search

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist
https://www.powerdns.com/
GNU General Public License v2.0
3.69k stars 906 forks source link

pdnsutil check-zone misses parse errors in data fields for example DKIM #6070

Open dkoster opened 6 years ago

dkoster commented 6 years ago

Short description

When requesting zone through API (/api/v1/servers/{server_id}/zones/{zone_id}, it returns "Internal Server Error". Looking closer the issue is with the zone, missing " for DKIM/DMARC/SPF records. However "pdnsutil check-zone" reports 0 issues, "pdnsutil edit-zone" and the /var/log/messages due report this issue.

Environment

Steps to reproduce

  1. $ curl -v -X GET -H 'X-API-Key: changeme' http://127.0.0.1:8081/api/v1/servers/localhost/zones/phlex.net. (zone with issues) This returns internal server error

  2. /var/log/messages returns: Dec 8 08:49:21 dnstest pdns[26910]: HTTP ISE for "/api/v1/servers/localhost/zones/phlex.net.": STL Exception: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzg4O8vRmsN+ccqqh3tRLT7D4TP7LpD460pEaGilenBv5T+6C8SUhRSl9Am75VtBoabkfFqDOuN6j4QUO/heMFP0zAXrl7Ie4PAVnQEtxEcuCEGqAdcuqHYoBTFIoozqiBtL1BgVxvuuQ/BGUuN3Ku9ZFwxC4nGi0LHvCe0yofIi3Te0lgK7y+Nz59l/DfVZpA6R+HqJmiIjcbPrt4eAt1Xz3tHT4g1KqyVAnqeACKapcZNBPVgoLpBxcx1kDXccXCt9IduhGL70eVOnRYOSGTxqx62Yy4JZzW2olmgE/BgA1xufyMoNiiU8EyJTIiXrjYX34chhgIVvJWDyGYWPQlwIDAQAB'

  3. pdnsutils check-zone returns: $ pdnsutil check-zone phlex.net Dec 08 08:49:59 Reading random entropy from '/dev/urandom' Dec 08 08:49:59 gmysql Connection successful. Connected to database 'pdns' on '127.0.0.1'. Dec 08 08:49:59 gmysql Connection successful. Connected to database 'pdns' on '127.0.0.1'. Checked 37 records of 'phlex.net', 0 errors, 0 warnings.

  4. pdnsutils edit-zone returns: $ pdnsutil edit-zone phlex.net Dec 08 08:51:17 Reading random entropy from '/dev/urandom' Dec 08 08:51:17 gmysql Connection successful. Connected to database 'pdns' on '127.0.0.1'. Dec 08 08:51:17 gmysql Connection successful. Connected to database 'pdns' on '127.0.0.1'. Error: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzg4O8vRmsN+ccqqh3tRLT7D4TP7LpD460pEaGilenBv5T+6C8SUhRSl9Am75VtBoabkfFqDOuN6j4QUO/heMFP0zAXrl7Ie4PAVnQEtxEcuCEGqAdcuqHYoBTFIoozqiBtL1BgVxvuuQ/BGUuN3Ku9ZFwxC4nGi0LHvCe0yofIi3Te0lgK7y+Nz59l/DfVZpA6R+HqJmiIjcbPrt4eAt1Xz3tHT4g1KqyVAnqeACKapcZNBPVgoLpBxcx1kDXccXCt9IduhGL70eVOnRYOSGTxqx62Yy4JZzW2olmgE/BgA1xufyMoNiiU8EyJTIiXrjYX34chhgIVvJWDyGYWPQlwIDAQAB'

The core reason is clear, but I would expect the check-zone to return the issue.

rodehoed commented 6 years ago

Same issue. Count me in when testing is needed :+1:

dkoster commented 6 years ago

The "broken" records generate more error 500 on api calls. For example also on the search call: GET on /api/v1/servers/localhost/search-data?q=*denniskoster*

This generates an Internal server error, which reverts to:

Jun  1 09:52:45 dnstest pdns_server: HTTP: Handling request "/api/v1/servers/localhost/search-data"
Jun  1 09:52:46 dnstest pdns_server: HTTP ISE for "/api/v1/servers/localhost/search-data": STL Exception: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'v=DMARC1; p=none; rua=mailto:dennis@phlex.net; ruf=mailto:dennis@phlex.net'
Jun  1 09:52:46 dnstest pdns_server: HTTP: Error result for "/api/v1/servers/localhost/search-data": 500

The reason is clear, but the check-zone misses this issue:

# pdnsutil check-zone denniskoster.nl
Checked 28 records of 'denniskoster.nl', 0 errors, 0 warnings.
sporkman commented 4 years ago

Still seeing this on current versions:

[root@mail /usr/local/etc]# pkg info powerdns
powerdns-4.3.0_2
Name           : powerdns
Version        : 4.3.0_2
Installed on   : Sat Aug 29 00:57:51 2020 EDT
Origin         : dns/powerdns
Architecture   : FreeBSD:12:i386

When hitting the problematic zone via API:

Aug 29 23:45:16 mail pdns[4124]: [webserver] b7856cc2-94ff-4211-98ee-d9746b26db1e HTTP ISE for "/api/v1/servers/localhost/zones/morefoo.com": STL Exception: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'v=DMARC1; p=quarantine; rua=mailto:tshnc26f@ag.dmarcian.com;'

And when trying edit-zone:

[root@mail /usr/local/etc]# pdnsutil edit-zone example.com
Error: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'v=DMARC1; p=quarantine; rua=mailto:tshnc26f@ag.dmarcian.com;'
[root@mail /usr/local/etc]#

And check-zone claiming there is not an issue:

[root@mail /usr/local/etc]# pdnsutil check-zone morefoo.com
Checked 26 records of 'morefoo.com', 0 errors, 0 warnings.
[root@mail /usr/local/etc]#
pantherra commented 3 years ago

pdnsutil edit-zone xxx.xx Oct 14 10:31:54 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed Error: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'google-site-verification

Package: pdns-server Version: 4.4.1-1 Priority: optional OS: Debian 11.1

I have installed PowerDNS with SQL backend, then imported zone file via zone2sql with no issues.