ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2021-10-05T15:20:31Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2044app_api.c:25:1: error: braces around scalar initializer on illumos2021-10-05T15:20:31ZMichal Nowakapp_api.c:25:1: error: braces around scalar initializer on illumosBIND `9_11` fails to build on OpenIndiana (`illumos-2509632a43`) with GCC 7.5.0 (10.1.0 is the same):
```
libtool: compile: /usr/gcc/7/bin/gcc -I/export/home/newman/bind9 -I../../.. -I./include -I./../pthreads/include -I../include -I./....BIND `9_11` fails to build on OpenIndiana (`illumos-2509632a43`) with GCC 7.5.0 (10.1.0 is the same):
```
libtool: compile: /usr/gcc/7/bin/gcc -I/export/home/newman/bind9 -I../../.. -I./include -I./../pthreads/include -I../include -I./../include -I./.. -D_REENTRANT -DOPENSSL -DISC_LIST_CHECKINIT=1 -D_XPG4_2 -D__EXTENSIONS__ -m64 -O3 -D_XOPEN_SOURCE=600 -D__EXTENSIONS__=1 -D_XPG6 -I/usr/include/libxml2 -fPIC -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing -fno-delete-null-pointer-checks -Wshadow -Werror -c app.c -fPIC -DPIC -o .libs/app.o
...
In file included from app.c:1047:0:
../app_api.c:25:1: error: braces around scalar initializer [-Werror]
static isc_once_t once = ISC_ONCE_INIT;
^~~~~~
../app_api.c:25:1: note: (near initialization for 'once.__pthread_once_pad[0]')
../app_api.c:25:26: error: excess elements in scalar initializer [-Werror]
static isc_once_t once = ISC_ONCE_INIT;
^~~~~~~~~~~~~
../app_api.c:25:26: note: (near initialization for 'once.__pthread_once_pad[0]')
../app_api.c:25:26: error: excess elements in scalar initializer [-Werror]
../app_api.c:25:26: note: (near initialization for 'once.__pthread_once_pad[0]')
../app_api.c:25:26: error: excess elements in scalar initializer [-Werror]
../app_api.c:25:26: note: (near initialization for 'once.__pthread_once_pad[0]')
```
The error is present in may other files, e.g.:
```
net.c:106:1: error: braces around scalar initializer [-Werror]
static isc_once_t once_ipv6only = ISC_ONCE_INIT;
^~~~~~
net.c:106:1: note: (near initialization for 'once_ipv6only.__pthread_once_pad[0]')
...
strerror.c: In function 'isc__strerror':
strerror.c:44:2: error: braces around scalar initializer [-Werror]
static isc_once_t once = ISC_ONCE_INIT;
^~~~~~
strerror.c:44:2: note: (near initialization for 'once.__pthread_once_pad[0]')
...
```
Other maintained branches build fine.BIND 9.17 Backburnerhttps://gitlab.isc.org/isc-projects/stork/-/issues/357events panels should be pageable and filterable2020-10-09T12:49:15ZMichal Nowikowskievents panels should be pageable and filterableThe event viewer by default shows by default some number (10, I think) latest events. When I leave it running for a while and there's a connection problem, it keeps adding new event every 30 seconds. After couple minutes, the list has 25...The event viewer by default shows by default some number (10, I think) latest events. When I leave it running for a while and there's a connection problem, it keeps adding new event every 30 seconds. After couple minutes, the list has 25 entries or more. But when I hit the refresh button, the older 15 disappears.
So I think the event viewer should be improved. I think there should be something like "more events" button that would get you to separate view that shows only events. This one should allow you to see more (all) events, possibly filter content, show events for specified time period etc.
ref: https://gitlab.isc.org/isc-projects/stork/-/merge_requests/181#note_1482140.12Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/2043dns_rdata_hip_next() fails to return ISC_R_NOMORE at the right time.2020-07-24T05:29:54ZMark Andrewsdns_rdata_hip_next() fails to return ISC_R_NOMORE at the right time.August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)https://gitlab.isc.org/isc-projects/kea/-/issues/1335Timer not being rescheduled after restart of lease database backend2020-08-14T18:41:00ZPeter DaviesTimer not being rescheduled after restart of lease database backend---
name: timer not being rescheduled after restart of lease database backend.
---
**Describe the bug**
When leases are saved to a database backend, failure to connect to the database is handled incorrectly. After restarting the le...---
name: timer not being rescheduled after restart of lease database backend.
---
**Describe the bug**
When leases are saved to a database backend, failure to connect to the database is handled incorrectly. After restarting the lease database backend expired leases will never be removed from the lease database.
