Patch Name: PHNE_29634 Patch Description: s700_800 11.04 (VVOS) Bind 4.9.7 components Creation Date: 03/08/21 Post Date: 03/08/28 Hardware Platforms - OS Releases: s700: 11.04 s800: 11.04 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04,fa=HP-UX_B.11.04_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair enhancement general_release Path Name: /hp-ux_patches/s700_800/11.X/PHNE_29634 Symptoms: PHNE_29634: Ported HP-UX patch PHNE_28449 to VVOS Based on HP-UX patch PHNE_28449: 1. JAGad57510 / SR8606188302: The output of the "ls " command in nslookup 4.9.7 may not contain all the resource records. 2. JAGae33084 / SR8606268849: Problem with nslookup in BIND. 3. JAGae38578 / SR8606274501: Problem with nslookup in BIND. 4. JAGae54341 / SR8606290432: named does not cache the SIG record properly. 5. JAGae54339 / SR8606290430: named does not function properly. 6. JAGae63828 / SR8606300359: The installation of the patch bundle containing a BIND patch gets delayed on a name server. PHNE_22919: Ported HP-UX patch PHNE_23274 to VVOS Based on HP-UX patch PHNE_23274: 1. JAGac79099 / SR8606128299: "nslookup" cannot resolve hostnames properly when there is wild card entry in DNS data files and a search list having multiple entries in resolv.conf. 2. JAGad09228 / SR8606139905: DNS and symbolic link problem. 3. JAGad23810 / SR8606154493: "nslookup" sets timeout value to 5000 seconds when name server host is specified at the command line. 4. JAGab53671 / SR1653307470: "hosts_to_named" does not validate entries in /etc/hosts. 5. JAGad41828/8606172568: named loops with some record queries. 6. JAGad38231/8606168953: Disable version query feature on BIND 4.9.7. 7. JAGad48072/8606178847: Incorrect error messages generated by named for malformed DNS queries. 8. JAGad25757/8606156419: PHNE_20619 downgrades bind 8.1.2 to 4.9.7 PHNE_21090: Ported HP-UX patch PHNE_20619 to VVOS Based on HP-UX patch PHNE_20619: 1. JAGac40451: Address CERT Advisory CA-99-14. 2. JAGaa57264: named fails to resolve some of the names. 3. JAGaa94851: Incorrect message being displayed while installing patch PHNE_14618. 4. JAGaa27075: nslookup does not always work. 5. JAGab69094: BIND 4.9.7 and 8.1.2 resolver code not searching and stopping with FQDN. 6. JAGab84583: In NCPM environment, BIND 4.9.7 consumes more memory. 7. JAGab21142: Disable XSTATS on named. 8. JAGab25088: nslookup(1) default behaviour does not match switch(4) default behaviour. PHNE_18318: Ported HP-UX patch PHNE_14618 to VVOS Based on HP-UX patch PHNE_14618: 1. The pid log of named is different in PHNE_12957. 2. Performance problem with bind. Based on HP-UX patch PHNE_12957: 1. Upgrade to Bind 4.9.7 2. DNS has problem when directed to use a forwarder. 3. Bug in named 4.9.3 causes named to stop working after 3 or 4 days and has to be restarted. 4. Problem with named. Defect Description: PHNE_29634: Ported HP-UX patch PHNE_28449 to VVOS Based on HP-UX patch PHNE_28449: 1. JAGad57510 / SR 8606188302: Whenever the reply for "ls " command from some dns-bind 8.1.2 servers contains an invalid record, nslookup does not print the remaining valid records. Resolution: nslookup now skips only the invalid records recieved from the server and prints all the valid ones till it reaches the end of records. 2. JAGae33084 / SR8606268849: Under certain circumstances the DNS nslookup resolver incorrectly calculates the available buffer size. Resolution : The buffer size is now calculated properly. 3. JAGae38578 / SR8606274501: Under certain circumstances, large size packets received by nslookup were not handled properly. Resolution: nslookup now properly handles packets of all sizes. 4. JAGae54341 / SR8606290432: named does not cache the SIG record properly. Resolution : named has been modified to cache the SIG record properly. 5. JAGae54339 / SR8606290430: named does not handle SIG record properly. Resolution : named has been modified to handle SIG record properly. 