[stork-users] Stork-Agent issue parsing bind9 conf

Slawek Figiel slawek at isc.org
Mon Mar 2 20:11:21 UTC 2026 

Hello Math,

thank you for your report and feedback. It seems these feature are not 
supported by Stork parser of BIND 9 configuration.

I have opened https://gitlab.isc.org/isc-projects/stork/-/issues/2322 to 
address it.

Best regards,
Slawek Figiel

On 2/27/26 11:45 PM, isc-mailing-list at secmail.8shield.net wrote:
> Hello,
> 
> I upgraded Stork / Stork Agent to v2.4.0 and I encountered two bind configuration parsing issues when launching the Agent:
> 
> 
> - support for "wildcard" in include statements, ex.:
> 
>      include "/etc/bind/named.conf.d/tls/*.conf";
> 
> - supporting the "!" in access statements, ex.:
> 
>      # Any address other than axfr-clients is rejected at once, but axfr-clients is
>      # accepted as long as the key provided matches inside-view-key,
>      # i.e. must match axfr-clients IP and key inside-view-key
> 
>      allow-transfer { !{ !axfr-clients; any; }; key inside-view-key; };
> 
> 
> I don't know if these are already known issues.  As a work around I have included individual files instead of using wildcard.
> As for the "allow-transfer", I temporarily reverted to only requiring the key.  I believe the statement was not well understood even before v2.4.0, since zone transfers from Stork never worked even if the stork-agent IP (localhost) was included in the "axfr-clients" ACL.
> 
> In the past, I've used a combination of //@stork:no-parse:global, //@stork:no-parse:scope and //@stork:no-parse:end to go around the problem or make it load faster.  Can someone specify what is the minimum information that the stork-agent needs from the bind configuration file for it to operate normally?
> 
> Journal log examples for both issues:
> 
> This example is from parsing: include "/etc/bind/named.conf.d/http/*.conf";
> 
> Feb 25 15:16:08 dns02.redacted.net stork-agent[338947]: time="2026-02-25 15:16:08" level="warning" msg="Failed to detect BIND 9 DNS server daemon" file="          monitor.go:427  " error="failed to configure BIND 9 daemon: failed to resolve include statements in BIND 9 config file: failed to open BIND 9 config file: /etc/bind/named.conf.d/http/*.conf: open /etc/bind/named.conf.d/http/*.conf: no such file or directory" stackTrace="open /etc/bind/named.conf.d/http/*.conf: no such file or directoryfailed to open BIND 9 config file: /etc/bind/named.conf.d/http/*.conf
> isc.org/stork/daemoncfg/bind9.(*Parser).ParseFile
> \t/builds/isc-projects/stork/backend/daemoncfg/bind9/parser.go:137
> isc.org/stork/daemoncfg/bind9.(*Config).Expand
> \t/builds/isc-projects/stork/backend/daemoncfg/bind9/config.go:566
> isc.org/stork/agent.(*monitor).configureBind9Daemon
> \t/builds/isc-projects/stork/backend/agent/bind9.go:354
> isc.org/stork/agent.(*monitor).detectBind9Daemon
> \t/builds/isc-projects/stork/backend/agent/bind9.go:495
> isc.org/stork/agent.(*monitor).detectDaemons
> \t/builds/isc-projects/stork/backend/agent/monitor.go:425
> isc.org/stork/agent.(*monitor).run
> \t/builds/isc-projects/stork/backend/agent/monitor.go:319
> runtime.goexit
> \t/builds/isc-projects/stork/tools/golang/go/src/runtime/asm_amd64.s:1693
> failed to resolve include statements in BIND 9 config file
> failed to configure BIND 9 daemon"
> 
>  From trying to parse: allow-transfer { !{ !axfr-clients; any; }; key inside-view-key; };
> 
> Feb 25 17:19:16 dns01.redacted.net stork-agent[347703]: time="2026-02-25 17:19:16" level="warning" msg="Failed to detect BIND 9 DNS server daemon" file="          monitor.go:427  " error="failed to configure BIND 9 daemon: failed to parse BIND 9 config file: failed to parse Bind9 config file: /etc/bind/named.conf: /etc/bind/named.conf:148:22: unexpected token \"!\" (expected \"}\")" stackTrace="/etc/bind/named.conf:148:22: unexpected token \"!\" (expected \"}\")
> failed to parse Bind9 config file: /etc/bind/named.conf
> isc.org/stork/daemoncfg/bind9.(*Parser).parse
> \t/builds/isc-projects/stork/backend/daemoncfg/bind9/parser.go:112
> isc.org/stork/daemoncfg/bind9.(*Parser).Parse
> \t/builds/isc-projects/stork/backend/daemoncfg/bind9/parser.go:145
> isc.org/stork/daemoncfg/bind9.(*Parser).ParseFile
> \t/builds/isc-projects/stork/backend/daemoncfg/bind9/parser.go:140
> isc.org/stork/agent.(*monitor).configureBind9Daemon
> \t/builds/isc-projects/stork/backend/agent/bind9.go:347
> isc.org/stork/agent.(*monitor).detectBind9Daemon
> \t/builds/isc-projects/stork/backend/agent/bind9.go:495
> isc.org/stork/agent.(*monitor).detectDaemons
> \t/builds/isc-projects/stork/backend/agent/monitor.go:425
> isc.org/stork/agent.(*monitor).run
> \t/builds/isc-projects/stork/backend/agent/monitor.go:319
> runtime.goexit
> \t/builds/isc-projects/stork/tools/golang/go/src/runtime/asm_amd64.s:1693
> failed to parse BIND 9 config file
> failed to configure BIND 9 daemon"
> 
> Best,
> Math.
>

More information about the Stork-users mailing list