**Environment:**
- Kea version: 1.6.2
- OS: linux
**Additional Information**
I confirm reading the code that if a database query throws (for instance because the connection with the server is dead) the timer is not rescheduled because there is no try-catch block to handle this case.
[RT #16827](https://support.isc.org/Ticket/Display.html?id=16827)kea1.8.0Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2042Bind 9.16.5 rdnc stop error2020-10-02T08:54:38ZPeter DaviesBind 9.16.5 rdnc stop error
### Summary
When stopping Bind 9.16.5 with rdnc stop the process core dumps.
### BIND version used
9.16.5
### Steps to reproduce
rndc stop
### What is the current *bug* behavior?
The process does not exit gracefully
### What is ...
### Summary
When stopping Bind 9.16.5 with rdnc stop the process core dumps.
### BIND version used
9.16.5
### Steps to reproduce
rndc stop
### What is the current *bug* behavior?
The process does not exit gracefully
### What is the expected *correct* behavior?
Graceful exit
### Relevant configuration files
20-Jul-2020 09:04:40.531 general: received control channel command 'stop'
20-Jul-2020 09:04:40.536 network: no longer listening on 127.0.0.1#53
20-Jul-2020 09:04:40.545 network: no longer listening on 10.0.0.1#53
Jul 20 08:59:36 localhost named[27117]: starting BIND 9.16.5 (Stable Release) <id:c00b458>
Jul 20 08:59:36 localhost named[27117]: running on Linux x86_64 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020
Jul 20 08:59:36 localhost named[27117]: built with 'CFLAGS=-m64 -g -O2' '--prefix=/local' '--localstatedir=/var' '--with-openssl=yes' '--with-libtool' '--enable-static=yes' '--disable-shared' '--enable-largefile' '--sysconfdir=/etc/named' '--with-libxml2=no' '--with-tuning=large' '--with-python=/usr/bin/python3' '--with-libjson'
Jul 20 08:59:36 localhost named[27117]: running as: named -f -c /etc/named/named.conf -u named -U 6 -n 10
Jul 20 08:59:36 localhost named[27117]: compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-39)
Jul 20 08:59:36 localhost named[27117]: compiled with OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
Jul 20 08:59:36 localhost named[27117]: linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
Jul 20 08:59:36 localhost named[27117]: compiled with json-c version: 0.11
Jul 20 08:59:36 localhost named[27117]: linked to json-c version: 0.11
Jul 20 08:59:36 localhost named[27117]: compiled with zlib version: 1.2.7
Jul 20 08:59:36 localhost named[27117]: linked to zlib version: 1.2.7
Jul 20 08:59:36 localhost named[27117]: ----------------------------------------------------
Jul 20 08:59:36 localhost named[27117]: BIND 9 is maintained by Internet Systems Consortium,
Jul 20 08:59:36 localhost named[27117]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jul 20 08:59:36 localhost named[27117]: corporation. Support and training for BIND 9 are
Jul 20 08:59:36 localhost named[27117]: available at https://www.isc.org/support
Jul 20 08:59:36 localhost named[27117]: ----------------------------------------------------
Jul 20 08:59:36 localhost named[27117]: adjusted limit on open files from 4096 to 1048576
Jul 20 08:59:36 localhost named[27117]: command channel listening on 127.0.0.1#953
Jul 20 09:04:42 localhost systemd[1]: named.service: main process exited, code=killed, status=6/ABRT
Jul 20 09:04:42 localhost systemd[1]: Unit named.service entered failed state.
Jul 20 09:04:42 localhost systemd[1]: named.service failed.
ldd /local/sbin/named
linux-vdso.so.1 => (0x00007ffc887a1000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f8e0872a000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f8e08441000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f8e0820e000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f8e0800a000)
libuv.so.1 => /lib64/libuv.so.1 (0x00007f8e07dda000)
librt.so.1 => /lib64/librt.so.1 (0x00007f8e07bd2000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f8e079b6000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f8e0779c000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f8e07597000)
libz.so.1 => /lib64/libz.so.1 (0x00007f8e07381000)
libjson-c.so.2 => /lib64/libjson-c.so.2 (0x00007f8e07176000)
libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f8e06d13000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f8e06b0f000)
libc.so.6 => /lib64/libc.so.6 (0x00007f8e06741000)
/lib64/ld-linux-x86-64.so.2 (0x00007f8e08977000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f8e06531000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f8e0632d000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f8e06113000)
libattr.so.1 => /lib64/libattr.so.1 (0x00007f8e05f0e000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f8e05ce7000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f8e05a85000)
Threads 1 and 28 assertion failure send_queue_size apparently > 0.
