Bezüglich Ian Lepore's Nachricht vom 21.08.2015 00:34 (localtime): > On Fri, 2015-07-24 at 15:19 +0200, Harald Schmalzbauer wrote: >> Bezglich Ian Lepore's Nachricht vom 12.07.2015 17:41 (localtime): >>> And let's all just hope that a week or two of testing is enough when >>> jumping a major piece of software forward several years in its >>> independent evolution. >> … >>> I wonder how many other such things could be lurking in 4.2.8, waiting >>> to be triggered by other peoples' non-stock configurations? We've >> … >> >> I'd like to report one, most likely an upstream problem: >> >> 'restrict' definitions in ntp.conf(5) no longer work with unqualified DNS >> names. >> A line like >> "restrict time1 nomodify nopeer noquery notrap" >> results in: >> ntpd[1913]: line 7 column 7 syntax error, unexpected T_Time1 >> ntpd[1913]: syntax error in /etc/ntp.conf line 7, column 7 >> >> I've always been using unqualified hostnames with 'restrict', and since >> defining 'server' with unqualified hostname still works, this seems to be a >> significant bug to me. People are forced to change 'restrict' definitions, >> but not to also change other unqualified definitions, which potentially >> leads to misconfigurations, since intentionally matching definitions can now >> differ easily. >> >> Has anybody already noticed this problem? And any idea if upstream is aware? > I had a quick look at this today. It appears that the problem isn't > unqualified names exactly, but rather an unqualified name that exactly > matches an ntp.conf keyword will be mistaken by the ntpd config parser > as a misplaced keyword token. So most unqualified names should work, > but there are about 200 words that won't, many of them very sensible > names for ntp servers such as "ntp" and "time1" and "time2". > > When I look at the ntp_parser.y grammar file it's not clear to me why > "server time1" works and "restrict time1" doesn't. I couldn't find any > way to trick it into taking a keyword as a hostname following restrict > (like using quotes).
Thank you very much! This is very interesting and exactly matches my tested host names. I wish I had better C skills to find such things myself. Out of curiosity: How much time took it to find the ntp_parser.y route? (and with what “IDE” – I'm stuck with vim) One additional observation was that the reserved-name-collision only happens with CNAME records. I hope I'll find some time to actually do look into sources - which I didn't at first hand because of my lousy C skills :-( But that's the place where to find hints :-) Thanks, -Harry
signature.asc
Description: OpenPGP digital signature
