Assertion failure when RPZ zone returns NS records?
muks at isc.org
Sat Jun 11 18:10:17 UTC 2016
On Sat, Jun 11, 2016 at 05:19:41PM +0000, McDonald, Daniel (Dan) wrote:
> Apparently it’s not the way to do what I needed, but I created an RPZ record like this:
> foo.example.com IN NS ns1.example.org
> IN NS ns2.example.org
> My goal was to redirect queries to a load balancer serving
> foo.example.com A records. I should have created the glue in
> example.org and then used RPZ to create a CNAME for foo.example.com
> pointing to foo.example.org
> Anyway, with the NS records, I got an assertion failure:
> 10-Jun-2016 15:49:58.584 client 10.10.207.244#49952 (foo.example.com <http://sts.austinenergy.com/>): query: foo.example.com <http://sts.austinenergy.com/> IN A + (10.2.123.132)
> Jun 10 15:49:58 ns11 named: query.c:3908: REQUIRE(dbp != ((void *)0) && *dbp != ((void *)0)) failed
> Jun 10 15:49:58 ns11 named: exiting (due to assertion failure)
> I’m running the supplied version of Bind from SLES 11 SP4:
> someone at ns11:/var/lib/named/var/log> rpm -qi bind
> Name : bind Relocations: (not relocatable)
> Version : 9.9.6P1 Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
> Release : 0.25.1 Build Date: Wed 09 Mar 2016 10:22:09 AM CST
> Install Date: Mon 21 Mar 2016 09:31:21 AM CDT Build Host: sheep02
> Group : Productivity/Networking/DNS/Servers Source RPM: bind-9.9.6P1-0.25.1.src.rpm
> Size : 1187259 License: BSD 3-Clause; X11/MIT
> Signature : RSA/8, Wed 09 Mar 2016 10:23:01 AM CST, Key ID e3a5c360307e3d54
> Packager : https://www.suse.com/
> URL : http://isc.org/sw/bind/
> Is this a known error?
This is a crash in rpz_clean() in query.c in the 9.9 branch.
(1) Use 9.10 if you want to use RPZ feature in a public BIND
release. Only 9.10 and above's RPZ is maintained and deployable among
BIND public releases.
(2) Use the latest version of BIND for the release branch you're
using. So today, you'd use 9.10.4-P1 (the latest version of BIND in the
9.10 branch) if you want to deploy the RPZ feature.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: not available
More information about the bind-users