Patch Name: PHNE_22905 Patch Description: s700_800 10.24 (VVOS) BIND 4.9.7 components Creation Date: 00/12/07 Post Date: 01/01/03 Hardware Platforms - OS Releases: s700: 10.24 s800: 10.24 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN InternetSrvcs.INET-ENG-A-MAN Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_22905 Symptoms: PHNE_22905: Repackaged HP-UX patch PHNE_21999 for VVOS. Based on HP-UX patch PHNE_21999: 1. JAGac79099 / SR8606128299: "nslookup" cannot resolve hostnames properly when there is wild card entry in DNS data files and a search list having multiple entries in resolv.conf. 2. JAGad09228 / SR8606139905: DNS and symbolic link problem. 3. JAGad23810 / SR8606154493: "nslookup" sets timeout value to 5000 seconds when name server host is specified at the command line. 4. JAGab53671 / SR1653307470: "hosts_to_named" does not validate entries in /etc/hosts. PHNE_21288: Repackaged HP-UX patch PHNE_20618 for VVOS. Based on HP-UX patch PHNE_20618: 1. JAGac40451 / SR8606125060: "named" fails in certain cases. 2. JAGaa57264 / SR5003446138: "named" fails to resolve some of the names. 3. JAGab69094: BIND 4.9.7 and 8.1.2 resolver code not searching and stopping with Fully Qualified Domain Name(FQDN). 4. JAGab84583 / SR8606112269: In Network Connection Policy Manager(NCPM) environment, "named" exits after few days. 5. JAGab21142 / SR1653306647: Disable XSTATS on "named". Based on HP-UX patch PHNE_7495: "named" was unable to provide responses from the relocatable IP address used in MC/ServiceGuard environments. Resolver clients configured to first query the nameserver's relocatable IP address would not accept the response returned by the nameserver, causing name resolution delays. PHNE_16204: Repackaged HP-UX patch PHNE_14617 for VVOS. Based on HP-UX patch PHNE_14617: 1. Upgrade to Bind 4.9.7 2. DNS has problem when directed to use forwarder. 3. PHNE_10494 has problem in Serviceguard environment. Based on HP-UX patch PHNE_10494: 1. Upgrade to Bind 4.9.6. 2. Fix named 4.9.3 to handle database reload in the service guard configuration. 3. nslookup with NIS gives incorrect aliases on later lookups. 4. BIND 4.9.3 nslookup does not handle "RP"records. 5. nslookup returning improper aliases from the previous lookup. 6. hosts_to_named cannot handle 4 byte network address. 7. In named 4.9.3, cache can drop root nameserver's data and cannot recover. 8. nslookup shows incorrect source of the name resolution. 9.Bind patch PHNE_9589 does not show the latest manpages. Based on HP-UX patch PHNE_9589: New release of BIND components version 4.9.3 for 10.00, 10.01, 10.10 and 10.20. Based on HP-UX patch PHNE_7864: New release of BIND components version 4.9.3 for 10.20. Based on HP-UX patch PHNE_6983: When using hp's named as a slave/forwarder to a 4.9.2 named,if the 4.9.2 named sends an NXDOMAIN record without AA in replyto a query which it has no other information, our named would discard it and wait for a timeout period (30 secs) before continuing the search. This timeout period can cause delays toapplications relying on named resolution. Defect Description: PHNE_22905: Repackaged HP-UX patch PHNE_21999 for VVOS. Based on HP-UX patch PHNE_21999: 1. JAGac79099 / SR8606128299: nslookup does not go through alternative domain entries in the search list when the nameserver returns a non-authoritative record with no answers. Resolution: nslookup now goes through alternative entries in the search list when it receives a non-authoritative record with no answers. 2. JAGad09228 / SR8606139905: DNS and symbolic link problem. Resolution: DNS now compatible with symbolic links. 3. JAGad23810 / SR8606154493: nslookup takes a very long time in responding due to the retransmission value being set to millisecs by libc. As nslookup assumes the value to be in seconds there was a long delay for responses to non-existent records. Resolution: nslookup resets timeout value in seconds if the value has been set in milliseconds by libc. 4. JAGab53671 / SR1653307470: hosts_to_named fails to validate entries in /etc/hosts. Also this script takes a very long time to execute when /etc/hosts contains a large number of entries. Resolution: hosts_to_named now checks for non-numeric values in IP addresses of /etc/hosts entries. It also avoids calling a function multiple times thereby reducing the time taken to execute this program. PHNE_21288: Repackaged HP-UX patch PHNE_20618 for VVOS. Based on HP-UX patch PHNE_20618: 1. JAGac40451 / SR8606125060: Boundary conditions are not handled properly. Resolution: The boundary conditions have been addressed. 2. JAGaa57264 / SR5003446138: BIND 4.9.7 running as internal nameserver and forwarding queries to external nameserver fails when the lookup address has a CNAME record with a higher TTL than its corresponding A record. Resolution: The query packet header was not properly framed. Now a proper header is sent in the query packet. 