6. JAGae63828 / SR8606300359: The BIND preinstallation script stops the name server while installing the patch, and the name server is restarted only in the postinstallation script. During this time duration, the resolver experiences a delay before it falls back to an alternative switch policy, when the BIND patch is bundled with other patches. Resolution: The problem has now been resolved by both stopping and restarting the name server in the postinstallation script. PHNE_22919: Ported HP-UX patch PHNE_23274 to VVOS Based on HP-UX patch PHNE_23274: 1. JAGac79099/8606128299: nslookup does not go through alternative domain entries in the search list when the nameserver returns a non-authoritative record with no answers. Resolution: nslookup now goes through alternative entries in the search list when it receives a non-authoritative record with no answers. 2. JAGad09228/8606139905: DNS and symbolic link problem. Resolution: DNS now compatible with symbolic links. 3. JAGad23810 / SR8606154493: nslookup takes a very long time in responding due to the retransmission value being set to millisecs by libc. As nslookup assumes the value to be in seconds there was a long delay for responses to non-existent records. Resolution: nslookup resets timeout value in seconds if the value has been set in milliseconds by libc. 4. JAGab53671 / SR1653307470: hosts_to_named fails to validate entries in /etc/hosts. Also this script takes a very long time to execute when /etc/hosts contains a large number of entries. Resolution: hosts_to_named now checks for non-numeric values in IP addresses of /etc/hosts entries. It also avoids calling a function multiple times thereby reducing the time taken to execute this program. 5. JAGad41828/8606172568: With some specific SRV records, named may loop. Resolution: Proper initialization of pointers resolved and avoided the unnecessary loops of named. 6. JAGad38231/8606168953: An ER was requested to disable version query thru nslookup. Resolution: Bind version query thru nslookup has been disabled. 7. JAGad48072/8606178847: When named encountered malformed DNS queries, it generated wrong error messages. Resolution: named has been fixed to report proper error messages. 8. JAGad25757/8606156419: Bind version was not verified before installing the patch. Resolution: Checkinstall script has been included to ensure that correct version of patch is being installed. PHNE_21090: Ported HP-UX patch PHNE_20619 to VVOS Based on HP-UX patch PHNE_20619: 1. JAGac40451: BIND 4.9.7 is affected by few of the vulnerabilities reported by CERT. Resolution: The vulnerabilities have been addressed. 2. JAGaa57264: BIND 4.9.7 running as internal nameserver and forwarding queries to external nameserver fails when the lookup address has a CNAME record with a higher TTL than its corresponding A record. Resolution: The query packet header was not properly framed. Now a proper header is sent in the query packet. 3. JAGaa94851: When named is not running on the system, preinstall script logs message "Name server stopped" which is not correct. Resolution: Now the script does not log wrong message. 4. JAGaa27075: If the switch policy for host lookup is as below hosts: dns [NOTFOUND=continue] files nslookup fails to find hosts that are in files only. Resolution: nslookup has been fixed to behave as advocated by switch policy. 5. JAGab69094: If the name being queried has at least one dot, nslookup appends domain name instead of trying it as it is, at the very first query. Resolution: If the name has atleast one dot in it, nslookup looks up the name as it is at the very first time. 6. JAGab84583: In NCPM environment, BIND 4.9.7 keeps on consuming memory and after few days it would run out of memory and eventually exit. Resolution: Memory management by named in NCPM environment was not proper. Now it manages properly. 7. JAGab21142: ER by customer to disable XSTAT information logged to syslog. Resolution: The "-X" command line option is provided to disable XSTATS information that is logged to syslog. 