Thread 1 (Thread 0x7fb36e29b700 (LWP 27127)):
#0 0x00007fb372b36387 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55.
resultvar = 0
pid = 27117
selftid = 27127
#1 0x00007fb372b37a78 in __GI_abort () at abort.c:90
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x7ffc50e8ff68, sa_sigaction = 0x7ffc50e8ff68}, sa_mask = {__val = {140408701615600, 140408723862800, 119, 140408624098624, 140408700210083, 140408624098256, 4, 47279400320, 19104546066, 0, 0, 0, 0, 21474836480, 140408738095104, 140408701627616}}, sa_flags = 1947989349, sa_restorer = 0x7fb3741bf7b0 <__PRETTY_FUNCTION__.9843>}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007fb372b2f1a6 in __assert_fail_base (fmt=0x7fb372c8ace0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7fb3741bf565 "handle->send_queue_size == 0", file=file@entry=0x7fb3741bf510 "src/unix/udp.c", line=line@entry=119, function=function@entry=0x7fb3741bf7b0 <__PRETTY_FUNCTION__.9843> "uv__udp_finish_close") at assert.c:92.
str = 0x7fb3005a0890 ""
total = 4096.
for core files and backtrace see ticket [RT #16013](https://support.isc.org/Ticket/Display.html?id=16013).October 2020 (9.11.24, 9.11.24-S1, 9.16.8, 9.16.8-S1, 9.17.6)https://gitlab.isc.org/isc-projects/bind9/-/issues/2041BUG reconfig+auto-dnssec+high thread number leak resources and crash named2021-03-19T09:14:17ZLaurent FrigaultBUG reconfig+auto-dnssec+high thread number leak resources and crash named### Summary
Adding multiple times, zones with auto-dnssec maintain; inline-signing yes; on a server with many cores leaks memory AND other unidentified resources.
After some times, named stop responding.
In the log:
```
Jul 22 20:18:38...### Summary
Adding multiple times, zones with auto-dnssec maintain; inline-signing yes; on a server with many cores leaks memory AND other unidentified resources.
After some times, named stop responding.
In the log:
```
Jul 22 20:18:38 localhost named[51093]: general: error: could not get query source dispatcher (127.0.1.6#0)
Jul 22 20:18:38 localhost named[51093]: general: error: reloading configuration failed: out of memory
```
Then, the daemon must be restarted to work again and the crash is not only a memory issue.
### BIND version used
```
# /usr/local/sbin/named -V
BIND 9.16.5 (Stable Release) <id:c00b458>
running on FreeBSD amd64 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1 GENERIC
built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--disable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-tcp-fastopen' '--with-tuning=default' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 (tags/RELEASE_801/final 366581)
compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d-freebsd 10 Sep 2019
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.14
linked to json-c version: 0.14
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
default paths:
named configuration: /usr/local/etc/namedb/named.conf
rndc configuration: /usr/local/etc/namedb/rndc.conf
DNSSEC root key: /usr/local/etc/namedb/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/pid
named lock file: /var/run/named/named.lock
```
### Steps to reproduce
I write a small perl script to reproduce the bug.
It generates very small zones with ksk & zsk, add them to the config file and reconfig with "rndc reconfig". Each reconfig add the new zone and leaks memory. The leak seems proportional to the number of threads (by default the number of cores).
An other type (unidentified) of resources is leaked which make the crash.
This other leak seems proportional to the number of UDP listeners per interface
(by default the number of cores).
The path at the beginning of the script are for FreeBSD pkg and should be adapted on other platform.
More the test server have core , more the crash occurs quickly. My test server has 40 cores .
I could not reproduce the bug with non signed zones. It needs auto-dnssec maintain zones.
[crashbind.pl](/uploads/c4624b0aef3a4c396c392519ec74891c/crashbind.pl)
### What is the current *bug* behavior?
On a server with 40 cores, it crash after about 204 zones .
Reducing the number of UDP listeners per interface (-U n) from 40 to 20 double the number of iteration needed to crash the server.
Reducing it to 10 double again this number.
This has no effect on the visible (in top) memory leak.
Reducing the number of worker threads (-n xxx) reduce the memory leak but not the number of iteration needed to crash the server. Increasing the number of worker threads increase proportionally the memory leak. I try -n 100 and the memory used by the daemon increased to more than 70G for less than 500 zones.
This is why I think 2 different types of resources are leaked (memory proportional to the number of worker thread and an other type proportional to the number of UDP listeners per interface which make the crash).
### What is the expected *correct* behavior?
rndc reconfig to add zone with "auto-dnssec maintain" should not leak memory and other resources leading the crash of the server.