3. JAGab69094: If the name being queried has at least one dot, nslookup appends domain name instead of trying it as it is, at the very first query. Resolution: If the name has atleast one dot in it, nslookup looks up the name as it is at the very first time. 4. JAGab84583 / SR8606112269: In NCPM environment "named"(BIND 4.9.7) keeps on consuming memory and after few days runs out of memory and eventually exits. Resolution: The memory has been freed properly after its use. 5. JAGab21142 / SR1653306647: ER by customer to disable XSTATS information logged to syslog. Resolution: The "-X" command line option is provided to disable XSTATS information that is logged to syslog. Based on HP-UX patch PHNE_7495: named was unable to identify the relocatable IP address assigned to a local network interface. Queries received from resolver clients would be answered, however, the source IP address in the response would be the base IP address of the network interface rather than the relocatable IP address. The resolver would drop the response. PHNE_16204: Repackaged HP-UX patch PHNE_14617 for VVOS. Based on HP-UX patch PHNE_14617: 1. Upgrade to Bind 4.9.7 2. Bug in forwarders implementation causes name resolution to fail when forwarders are used. 3. A bug in initialisation causes problem in the Serviceguard environment. Based on HP-UX patch PHNE_10494: 1. Upgrade to Bind 4.9.6 2. Bind 4.9.3 closes the socket on a relocatable IP when a database reload occurs. 3. Aliases from the last lookup appears in the next nslookup, if the new address being looked up does not have an alias. 4. nslookup is not able to handle "RP" records. 5. nslookup returns the alias of the previous lookup. 6. hosts_to_named creates wrong db files if a 4 byte network address is specified. 7. Bug in 4.9.3 causes named to stop working after 3 or 4 days and has to be restarted. 8. nslookup does not show the actual source of the name resolution. 9.Bind patch PHNE_9589 does not remove cat1m.Z files. Based on HP-UX patch PHNE_9589: New release of BIND components version 4.9.3 for 10.00, 10.01, 10.10 and 10.20. Based on HP-UX patch PHNE_7864: New release of BIND components version 4.9.3 for 10.20. Based on HP-UX patch PHNE_6983: The problem occurred due to a bug introduced in BIND version 4.9.2. This bug has been fixed in BIND 4.9.3. HP's namedversion 4.8.3 did not accept the erroneous response receivedfrom BIND 4.9.2. Even though our version of named was no in error, we now accept such a response in order to better interoperate in BIND 4.9.2 environment. SR: 8606128299 8606139905 8606154493 1653307470 8606125060 5003446138 8606112269 1653306647 5003304238 1653240986 5003402404 5003369561 4701301150 5003361931 5003360248 1653096313 4701350181 5003379750 5003369744 4701293217 5003304733 5003346932 Patch Files: /usr/bin/nslookup /usr/sbin/hosts_to_named /usr/sbin/named /usr/sbin/named-xfer /usr/sbin/sig_named /usr/share/doc/bind496.txt /usr/share/doc/bog.ps.Z /usr/share/doc/bog.txt.Z /usr/share/man/man1m.Z/named-xfer.1m /usr/share/man/man1m.Z/named.1m /usr/share/man/man1m.Z/sig_named.1m what(1) Output: /usr/bin/nslookup: Copyright (c) 1985,1989 Regents of the University of California. nslookup $Revision: 1.1.112.3 $ Wed Nov 15 14:31:22 GMT 2000 /usr/sbin/hosts_to_named: None /usr/sbin/named: Copyright (c) 1986, 1989, 1990 The Regents of the Un iversity of California. named 4.9.7 Wed Nov 15 14:30:38 GMT 2000 PHNE_21999 /usr/sbin/named-xfer: Copyright (c) 1988, 1990 The Regents of the Universi ty of California. named 4.9.7 Wed Nov 15 14:30:38 GMT 2000 PHNE_21999 /usr/sbin/sig_named: None /usr/share/doc/bind496.txt: None /usr/share/doc/bog.ps.Z: None /usr/share/doc/bog.txt.Z: None /usr/share/man/man1m.Z/named-xfer.1m: None /usr/share/man/man1m.Z/named.1m: None /usr/share/man/man1m.Z/sig_named.1m: None cksum(1) Output: 914674547 118784 /usr/bin/nslookup 2628928620 58210 /usr/sbin/hosts_to_named 237723173 221184 /usr/sbin/named 1307739716 86016 /usr/sbin/named-xfer 1909378160 4053 /usr/sbin/sig_named 2882227719 4313 /usr/share/doc/bind496.txt 3899687399 79421 /usr/share/doc/bog.ps.Z 1715827123 41278 /usr/share/doc/bog.txt.Z 987811226 2056 /usr/share/man/man1m.Z/named-xfer.1m 1582226003 6019 /usr/share/man/man1m.Z/named.1m 2498961528 1476 /usr/share/man/man1m.Z/sig_named.1m Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_16204 PHNE_21288 Equivalent Patches: PHNE_21999: s700: 10.20 s800: 10.20 PHNE_22000: s700: 11.00 s800: 11.00 PHNE_22919: s700: 11.04 s800: 11.04 Patch Package Size: 690 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_22905 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_22905.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_22905. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_22905.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_22905.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: The product updated in this patch is not normally configured on VVOS systems.