BIND 9.10.4 may have a fatal crash defect.
Peter van Dijk
peter.van.dijk at powerdns.com
Thu May 12 13:44:15 UTC 2016
Hello Michael,
On 11 May 2016, at 10:49, Michael McNally wrote:
> To our users:
>
> Recently, on Thursday 28 April, ISC released two maintenance releases
> of BIND 9:
>
> - BIND 9.9.9
> - BIND 9.10.4
>
> Beginning after the release of BIND 9.10.4 we started receiving a
> small number of reports from recursive server operators who have
> encountered an INSIST assertion in code which checks the consistency
> of the Red-Black Tree structure in which BIND stores cache
> information.
OSX Homebrew had already upgraded to 9.10.4. They are now interested in
rolling back, but they cannot simply undo the update - ‘brew
upgrade’ will not ‘go back’ automatically then. As there is no
‘epoch’ support like RPM and dpkg have, something else needs to
happen.
I’ve heard two proposals:
(1) brew fakes up a version number X that sorts 9.10.4 < X < Y, where Y
is whatever ISC is going to release next
(2) ISC ‘clones’ 9.10.3-P4 into 9.10.5 (or 9.10.4-P1 but that seems
wrong) so the highest version in the BIND version tree is in fact a
stable version
There’s also
(3) do nothing, wait for ISC to figure the issue out and fix it (which
will obviously be in a version higher than 9.10.4); doing nothing
increases the odds of somebody running into the crash but one might
argue that this is helpful!
I think all three options are a bit ugly, to be fair. I don’t have any
preference.
Thoughts?
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the bind-users
mailing list