### Relevant configuration files
named.conf
```
logging {
channel stdlog {
syslog local1;
print-category yes;
print-severity yes;
print-time no;
};
category default { stdlog; };
category queries { "null"; };
category query-errors { "null"; };
category update { "null"; };
category update-security { "null"; };
category security { "null"; };
};
options {
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.1.6; };
listen-on-v6 { none; };
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
query-source address 127.0.1.6 port *;
allow-transfer {
127.0.1.6;
};
startup-notify-rate 100;
notify-source 127.0.1.6 ;
recursion no;
notify no;
check-integrity no;
minimal-responses yes;
max-transfer-idle-out 5;
max-transfer-time-out 10;
tcp-clients 1000;
tcp-listen-queue 100;
transfers-out 1000;
// dnssec-enable yes;
sig-validity-interval 60 30;
masterfile-format text;
request-ixfr no;
provide-ixfr no;
};
// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
key "rndc-key" {
algorithm hmac-sha256;
secret "rbdxs1PCxJY6kH9C3J/vosWkeRz9DXZkN2muT6o1N2c=";
};
controls {
inet 127.0.1.6
port 953
allow { any; } keys { "rndc-key"; };
};
// The zones
include "/usr/local/etc/namedb/named.conf.custom.inc";
```
rndc.conf:
```
key "rndc-key" {
algorithm hmac-sha256;
secret "rbdxs1PCxJY6kH9C3J/vosWkeRz9DXZkN2muT6o1N2c=";
};
options {
default-key "rndc-key";
default-server 127.0.1.6;
default-port 953;
};
```
### Relevant Log :
```
# rndc status
version: BIND 9.16.5 (Stable Release) <id:c00b458>
running on localhost.bookmyname.com: FreeBSD amd64 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1 GENERIC
boot time: Wed, 22 Jul 2020 18:37:50 GMT
last configured: Wed, 22 Jul 2020 18:37:50 GMT
configuration file: /usr/local/etc/namedb/named-custom.conf
CPUs found: 40
worker threads: 40
UDP listeners per interface: 40
number of zones: 411 (0 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/900/1000
tcp clients: 0/1000
TCP high-water: 0
server is up and running
```March 2021 (9.11.29, 9.11.29-S1, 9.16.13, 9.16.13-S1, 9.17.11)Diego dos Santos FronzaDiego dos Santos Fronzahttps://gitlab.isc.org/isc-projects/kea/-/issues/1334Update client class container2022-02-04T13:13:36ZFrancis DupontUpdate client class containerCurrent client class container (ClientClasses class) uses a list and a set. It should be changed to a multi-index (sequence and hash) because the erase by name method is now used and it is in O(size): the multi-index is in O(1) (it uses ...Current client class container (ClientClasses class) uses a list and a set. It should be changed to a multi-index (sequence and hash) because the erase by name method is now used and it is in O(size): the multi-index is in O(1) (it uses the hash to find the node).kea2.1.3Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1333simple optimizations2021-09-01T10:28:43ZFrancis Dupontsimple optimizationsA set of simple optimizations (one by MR).A set of simple optimizations (one by MR).Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2040Bind service crush during reload if enabled Catalog zones2020-07-27T06:23:00ZPavelBind service crush during reload if enabled Catalog zones### Summary
Bind crush when I try to reload configs.
This happens when catalog zone enabled.
### BIND version used
```
# named -V
BIND 9.11.13-RedHat-9.11.13-5.el8_2 (Extended Support Version) <id:ad4df16>
running on Linux x86...### Summary
Bind crush when I try to reload configs.
This happens when catalog zone enabled.
### BIND version used
```
# named -V
BIND 9.11.13-RedHat-9.11.13-5.el8_2 (Extended Support Version) <id:ad4df16>
running on Linux x86_64 4.18.0-147.8.1.el8_1.x86_64 #1 SMP Thu Apr 9 13:49:54 UTC 2020
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/libexec/platform-python' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--enable-filter-aaaa' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--enable-openssl-hash' '--with-geoip2' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-lmdb=no' '--with-cmocka' '--enable-fixed-rrset' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'CPPFLAGS= -DDIG_SIGCHASE' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
compiled by GCC 8.3.1 20191121 (Red Hat 8.3.1-5)
compiled with OpenSSL version: OpenSSL 1.1.1c FIPS 28 May 2019
linked to OpenSSL version: OpenSSL 1.1.1c FIPS 28 May 2019
compiled with libxml2 version: 2.9.7
linked to libxml2 version: 20907
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
default paths:
named configuration: /etc/named.conf
rndc configuration: /etc/rndc.conf
DNSSEC root key: /etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
1. Configure Catalog zone for any example domain.
2. Add example domain to the catalog zones.
3. Execute `systemctl reload named` or execute `rndc reload`:
```
# systemctl restart named
# systemctl reload named
# systemctl reload named
# systemctl reload named
named.service is not active, cannot reload.
