[stork-users] Stork-Agent issue parsing bind9 conf

isc-mailing-list at secmail.8shield.net isc-mailing-list at secmail.8shield.net
Fri Feb 27 22:45:52 UTC 2026 

Hello,

I upgraded Stork / Stork Agent to v2.4.0 and I encountered two bind configuration parsing issues when launching the Agent:


- support for "wildcard" in include statements, ex.:

    include "/etc/bind/named.conf.d/tls/*.conf";

- supporting the "!" in access statements, ex.:

    # Any address other than axfr-clients is rejected at once, but axfr-clients is
    # accepted as long as the key provided matches inside-view-key,
    # i.e. must match axfr-clients IP and key inside-view-key

    allow-transfer { !{ !axfr-clients; any; }; key inside-view-key; };


I don't know if these are already known issues.  As a work around I have included individual files instead of using wildcard.
As for the "allow-transfer", I temporarily reverted to only requiring the key.  I believe the statement was not well understood even before v2.4.0, since zone transfers from Stork never worked even if the stork-agent IP (localhost) was included in the "axfr-clients" ACL.

In the past, I've used a combination of //@stork:no-parse:global, //@stork:no-parse:scope and //@stork:no-parse:end to go around the problem or make it load faster.  Can someone specify what is the minimum information that the stork-agent needs from the bind configuration file for it to operate normally?

Journal log examples for both issues:

This example is from parsing: include "/etc/bind/named.conf.d/http/*.conf";

Feb 25 15:16:08 dns02.redacted.net stork-agent[338947]: time="2026-02-25 15:16:08" level="warning" msg="Failed to detect BIND 9 DNS server daemon" file="          monitor.go:427  " error="failed to configure BIND 9 daemon: failed to resolve include statements in BIND 9 config file: failed to open BIND 9 config file: /etc/bind/named.conf.d/http/*.conf: open /etc/bind/named.conf.d/http/*.conf: no such file or directory" stackTrace="open /etc/bind/named.conf.d/http/*.conf: no such file or directoryfailed to open BIND 9 config file: /etc/bind/named.conf.d/http/*.conf
isc.org/stork/daemoncfg/bind9.(*Parser).ParseFile
\t/builds/isc-projects/stork/backend/daemoncfg/bind9/parser.go:137
isc.org/stork/daemoncfg/bind9.(*Config).Expand
\t/builds/isc-projects/stork/backend/daemoncfg/bind9/config.go:566
isc.org/stork/agent.(*monitor).configureBind9Daemon
\t/builds/isc-projects/stork/backend/agent/bind9.go:354
isc.org/stork/agent.(*monitor).detectBind9Daemon
\t/builds/isc-projects/stork/backend/agent/bind9.go:495
isc.org/stork/agent.(*monitor).detectDaemons
\t/builds/isc-projects/stork/backend/agent/monitor.go:425
isc.org/stork/agent.(*monitor).run
\t/builds/isc-projects/stork/backend/agent/monitor.go:319
runtime.goexit
\t/builds/isc-projects/stork/tools/golang/go/src/runtime/asm_amd64.s:1693
failed to resolve include statements in BIND 9 config file
failed to configure BIND 9 daemon"

>From trying to parse: allow-transfer { !{ !axfr-clients; any; }; key inside-view-key; };

Feb 25 17:19:16 dns01.redacted.net stork-agent[347703]: time="2026-02-25 17:19:16" level="warning" msg="Failed to detect BIND 9 DNS server daemon" file="          monitor.go:427  " error="failed to configure BIND 9 daemon: failed to parse BIND 9 config file: failed to parse Bind9 config file: /etc/bind/named.conf: /etc/bind/named.conf:148:22: unexpected token \"!\" (expected \"}\")" stackTrace="/etc/bind/named.conf:148:22: unexpected token \"!\" (expected \"}\")
failed to parse Bind9 config file: /etc/bind/named.conf
isc.org/stork/daemoncfg/bind9.(*Parser).parse
\t/builds/isc-projects/stork/backend/daemoncfg/bind9/parser.go:112
isc.org/stork/daemoncfg/bind9.(*Parser).Parse
\t/builds/isc-projects/stork/backend/daemoncfg/bind9/parser.go:145
isc.org/stork/daemoncfg/bind9.(*Parser).ParseFile
\t/builds/isc-projects/stork/backend/daemoncfg/bind9/parser.go:140
isc.org/stork/agent.(*monitor).configureBind9Daemon
\t/builds/isc-projects/stork/backend/agent/bind9.go:347
isc.org/stork/agent.(*monitor).detectBind9Daemon
\t/builds/isc-projects/stork/backend/agent/bind9.go:495
isc.org/stork/agent.(*monitor).detectDaemons
\t/builds/isc-projects/stork/backend/agent/monitor.go:425
isc.org/stork/agent.(*monitor).run
\t/builds/isc-projects/stork/backend/agent/monitor.go:319
runtime.goexit
\t/builds/isc-projects/stork/tools/golang/go/src/runtime/asm_amd64.s:1693
failed to parse BIND 9 config file
failed to configure BIND 9 daemon"

Best,
Math.

More information about the Stork-users mailing list