Statistics-channel json crashes Bind

Ondřej Surý ondrej at isc.org
Sun May 12 05:10:10 UTC 2019 

Hi Ingeborg,

perhaps you can try running BIND by hand and see why it crashes on the console?

Usually the coredump is controlled by ulimit and it needs the directory (working directory of the binary, on Linux that would be /prof/<PID>/cwd) from where you launch the binary writeable.

If BIND 9 crashes again we would need several things:

* a backtrace with symbols, this usually needs:
* unstripped named binary or named binary with matching debug symbols file
* named.conf -px output - this will anonymize any secrets from the file

If this involves remote crash on a remote interface (3rd party triggered crash), please send the information to security-officer at isc.org and you can upload larger files at https://pandora.isc.org/

If this is triggered only locally by authorized users you can optionally fill new issue https://gitlab.isc.org/isc-projects/bind9 and attach the files there. To be on the safe side, please mark the issue as confidential. We will make sure that we redact any files before we make the issue public in the future.

BTW is there any chance that you and Havard share any common bits of configuration?

Thanks,
Ondřej
--
Ondřej Surý — ISC

> On 8 May 2019, at 20:58, Ingeborg Hellemo <ingeborg.hellemo at uit.no> wrote:
> 
> FreeBSD 11.2
> Bind 9.12.3-P1
> 
> 
> I have a server which runs several nameservers, each in its own chroot with 
> its own assigned IP-address.
> 
> They run like this:
> /usr/local/sbin/named -4 -t /resolver -u bind -c /etc/namedb/named.conf
> 
> In named.conf:
> 
> statistics-channels {
>        inet <server-ip> port 50000 allow { <monitoring-ip>; };
> };
> 
> On my monitoring server I collect statistics via http://<server-ip>:50000/json 
> 
> 
> Today I added one more chroot. For this server the statistics collection 
> crashes the named daemon without any trace in the log files. Even stranger is 
> that "http://<server-ip>:50000" and "http://<server-ip>:50000/xml" works fine.
> 
> All the nameservers run the same binary. 
> 
> 
> Any ideas where to look?
> 
> 
> --Ingeborg
> -- 
> Ingeborg Østrem Hellemo  --  ingeborg.hellemo at uit.no
> Dep. of Information Technology  ---  Univ. of Tromsø
> 
> 
>

More information about the bind-users mailing list