```
### What is the current *bug* behavior?
During named service reload I receive next errors:
```
Jul 22 15:08:31 ns-01 named[25143]: _default.nzf:4: zone 'example.com' already exists
Jul 22 15:08:31 ns-01 named[25143]: reloading configuration failed: already exists
```
### What is the expected *correct* behavior?
Expected behavior:
```
# rndc reload
server reload successful
```
### Relevant configuration files
```
# named-checkconf -px
acl "acl_nameservers" {
10.60.64.5/32;
10.60.64.7/32;
127.0.0.1/32;
};
controls {
inet 127.0.0.1 port 9953 allow {
127.0.0.1/32;
"any";
} keys {
"rndc_key";
};
};
logging {
channel "default_debug" {
file "data/named.run";
severity dynamic;
print-time yes;
};
};
options {
bindkeys-file "/etc/named.iscdlv.key";
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
listen-on port 53 {
"any";
};
listen-on-v6 port 53 {
::1/128;
};
managed-keys-directory "/var/named/dynamic";
memstatistics-file "/var/named/data/named_mem_stats.txt";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
statistics-file "/var/named/data/named_stats.txt";
allow-new-zones yes;
catalog-zones {
zone "catalog.example.com" default-masters {
10.60.64.7;
} zone-directory "cat-zones";
};
dnssec-enable yes;
dnssec-validation yes;
recursion no;
rrset-order {
order random;
};
allow-query {
10.60.0.0/16;
127.0.0.1/32;
};
allow-transfer {
"acl_nameservers";
};
};
key "rndc_key" {
algorithm "hmac-sha256";
secret "????????????";
};
managed-keys {
"." initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
R1AkUTV74bU=";
};
server 10.60.64.7/32 {
keys "rndc_key";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update {
"none";
};
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update {
"none";
};
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update {
"none";
};
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update {
"none";
};
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update {
"none";
};
};
zone "catalog.example.com" {
type master;
file "catalog.example.com";
allow-transfer {
"acl_nameservers";
};
allow-update {
127.0.0.1/32;
};
also-notify {
10.60.64.5;
10.60.64.7;
};
notify explicit;
};
```
### Relevant logs and/or screenshots
/var/log/messages:
```
Jul 23 09:46:11 ns-01 systemd[1]: Starting Generate rndc key for BIND (DNS)...
Jul 23 09:46:11 ns-01 systemd[1]: Started Generate rndc key for BIND (DNS).
Jul 23 09:46:11 ns-01 systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
Jul 23 09:46:11 ns-01 bash[25274]: zone localhost.localdomain/IN: loaded serial 0
Jul 23 09:46:11 ns-01 bash[25274]: zone localhost/IN: loaded serial 0
Jul 23 09:46:11 ns-01 bash[25274]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Jul 23 09:46:11 ns-01 bash[25274]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jul 23 09:46:11 ns-01 bash[25274]: zone 0.in-addr.arpa/IN: loaded serial 0
Jul 23 09:46:11 ns-01 bash[25274]: catalog.example.com:2: no TTL specified; using SOA MINTTL instead
Jul 23 09:46:11 ns-01 bash[25274]: catalog.example.com:4: file does not end with newline
Jul 23 09:46:11 ns-01 bash[25274]: zone catalog.example.com/IN: loaded serial 1
Jul 23 09:46:11 ns-01 named[25278]: starting BIND 9.11.13-RedHat-9.11.13-5.el8_2 (Extended Support Version) <id:ad4df16>
Jul 23 09:46:11 ns-01 named[25278]: running on Linux x86_64 4.18.0-147.8.1.el8_1.x86_64 #1 SMP Thu Apr 9 13:49:54 UTC 2020
Jul 23 09:46:11 ns-01 named[25278]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/libexec/platform-python' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--enable-filter-aaaa' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--enable-openssl-hash' '--with-geoip2' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-lmdb=no' '--with-cmocka' '--enable-fixed-rrset' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'CPPFLAGS= -DDIG_SIGCHASE' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
Jul 23 09:46:11 ns-01 named[25278]: running as: named -u named -c /etc/named.conf
Jul 23 09:46:11 ns-01 named[25278]: compiled by GCC 8.3.1 20191121 (Red Hat 8.3.1-5)
Jul 23 09:46:11 ns-01 named[25278]: compiled with OpenSSL version: OpenSSL 1.1.1c FIPS 28 May 2019
Jul 23 09:46:11 ns-01 named[25278]: linked to OpenSSL version: OpenSSL 1.1.1c FIPS 28 May 2019
Jul 23 09:46:11 ns-01 named[25278]: compiled with libxml2 version: 2.9.7
Jul 23 09:46:11 ns-01 named[25278]: linked to libxml2 version: 20907
Jul 23 09:46:11 ns-01 named[25278]: compiled with zlib version: 1.2.11
Jul 23 09:46:11 ns-01 named[25278]: linked to zlib version: 1.2.11
Jul 23 09:46:11 ns-01 named[25278]: threads support is enabled
Jul 23 09:46:11 ns-01 named[25278]: ----------------------------------------------------
Jul 23 09:46:11 ns-01 named[25278]: BIND 9 is maintained by Internet Systems Consortium,