8. JAGab25088: The default behaviour of nslookup does not match default switch policy mentioned in nsswitch.conf(4). Resolution: nslookup now conforms to default switch policy for host lookup. The man page for nslookup is also updated. PHNE_18318: Ported HP-UX patch PHNE_14618 to VVOS Based on HP-UX patch PHNE_14618: 1. The pid log of named is different in PHNE_12957. 2. Under a heavy load the DNS server is slow to respond to DNS requests. Based on HP-UX patch PHNE_12957: 1. Upgrade to Bind 4.9.7 2. Bug in forwarders implementation causes name resolution to fail when forwarders are used. 3. named 4.9.3 bug: cache can drop root nameserver's data and cannot recover. 4. Problem with named in Bind 4.9.6 code. Enhancement: No (superseded patches contained enhancements) PHNE_22919: Ported HP-UX patch PHNE_23274 to VVOS PHNE_21090: Ported HP-UX patch PHNE_20619 to VVOS Based on HP-UX patch PHNE_20619: This patch delivers an enhancement to disable XSTATS on named (disabled through -X). Based on HP-UX patch PHNE_12957: This patch upgrades BIND from 4.9.3 to 4.9.7. Further information on this new version of BIND can be found in "/usr/share/doc/bind496.txt", which also includes pointers to other sources of information regarding this patch. SR: 8606188302 8606268849 8606274501 8606290432 8606290430 8606300359 8606128299 8606139905 8606154493 1653307470 8606172568 8606168953 8606178847 8606156419 8606125060 5003446138 8606145226 1653257998 8606135784 8606112269 1653306647 1653308866 8606298830 5003425322 8606298838 1653240986 4701350181 4701387779 Patch Files: InternetSrvcs.INETSVCS-RUN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/sbin/named /usr/sbin/named-xfer /usr/bin/nslookup /usr/share/doc/bind496.txt /usr/share/doc/bog.txt.Z /usr/share/doc/bog.ps.Z /usr/sbin/hosts_to_named InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/share/man/man1m.Z/named.1m /usr/share/man/man1.Z/nslookup.1 what(1) Output: InternetSrvcs.INETSVCS-RUN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/sbin/named: Copyright (c) 1986, 1989, 1990 The Regents of the Un iversity of California. named 4.9.7 Thu Mar 13 09:52:01 GMT 2003 PHNE_28449 /usr/sbin/named-xfer: Copyright (c) 1988, 1990 The Regents of the Universi ty of California. named 4.9.7 Thu Mar 13 09:52:01 GMT 2003 PHNE_28449 /usr/bin/nslookup: Copyright (c) 1985,1989 Regents of the University of California. nslookup $Revision: 1.1.214.4 $ Thu Mar 13 09:52:35 GMT 2003 PHNE_28449 /usr/share/doc/bind496.txt: None /usr/share/doc/bog.txt.Z: None /usr/share/doc/bog.ps.Z: None /usr/sbin/hosts_to_named: None InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: /usr/share/man/man1m.Z/named.1m: None /usr/share/man/man1.Z/nslookup.1: None cksum(1) Output: InternetSrvcs.INETSVCS-RUN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: 3888024535 221184 /usr/sbin/named 1412031555 81920 /usr/sbin/named-xfer 3453484836 131072 /usr/bin/nslookup 2882227719 4313 /usr/share/doc/bind496.txt 1715827123 41278 /usr/share/doc/bog.txt.Z 3899687399 79421 /usr/share/doc/bog.ps.Z 484907866 47818 /usr/sbin/hosts_to_named InternetSrvcs.INET-ENG-A-MAN,fr=B.11.04, fa=HP-UX_B.11.04_32/64,v=HP: 2788100613 8463 /usr/share/man/man1m.Z/named.1m 1861763 6984 /usr/share/man/man1.Z/nslookup.1 Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_18318 PHNE_21090 PHNE_22919 Equivalent Patches: PHNE_28449: s700: 11.00 s800: 11.00 PHNE_28448: s700: 10.20 s800: 10.20 Patch Package Size: 420 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_29634 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHNE_29634.depot By default swinstall will archive the original software in /var/adm/sw/save/PHNE_29634. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHNE_29634.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHNE_29634.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_29634.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Before installing this patch, the patch PHNE_28415 has to be removed, if installed. The product updated in this patch in not normally configured for VVOS systems.