<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Hi Wah,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>RHEL 6.7<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>BIND 9.9.8 (Extended Support Version) <id:2d6d4ba><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>built by make with '--prefix=/usr/local' '--enable-threads' '--enable-fixed-rrset' '--enable-fetchlimit' '--with-openssl=/usr' '--with-libtool' '--with-make-clean'<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Just did another recompile as you said, What would the cause be?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Thinking of going back to some other version.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Wah Peng [mailto:wah_peng@yahoo.com.sg] <br><b>Sent:</b> Monday, 12 October 2015 10:37 PM<br><b>To:</b> Neil <neil20@iprimus.com.au><br><b>Cc:</b> bind-users@lists.isc.org<br><b>Subject:</b> Re: BIND 9.9.8 Assertion Failure {REP=5.5}<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><div><div><div><p class=MsoNormal>What system and what release of BIND?<o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'>I met this similiar issue months ago and I just recompiled from the source then the problem got fixed.<o:p></o:p></p></div><p class=MsoNormal>regards,<o:p></o:p></p></div><p class=MsoNormal>Wah.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>2015-10-12 18:30 GMT+08:00 Neil <<a href="mailto:neil20@iprimus.com.au" target="_blank">neil20@iprimus.com.au</a>>:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><p class=MsoNormal>Hi Bind Community,<br><br>Had a BIND Crash on 9.9.8.<br>Any ideas?<br><br>12-Oct-2015 02:09:06.457 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 02:09:06.458 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 02:59:08.850 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 02:59:08.850 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 04:55:34.944 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 04:55:34.944 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 06:15:35.638 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 06:15:35.638 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 07:55:37.894 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 07:55:37.894 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 08:29:12.235 security: error: client 12.168.40.21#32469: view<br>host_resolver_trusted: request has invalid signature: TSIG<br><a href="http://alexlembke.members.mac.com" target="_blank">alexlembke.members.mac.com</a>: tsig verify failure (BADKEY)<br>12-Oct-2015 08:35:39.175 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 08:35:39.176 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 08:49:17.268 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 08:49:17.268 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 08:50:37.524 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 08:50:37.524 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 09:39:10.215 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 09:39:10.215 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 10:15:40.924 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 10:15:40.924 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 10:29:08.849 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 10:29:08.850 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 11:15:41.259 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 11:15:41.260 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 12:49:38.443 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 12:49:38.443 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 19:39:08.302 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 19:39:08.302 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 20:15:49.022 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 20:15:49.023 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 20:35:49.056 general: error: socket.c:5407: unexpected error:<br>12-Oct-2015 20:35:49.056 general: error: connect(0.0.0.1#53) 22/Invalid<br>argument<br>12-Oct-2015 21:01:47.916 general: critical: resolver.c:1784:<br>INSIST(fctx->references > 1) failed<br>12-Oct-2015 21:01:47.916 general: critical: exiting (due to assertion<br>failure)<br><br>Neil<br>-----Original Message-----<br>From: <a href="mailto:bind-users-bounces@lists.isc.org">bind-users-bounces@lists.isc.org</a><br>[mailto:<a href="mailto:bind-users-bounces@lists.isc.org">bind-users-bounces@lists.isc.org</a>] On Behalf Of Mukund Sivaraman<br>Sent: Monday, 12 October 2015 7:59 PM<br>To: Wolfgang Riedel [CISCO] <<a href="mailto:wolfgang@cisco.com">wolfgang@cisco.com</a>><br>Cc: <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>Subject: Re: RPZ - override TXT records {REP=5.6}<br><br>Hi Wolfgang<br><br>On Thu, Oct 08, 2015 at 11:25:14PM +0200, Wolfgang Riedel [CISCO] wrote:<br>> Hi Folks,<br>><br>> I am currently struggling with using RPZ for inserting or overriding<br>> TXT resource records.<br>><br>> This is my goal:<br>><br>>    ; do not rewrite <a href="http://www.cisco.com" target="_blank">www.cisco.com</a> (so, PASSTHRU) and add or override<br>>    missing metadata<br>>    <a href="http://www.cisco.com" target="_blank">www.cisco.com</a> CNAME rpz-passthru.<br>>    <a href="http://www.cisco.com" target="_blank">www.cisco.com</a> TXT     "CISCO-CLS=app-name:HTTP|app-class:TD"<br>><br>> What work's is that I can do one or the other but not both at the same<br>> time if I need to use a CNAME.<br>><br>> This works:<br>><br>>    <a href="http://wolfgang.dns-as.org" target="_blank">wolfgang.dns-as.org</a> A       193.34.28.108<br>>    <a href="http://wolfgang.dns-as.org" target="_blank">wolfgang.dns-as.org</a> TXT     "CISCO-CLS=app-name:RPZ|app-class:TD"<br>><br>> but in reality this will not work for CDN or load-balanced sites which<br>> don't have fixed IP address.<br>><br>> Any hint's what I am doing wrong?<br><br>You aren't doing anything wrong. Yours is a corner case.<br><br>I hope I understood what you're trying to do correctly: From the zone<br>comment, perhaps you want the TXT query type to return the TXT RDATA you've<br>supplied and everything else passthru to regular processing. It can't be<br>done as triggers don't use the question's TYPE field.<br><br>An alternative is to include all the RRs for that QNAME in the answer (your<br>second example). Yours is a weird case, because you can't use the following<br>in the policy zone which named wouldn't allow loading (it won't allow CNAME<br>to coexist):<br><br><a href="http://www.cisco.com" target="_blank">www.cisco.com</a>                  CNAME <a href="http://www.cisco.com.akadns.net" target="_blank">www.cisco.com.akadns.net</a>.<br><a href="http://www.cisco.com" target="_blank">www.cisco.com</a>                  TXT   "CISCO-CLS=app-name:HTTP|app-class:TD"<br><br>So using the A record (your second example) or adding triggers for the<br>target of the CNAME record chain are your best bet. As the latter varies,<br>perhaps the former for your region would be best.<br><br>                Mukund<br><br>_______________________________________________<br>Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br><br>bind-users mailing list<br><a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><o:p></o:p></p></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>