Jul 23 09:46:11 ns-01 named[25278]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jul 23 09:46:11 ns-01 named[25278]: corporation. Support and training for BIND 9 are
Jul 23 09:46:11 ns-01 named[25278]: available at https://www.isc.org/support
Jul 23 09:46:11 ns-01 named[25278]: ----------------------------------------------------
Jul 23 09:46:11 ns-01 named[25278]: adjusted limit on open files from 4096 to 1048576
Jul 23 09:46:11 ns-01 named[25278]: found 2 CPUs, using 2 worker threads
Jul 23 09:46:11 ns-01 named[25278]: using 1 UDP listener per interface
Jul 23 09:46:11 ns-01 named[25278]: using up to 21000 sockets
Jul 23 09:46:11 ns-01 named[25278]: loading configuration from '/etc/named.conf'
Jul 23 09:46:11 ns-01 named[25278]: unable to open '/etc/named.iscdlv.key'; using built-in keys instead
Jul 23 09:46:11 ns-01 named[25278]: looking for GeoIP2 databases in '/usr/share/GeoIP'
Jul 23 09:46:11 ns-01 named[25278]: opened GeoIP2 database '/usr/share/GeoIP/GeoLite2-Country.mmdb'
Jul 23 09:46:11 ns-01 named[25278]: opened GeoIP2 database '/usr/share/GeoIP/GeoLite2-City.mmdb'
Jul 23 09:46:11 ns-01 named[25278]: using default UDP/IPv4 port range: [32768, 60999]
Jul 23 09:46:11 ns-01 named[25278]: using default UDP/IPv6 port range: [32768, 60999]
Jul 23 09:46:11 ns-01 named[25278]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 23 09:46:11 ns-01 named[25278]: listening on IPv4 interface eth0, 10.60.64.7#53
Jul 23 09:46:11 ns-01 named[25278]: listening on IPv4 interface eth1, 10.60.72.7#53
Jul 23 09:46:11 ns-01 named[25278]: listening on IPv6 interface lo, ::1#53
Jul 23 09:46:11 ns-01 named[25278]: generating session key for dynamic DNS
Jul 23 09:46:11 ns-01 named[25278]: NZF file '_default.nzf' contains 1 zones
Jul 23 09:46:11 ns-01 named[25278]: sizing zone task pool based on 7 zones
Jul 23 09:46:11 ns-01 named[25278]: loading additional zones for view '_default'
Jul 23 09:46:11 ns-01 named[25278]: none:104: 'max-cache-size 90%' - setting to 1583MB (out of 1759MB)
Jul 23 09:46:11 ns-01 named[25278]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Jul 23 09:46:11 ns-01 named[25278]: none:104: 'max-cache-size 90%' - setting to 1583MB (out of 1759MB)
Jul 23 09:46:11 ns-01 named[25278]: command channel listening on 127.0.0.1#9953
Jul 23 09:46:11 ns-01 named[25278]: managed-keys-zone: loaded serial 36
Jul 23 09:46:11 ns-01 named[25278]: zone 0.in-addr.arpa/IN: loaded serial 0
Jul 23 09:46:11 ns-01 named[25278]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Jul 23 09:46:11 ns-01 named[25278]: zone example.com/IN: loaded serial 1595422184
Jul 23 09:46:11 ns-01 named[25278]: zone localhost/IN: loaded serial 0
Jul 23 09:46:11 ns-01 named[25278]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jul 23 09:46:11 ns-01 named[25278]: zone localhost.localdomain/IN: loaded serial 0
Jul 23 09:46:11 ns-01 named[25278]: catalog.example.com:2: no TTL specified; using SOA MINTTL instead
Jul 23 09:46:11 ns-01 named[25278]: catalog.example.com:4: file does not end with newline
Jul 23 09:46:11 ns-01 named[25278]: zone catalog.example.com/IN: loaded serial 2
Jul 23 09:46:11 ns-01 named[25278]: all zones loaded
Jul 23 09:46:11 ns-01 named[25278]: running
Jul 23 09:46:11 ns-01 named[25278]: catz: updating catalog zone 'catalog.example.com' with serial 2
Jul 23 09:46:11 ns-01 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Jul 23 09:46:11 ns-01 named[25278]: catz: adding zone 'example.com' from catalog 'catalog.example.com' - success
Jul 23 09:46:11 ns-01 named[25278]: catz: zone "example.com" is overridden by explicitly configured zone
Jul 23 09:46:11 ns-01 named[25278]: zone catalog.example.com/IN: sending notifies (serial 2)
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:7fe::53#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:500:2::c#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:dc3::35#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:7fd::1#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:500:9f::42#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:500:2d::d#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:500:200::b#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53
Jul 23 09:46:11 ns-01 named[25278]: network unreachable resolving './NS/IN': 2001:500:1::53#53
Jul 23 09:46:11 ns-01 named[25278]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Jul 23 09:46:11 ns-01 named[25278]: resolver priming query complete
Jul 23 09:46:12 ns-01 named[25278]: client @0x7ff2400a3610 10.60.64.7#39597/key rndc_key: received notify for zone 'catalog.example.com': TSIG 'rndc_key'
Jul 23 09:46:15 ns-01 systemd[1]: Reloading Berkeley Internet Name Domain (DNS).
