segfaults with bind RPZ?

Phil Mayers p.mayers at
Fri Dec 16 15:09:03 UTC 2011


I had a use-case for bind RPZ today, so enabled it on our internal 
testing DNS servers (running 9.8.1-P1).

I had already created and deployed the "rpz" zone, as a sub-zone of our 
(DNSSEC-signed) main zone.

As soon as the cfengine job ran, which basically added:

   response-policy { zone ""; };

...and issued an "rndc config", I got a segfault.

Hmm. Ok, restart the process. 20 minutes later, another segfault.

Hmm. Open GDB, and I get errors trying to attach:

../../gdb/linux-nat.c:1361: internal-error: linux_nat_post_attach_wait: 
Assertion `pid == new_pid && WIFSTOPPED (status)' failed.

Bah. So I can't supply a traceback unfortunately.

Has anyone else seen problems deploying RPZ in a DNSSEC-validating 
recursive resolver, running 9.8.1-P1? Platform is x86_64, RHEL5.

More information about the bind-users mailing list