinguish between RRSIGs for multiple records which have the same name) My reason for commenting out that test was to document that it's not testing this specific change, that's all. It should work OK! many thanks Anthony On 31 July 2011 16:12, Benjamin Tietz via RT <bug-Net-DNS-ZoneParse@rt.cpan.org> wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=69696 > > > Hi Anthony, > > thank you very much for the test. Is there a specific reason for > commenting out the entry for nsec3param? > > As this is a parser-issue, I'll think, the corresponding fixes might be > done within the parsing modules, not in the Wrappers for N::D::Z. > So, if you don't have any issues left, I'ld merge your fixes and release > them in 0.103. > > best regards > Benjamin > >

Mon Aug 01 16:14:56 2011 benjamin [...] micronet24.de - Correspondence added

Subject:	Re: [rt.cpan.org #69696] fix for parsing NSEC3 and NSEC3PARAM records
Date:	Mon, 1 Aug 2011 22:14:43 +0200
To:	Anthony Kirby via RT <bug-Net-DNS-ZoneParse [...] rt.cpan.org>
From:	Benjamin Tietz <benjamin [...] micronet24.de>

On Mon, Aug 01, 2011 at 05:05:14AM -0400, Anthony Kirby via RT wrote: Show quoted text

> Queue: Net-DNS-ZoneParse > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=69696 > > > Hi Benjamin, > it's actually an RRSIG that's commented out, it's a signature over an > NSEC3PARAM record. (Each RRSIG is a signature of another record in > the zone; I guess the reason for including the "type covered" field is > to make it possible to distinguish between RRSIGs for multiple records > which have the same name)

Indeed, you're right. It even does work to, but warns of a premature end of bas64 encoded data. Show quoted text

> > My reason for commenting out that test was to document that it's not > testing this specific change, that's all. It should work OK! > > many thanks > Anthony >

So I released a new version. Again, many thanks Benjamin

Mon Aug 01 16:28:33 2011 BTIETZ [...] cpan.org - Status changed from 'open' to 'resolved'