9.17.21 RUNTIME_CHECK(csock->tls.tls != ((void *)0)) failed

sthaug at nethelp.no sthaug at nethelp.no
Tue Jan 11 13:18:53 UTC 2022 

Environment: FreeBSD 12.3-STABLE, named 9.17.21 compiled from source.
DoT in config.

If I start named, then (without changing named.conf) do "rndc reconfig"
and then send named a DoT query (dig +tls or kdig +tls) named dies with

Jan 11 13:45:53 dns named[78236]: netmgr/tlsdns.c:1517: fatal error:
Jan 11 13:45:53 dns named[78236]: RUNTIME_CHECK(csock->tls.tls != ((void *)0)) failed
Jan 11 13:45:53 dns named[78236]: exiting (due to fatal error in library)

and the following error message appears in the window where I started
named:

isc_tls_create:SSL_new(0x803c3f000) -> error:140BA0E4:SSL routines:SSL_new:ssl ctx has no default ssl version
Abort (core dumped)

The backtrace is:

(lldb) bt
* thread #1, name = 'isc-net-0005', stop reason = signal SIGABRT
  * frame #0: 0x00000008012d469a libc.so.7`__sys_thr_kill at thr_kill.S:3
    frame #1: 0x00000008012d2af4 libc.so.7`__raise(s=6) at raise.c:52:10
    frame #2: 0x0000000801248719 libc.so.7`abort at abort.c:67:8
    frame #3: 0x000000000023c8bd named`library_fatal_error + 125
    frame #4: 0x0000000800318b25 libisc-9.17.21.so`isc_error_fatal + 117
    frame #5: 0x0000000800318b45 libisc-9.17.21.so`isc_error_runtimecheck + 21
    frame #6: 0x000000080030eed8 libisc-9.17.21.so`accept_connection + 1352
    frame #7: 0x000000080030d4bc libisc-9.17.21.so`tlsdns_connection_cb + 252
    frame #8: 0x0000000800ee23a5 libuv.so.1`uv__server_io + 197
    frame #9: 0x0000000800ee840b libuv.so.1`uv__io_poll + 2091
    frame #10: 0x0000000800ed76e1 libuv.so.1`uv_run + 433
    frame #11: 0x00000008002fd3eb libisc-9.17.21.so`nm_thread + 123
    frame #12: 0x000000080033a435 libisc-9.17.21.so`isc__trampoline_run + 69
    frame #13: 0x00000008010fe08c libthr.so.3`thread_start(curthread=0x0000000801623e00) at thr_create.c:292:16

Other points worth noting:

- The same problem also happens with 9.17.18 installed via the package
management system.
- Regular (UDP/53 and TCP/53) queries work just fine.
- DoT queries work just fine *before* doing "rndc reconfig".
- It does not matter whether the named.conf file has been changed or not
before doing "rndc reconfig" - the named process dies in any case.

named.conf included below.

Is this a known problem? What's the best way to followup on this problem?

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

----------------------------------------------------------------------
options {
        directory       "/usr/local/etc/namedb/working";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";
        listen-on       { 193.75.110.2; 127.0.0.1; };
        listen-on       port 853 tls dotas2116 { 193.75.110.2; 127.0.0.1; };
        interface-interval 0;
        recursion       yes;
        max-cache-size  1500M;
        minimal-any     yes;
        minimal-responses yes;
        querylog        yes;
        allow-query     { 193.69.2.0/24; 194.19.2.0/24; 193.75.110.0/24; 193.90.176.0/20; 127.0.0.1; 62.63.63.242; 193.75.6.0/24; 81.0.130.184/29; 195.1.209.32/27; };
};

tls dotas2116 {
        cert-file       "/usr/local/etc/namedb/fullchain.pem";
        key-file        "/usr/local/etc/namedb/privkey.pem";
        protocols       { TLSv1.2; TLSv1.3; };
};

More information about the bind-workers mailing list