Jul 23 09:46:15 ns-01 named[25278]: received SIGHUP signal to reload zones
Jul 23 09:46:15 ns-01 named[25278]: loading configuration from '/etc/named.conf'
Jul 23 09:46:15 ns-01 named[25278]: unable to open '/etc/named.iscdlv.key'; using built-in keys instead
Jul 23 09:46:15 ns-01 named[25278]: looking for GeoIP2 databases in '/usr/share/GeoIP'
Jul 23 09:46:15 ns-01 named[25278]: opened GeoIP2 database '/usr/share/GeoIP/GeoLite2-Country.mmdb'
Jul 23 09:46:15 ns-01 named[25278]: opened GeoIP2 database '/usr/share/GeoIP/GeoLite2-City.mmdb'
Jul 23 09:46:15 ns-01 named[25278]: using default UDP/IPv4 port range: [32768, 60999]
Jul 23 09:46:15 ns-01 named[25278]: using default UDP/IPv6 port range: [32768, 60999]
Jul 23 09:46:15 ns-01 named[25278]: NZF file '_default.nzf' contains 1 zones
Jul 23 09:46:15 ns-01 named[25278]: sizing zone task pool based on 7 zones
Jul 23 09:46:15 ns-01 named[25278]: /etc/named.conf:44: catz: catalog zone 'catalog.example.com' will not be reconfigured
Jul 23 09:46:15 ns-01 named[25278]: catz: new zone version came too soon, deferring update
Jul 23 09:46:15 ns-01 named[25278]: loading additional zones for view '_default'
Jul 23 09:46:15 ns-01 named[25278]: _default.nzf:4: zone 'example.com' already exists
Jul 23 09:46:15 ns-01 named[25278]: reloading configuration failed: already exists
Jul 23 09:46:15 ns-01 systemd[1]: Reloaded Berkeley Internet Name Domain (DNS).
Jul 23 09:46:17 ns-01 named[25278]: catz: updating catalog zone 'catalog.example.com' with serial 2
Jul 23 09:46:20 ns-01 systemd[1]: Reloading Berkeley Internet Name Domain (DNS).
Jul 23 09:46:20 ns-01 named[25278]: received SIGHUP signal to reload zones
Jul 23 09:46:20 ns-01 named[25278]: loading configuration from '/etc/named.conf'
Jul 23 09:46:20 ns-01 named[25278]: unable to open '/etc/named.iscdlv.key'; using built-in keys instead
Jul 23 09:46:20 ns-01 named[25278]: looking for GeoIP2 databases in '/usr/share/GeoIP'
Jul 23 09:46:20 ns-01 named[25278]: opened GeoIP2 database '/usr/share/GeoIP/GeoLite2-Country.mmdb'
Jul 23 09:46:20 ns-01 named[25278]: opened GeoIP2 database '/usr/share/GeoIP/GeoLite2-City.mmdb'
Jul 23 09:46:20 ns-01 named[25278]: using default UDP/IPv4 port range: [32768, 60999]
Jul 23 09:46:20 ns-01 named[25278]: using default UDP/IPv6 port range: [32768, 60999]
Jul 23 09:46:20 ns-01 named[25278]: NZF file '_default.nzf' contains 1 zones
Jul 23 09:46:20 ns-01 named[25278]: sizing zone task pool based on 7 zones
Jul 23 09:46:20 ns-01 named[25278]: /etc/named.conf:44: catz: catalog zone 'catalog.example.com' will not be reconfigured
Jul 23 09:46:20 ns-01 kernel: isc-worker0001[25280]: segfault at 0 ip 00007ff24bb321de sp 00007ff2483c1ac8 error 4 in libc-2.28.so[7ff24b9d9000+1b9000]
Jul 23 09:46:20 ns-01 kernel: Code: c8 c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 31 d2 c5 c5 ef ff 09 f0 25 ff 0f 00 00 3d 80 0f 00 00 0f 8f 52 03 00 00 <c5> fe 6f 0f c5 f5 74 06 c5 fd da c1 c5 fd 74 c7 c5 fd d7 c8 85 c9
Jul 23 09:46:20 ns-01 systemd[1]: Reloaded Berkeley Internet Name Domain (DNS).
