Make sure we treat SPF and TXT the same way

[ralight]

Master server attempting to send updates to a slave, the slave crashes. Both instances are Ubuntu 14.04 Trusty Tahr using the sqlite3 backend. Installed version is 3.3-2ubuntu0.1.

The transfer from the master fails due to an incorrect SPF record - 'v=spf1...' instead of '"v=spf1..."'. Fixing this removed the crash.

Sorry, I've not verified this on a more recent version. I'm willing to break it again to do more debugging if necessary.

Aug 18 12:56:28 ks pdns[26815]: PowerDNS Authoritative Server 3.3 (jenkins@autotest.powerdns.com) (C) 2001-2013 PowerDNS.COM BV
Aug 18 12:56:28 ks pdns[26815]: Using 64-bits mode. Built on 20150430173516 by root@comet.buildd, gcc 4.8.2.
Aug 18 12:56:28 ks pdns[26815]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Aug 18 12:56:28 ks pdns[26815]: Master/slave communicator launching
Aug 18 12:56:28 ks pdns[26815]: Creating backend connection for TCP
Aug 18 12:56:28 ks pdns[26815]: About to create 3 backend threads for UDP
Aug 18 12:56:28 ks pdns[26815]: 2 slave domains need checking, 0 queued for AXFR
Aug 18 12:56:28 ks pdns[26815]: Received serial number updates for 2 zones, had 0 timeouts
Aug 18 12:56:28 ks pdns[26815]: Domain 'example.com' is stale, master serial 2015081807, our serial 2015081400
Aug 18 12:56:28 ks pdns[26815]: Domain 'example.org' is stale, master serial 2015081800, our serial 2015060500
Aug 18 12:56:28 ks pdns[26815]: Initiating transfer of 'example.com' from remote '127.0.0.2'
Aug 18 12:56:28 ks pdns[26815]: Initiating transfer of 'example.org' from remote '127.0.0.2'
Aug 18 12:56:28 ks pdns[26815]: AXFR started for 'example.com'
Aug 18 12:56:28 ks pdns[26815]: AXFR started for 'example.org'
Aug 18 12:56:28 ks pdns[26815]: Unable to AXFR zone 'example.com' from remote '10.0.0.5' (resolver): Remote nameserver closed TCP connection
Aug 18 12:56:28 ks pdns[26815]: Aborting possible open transaction for domain 'example.com' AXFR
Aug 18 12:56:28 ks pdns[26815]: Unable to AXFR zone 'example.org' from remote '10.0.0.5' (resolver): Remote nameserver closed TCP connection
Aug 18 12:56:28 ks pdns[26815]: Aborting possible open transaction for domain 'example.org' AXFR
Aug 18 12:56:28 ks pdns[26815]: Got a signal 6, attempting to print trace:
Aug 18 12:56:28 ks pdns[26815]: Got a signal 6, attempting to print trace:
Aug 18 12:56:28 ks pdns[26815]: /usr/sbin/pdns_server-instance() [0x4f9570]
Aug 18 12:56:28 ks pdns[26815]: /lib/x86_64-linux-gnu/libc.so.6(+0x36d40) [0x733a38cc7d40]
Aug 18 12:56:28 ks pdns[26815]: /lib/x86_64-linux-gnu/libc.so.6(gsignal+0x39) [0x733a38cc7cc9]
Aug 18 12:56:28 ks pdns[26815]: /lib/x86_64-linux-gnu/libc.so.6(abort+0x148) [0x733a38ccb0d8]
Aug 18 12:56:28 ks pdns[26815]: /usr/lib/x86_64-linux-gnu/libstdc++.so.6(_ZN9__gnu_cxx27__verbose_terminate_handlerEv+0xe5) [0x733a394ea4c5]
Aug 18 12:56:28 ks pdns[26815]: /usr/lib/x86_64-linux-gnu/libstdc++.so.6(+0x5e6d6) [0x733a394e86d6]
Aug 18 12:56:28 ks pdns[26815]: /usr/lib/x86_64-linux-gnu/libstdc++.so.6(+0x5e703) [0x733a394e8703]
Aug 18 12:56:28 ks pdns[26815]: /usr/lib/x86_64-linux-gnu/libstdc++.so.6(+0x5e922) [0x733a394e8922]
Aug 18 12:56:28 ks pdns[26815]: /usr/sbin/pdns_server-instance(_ZN11GSQLBackend16abortTransactionEv+0x122) [0x5597b2]
Aug 18 12:56:28 ks pdns[26815]: /usr/sbin/pdns_server-instance(_ZN17CommunicatorClass4suckERKSsS1_+0x985) [0x518b95]
Aug 18 12:56:28 ks pdns[26815]: /usr/sbin/pdns_server-instance(_ZN17CommunicatorClass19retrievalLoopThreadEv+0xff) [0x52bbff]
Aug 18 12:56:28 ks pdns[26815]: /usr/sbin/pdns_server-instance() [0x52bef9]
Aug 18 12:56:28 ks pdns[26815]: /lib/x86_64-linux-gnu/libpthread.so.0(+0x8182) [0x733a3905e182]
Aug 18 12:56:28 ks pdns[26815]: /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x733a38d8b47d]
Aug 18 12:56:29 ks pdns[26177]: Our pdns instance (26815) exited after signal 6
Aug 18 12:56:29 ks pdns[26177]: Dumped core

