BIND 9.11.9-1+ubuntu18.04.1+deb.sury.org+2 crash

Ondřej Surý ondrej at isc.org
Thu Jul 25 10:56:36 UTC 2019


Hi Emmanuel,

the crash should not happen because the discrepancy between the GeoIP and GeoIP2 configurations
should have been caught earlier, so I would appreciate if you can submit an issue here:
https://gitlab.isc.org/isc-projects/bind9/issues with more details on you named.conf.

You can use named-checkconf -px to clean any sensitive data, and/or make sure you mark the
issue as confidential if there’s still data you don’t want to be seen by general public.  We’ll sanitize
the issue later.

That said - the 9.11.9-1+ubuntu18.04.1+deb.sury.org+2 backport has missed one important commit
that disables legacy GeoIP and enables GeoIP2, and I’ve just uploaded version 3+geoip2 to the
Ubuntu repositories, so could you please try again with the recompiled version?  It should fix the
INSIST() that you were hitting.

If that fixes your issue, we would still appreciate if you would create the issue, so we can make
BIND fail more gracefully that with an crash if there’s error in the configuration related to the
switch between GeoIP and GeoIP2.

Thank you,
Ondrej
--
Ondřej Surý
ondrej at isc.org

> On 25 Jul 2019, at 05:51, FUSTE Emmanuel <emmanuel.fuste at thalesgroup.com> wrote:
> 
> The new version crash and the BIND 9.11.8-1+ubuntu18.04.1+deb.sury.org+1 
> was pulled from the repo.
> I'm trying the 9.14.4-1 as I need to resume the service but I have 
> GeoIP2 migration problems.....
> Please re-push the previous version in the repo.
> 
> Emmanuel.
> 
> Jul 25 10:54:08 ns1 systemd[1]: Reloading.
> Jul 25 10:54:08 ns1 systemd[1]: message repeated 2 times: [ Reloading.]
> Jul 25 10:54:08 ns1 systemd[1]: Starting BIND Domain Name Server...
> Jul 25 10:54:08 ns1 named[32210]: starting BIND 9.11.9-1+ubuntu18.04.1+deb.sury.org+2-Ubuntu (Extended Support Version) <id:80a845e>
> Jul 25 10:54:08 ns1 named[32210]: running on Linux x86_64 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019
> Jul 25 10:54:08 ns1 named[32210]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-libjson=/usr' '--with-lmdb=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so' '--with-randomdev=/dev/urandom' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind
>  9-aM_dmU/bind9-9.11.9+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
> Jul 25 10:54:08 ns1 named[32210]: running as: named -4 -u bind
> Jul 25 10:54:08 ns1 named[32210]: compiled by GCC 7.4.0
> Jul 25 10:54:08 ns1 named[32210]: compiled with OpenSSL version: OpenSSL 1.1.1  11 Sep 2018
> Jul 25 10:54:08 ns1 named[32210]: linked to OpenSSL version: OpenSSL 1.1.1  11 Sep 2018
> Jul 25 10:54:08 ns1 named[32210]: compiled with libxml2 version: 2.9.4
> Jul 25 10:54:08 ns1 named[32210]: linked to libxml2 version: 20904
> Jul 25 10:54:08 ns1 named[32210]: compiled with libjson-c version: 0.12.1
> Jul 25 10:54:08 ns1 named[32210]: linked to libjson-c version: 0.12.1
> Jul 25 10:54:08 ns1 named[32210]: compiled with zlib version: 1.2.11
> Jul 25 10:54:08 ns1 named[32210]: linked to zlib version: 1.2.11
> Jul 25 10:54:08 ns1 named[32210]: threads support is enabled
> Jul 25 10:54:08 ns1 named[32210]: ----------------------------------------------------
> Jul 25 10:54:08 ns1 named[32210]: BIND 9 is maintained by Internet Systems Consortium,
> Jul 25 10:54:08 ns1 named[32210]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
> Jul 25 10:54:08 ns1 named[32210]: corporation.  Support and training for BIND 9 are
> Jul 25 10:54:08 ns1 named[32210]: available athttps://www.isc.org/support
> Jul 25 10:54:08 ns1 named[32210]: ----------------------------------------------------
> Jul 25 10:54:08 ns1 named[32210]: adjusted limit on open files from 4096 to 1048576
> Jul 25 10:54:08 ns1 named[32210]: found 4 CPUs, using 4 worker threads
> Jul 25 10:54:08 ns1 named[32210]: using 3 UDP listeners per interface
> Jul 25 10:54:08 ns1 named[32210]: using up to 4096 sockets
> Jul 25 10:54:08 ns1 named[32210]: loading configuration from '/etc/bind/named.conf'
> Jul 25 10:54:08 ns1 named[32210]: reading built-in trust anchors from file '/etc/bind/bind.keys'
> Jul 25 10:54:08 ns1 named[32210]: statistics channel listening on 172.16.9.21#8053
> Jul 25 10:54:08 ns1 named[32210]: using default UDP/IPv4 port range: [32768, 60999]
> Jul 25 10:54:08 ns1 named[32210]: listening on IPv4 interface lo, 127.0.0.1#53
> Jul 25 10:54:08 ns1 named[32210]: listening on IPv4 interface eno1, 172.16.9.21#53
> Jul 25 10:54:08 ns1 named[32210]: listening on IPv4 interface eno2, 10.5.9.21#53
> Jul 25 10:54:08 ns1 named[32210]: listening on IPv4 interface enp7s0f0, 192.54.145.234#53
> Jul 25 10:54:08 ns1 named[32210]: generating session key for dynamic DNS
> Jul 25 10:54:08 ns1 named[32210]: sizing zone task pool based on 1380 zones
> Jul 25 10:54:08 ns1 named[32210]: ../../../lib/isccfg/aclconf.c:845: INSIST(0) failed, back trace
> Jul 25 10:54:08 ns1 named[32210]: #0 0x562f3fde5a70 in ??
> Jul 25 10:54:08 ns1 named[32210]: #1 0x7ff829b7d7ea in ??
> Jul 25 10:54:08 ns1 named[32210]: #2 0x7ff82a001aca in ??
> Jul 25 10:54:08 ns1 named[32210]: #3 0x7ff82a00263f in ??
> Jul 25 10:54:08 ns1 named[32210]: #4 0x7ff82a002882 in ??
> Jul 25 10:54:08 ns1 named[32210]: #5 0x7ff82a002c52 in ??
> Jul 25 10:54:08 ns1 named[32210]: #6 0x7ff82a00116a in ??
> Jul 25 10:54:08 ns1 named[32210]: #7 0x7ff82a00263f in ??
> Jul 25 10:54:08 ns1 named[32210]: #8 0x562f3fdc2b1f in ??
> Jul 25 10:54:08 ns1 named[32210]: #9 0x562f3fdca3b9 in ??
> Jul 25 10:54:08 ns1 named[32210]: #10 0x562f3fe0db35 in ??
> Jul 25 10:54:08 ns1 named[32210]: #11 0x562f3fe0fcf2 in ??
> Jul 25 10:54:08 ns1 named[32210]: #12 0x7ff829ba5ed9 in ??
> Jul 25 10:54:08 ns1 named[32210]: #13 0x7ff828cff6db in ??
> Jul 25 10:54:08 ns1 named[32210]: #14 0x7ff82843388f in ??
> Jul 25 10:54:08 ns1 named[32210]: exiting (due to assertion failure)
> 
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



More information about the bind-users mailing list