[Habbie]

Just a nit: the logs you included are not from 3.3-2ubuntu0.1 - they are from a powerdns.com 3.3 deb package.

[ralight]

Whilst I agree that's what it looks like, I've not installed anything of the powerdns.com provided debs. I presume you're looking at the log header

$ wget http://gb.archive.ubuntu.com/ubuntu/pool/universe/p/pdns/pdns-server_3.3-2ubuntu0.1_amd64.deb
$ ar vx pdns-server_3.3-2ubuntu0.1_amd64.deb
$ tar xf data.tar.xz
$ strings usr/sbin/pdns_server | grep jenkins
 (jenkins@autotest.powerdns.com) (C) 2001-2013 PowerDNS.COM BV
 3.3 (jenkins@autotest.powerdns.com built 20150430173516 root@comet.buildd)

The sha512sum of the binary I have installed matches the sum of the binary in that package.

[Habbie]

Ah. My bad! Indeed the second line of the log also confirms this is not a powerdns.com deb.

[Habbie]

I tried this, removing the quotes from a copy of dig txt hotmail.com, but pdns serves it happily and the slave thus is also happy (and the quotes get added during the slaving process). Can you tell me more about your 'failing' TXT content?

[ralight]

It's an SPF not a TXT, and is 164 characters long, not including the quotes. I've captured the backtrace in gdb:

#0  0x00006ffea78c8cc9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00006ffea78cc0d8 in __GI_abort () at abort.c:89
#2  0x00006ffea80eb535 in __gnu_cxx::__verbose_terminate_handler() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3  0x00006ffea80e96d6 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#4  0x00006ffea80e9703 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#5  0x00006ffea80e9922 in __cxa_throw () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#6  0x00000000005597b2 in GSQLBackend::abortTransaction (this=<optimised out>) at backends/gsql/gsqlbackend.cc:991
#7  0x0000000000518b95 in CommunicatorClass::suck (this=this@entry=0x879780 <Communicator>, domain=..., remote=...) at slavecommunicator.cc:374
#8  0x000000000052bbff in CommunicatorClass::retrievalLoopThread (this=0x879780 <Communicator>) at communicator.cc:50
#9  0x000000000052bef9 in CommunicatorClass::retrieveLaunchhelper (p=<optimised out>) at communicator.hh:175
#10 0x00006ffea7c5f182 in start_thread (arg=0x6ffe9ffe4700) at pthread_create.c:312
#11 0x00006ffea798c47d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Config on the slave:

allow-recursion=127.0.0.1
config-dir=/etc/powerdns
daemon=yes
disable-axfr=yes
guardian=yes
local-address=0.0.0.0
local-port=53
logging-facility=0
module-dir=/usr/lib/powerdns
setgid=pdns
setuid=pdns
socket-dir=/var/run
version-string=powerdns
include-dir=/etc/powerdns/pdns.d

slave=yes

launch=gsqlite3
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
gsqlite3-dnssec=off

I dare say I could share the sqlite3 databases from the master and slave if it would help.

[cmouse]

mhm. crash happens in abortTransaction due to

throw AhuException("Database failed to abort transaction: "+string(e.txtReason()));

[mind04]

I'm not sure but i think this was fixed in https://github.com/mind04/pdns/commit/376ec278f649e6d19120c1aab898b21ef104cf55 Please try version 3.3.3 or 3.4.x

[Habbie]

changed to SPF, can now reproduce at least partly!

[Habbie]

Crash accomplished.

[Habbie]

That was with the ubuntu version; crash also confirmed with our 3.3 deb

[Habbie]

3.3.2 does not crash even

[Habbie]

I am going to guess we have fixed this! Closing ticket. @ralight if you run into this on newer versions please shout at me :)

[cmouse]

[Habbie]

That's not it - that's commit is part of 3.2 even.

[Habbie]

It has been pointed out to me (by @henkjan) that SPF and TXT should always be treated exactly equally (as per https://tools.ietf.org/html/rfc4408#section-3.1.1). Reopening this as a task to check for any differences to rule out any related bugs.

[tomsommer]

Currently it appears SPF records are required to be encapsulated in quotes, while TXT does not:

(Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of

Documentation needs to be updated or code needs to be fixed.