Jul 23 09:46:20 ns-01 systemd[1]: Started Process Core Dump (PID 25297/UID 0).
Jul 23 09:46:21 ns-01 systemd[1]: named.service: Main process exited, code=killed, status=11/SEGV
Jul 23 09:46:21 ns-01 systemd[1]: named.service: Failed with result 'signal'.
Jul 23 09:46:21 ns-01 systemd-coredump[25298]: Process 25278 (named) of user 25 dumped core.#012#012Stack trace of thread 25280:#012#0 0x00007ff24bb321de __strcmp_avx2 (libc.so.6)#012#1 0x00007ff24e85782d dns_catz_catzs_set_view (libdns.so.1107)#012#2 0x00007ff24e983962 dns_zone_catz_enable (libdns.so.1107)#012#3 0x000055a448c6bd4e configure_zone (named)#012#4 0x000055a448c6ec7d configure_view (named)#012#5 0x000055a448c82b0e load_configuration (named)#012#6 0x000055a448c83875 loadconfig (named)#012#7 0x000055a448c8395e reload (named)#012#8 0x000055a448c83a7a ns_server_reload (named)#012#9 0x00007ff24d40e7df run (libisc.so.1104)#012#10 0x00007ff24cad02de start_thread (libpthread.so.0)#012#11 0x00007ff24bad5133 __clone (libc.so.6)#012#012Stack trace of thread 25279:#012#0 0x00007ff24cad647c pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0)#012#1 0x00007ff24d40e5d2 run (libisc.so.1104)#012#2 0x00007ff24cad02de start_thread (libpthread.so.0)#012#3 0x00007ff24bad5133 __clone (libc.so.6)#012#012Stack trace of thread 25282:#012#0 0x00007ff24bad5467 epoll_wait (libc.so.6)#012#1 0x00007ff24d4230ec watcher (libisc.so.1104)#012#2 0x00007ff24cad02de start_thread (libpthread.so.0)#012#3 0x00007ff24bad5133 __clone (libc.so.6)#012#012Stack trace of thread 25278:#012#0 0x00007ff24ba10c8e __sigsuspend (libc.so.6)#012#1 0x00007ff24d417b64 isc__app_ctxrun (libisc.so.1104)#012#2 0x00007ff24d4187cf isc_app_run (libisc.so.1104)#012#3 0x000055a448c34c05 main (named)#012#4 0x00007ff24b9fc873 __libc_start_main (libc.so.6)#012#5 0x000055a448c355be _start (named)#012#012Stack trace of thread 25281:#012#0 0x00007ff24cad67ca pthread_cond_timedwait@@GLIBC_2.3.2 (libpthread.so.0)#012#1 0x00007ff24d42e170 isc_condition_waituntil (libisc.so.1104)#012#2 0x00007ff24d414a23 run (libisc.so.1104)#012#3 0x00007ff24cad02de start_thread (libpthread.so.0)#012#4 0x00007ff24bad5133 __clone (libc.so.6)
Jul 23 09:46:21 ns-01 systemd[1]: named.service: Unit cannot be reloaded because it is inactive.
```
Is there some kind of workaround for this problem?https://gitlab.isc.org/isc-projects/bind9/-/issues/2039random_test.c:433: error: Failure: p_value_t >= 0.0001 on CentOS 72023-02-06T19:48:34ZMichal Nowakrandom_test.c:433: error: Failure: p_value_t >= 0.0001 on CentOS 7I got a `random_test` [failure](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1038016) on CentOS 7:
```
[ RUN ] isc_random_uniform_binarymatrixrank
[ ERROR ] --- p_value_t >= 0.0001
[ LINE ] --- random_test.c:433: error: F...I got a `random_test` [failure](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1038016) on CentOS 7:
```
[ RUN ] isc_random_uniform_binarymatrixrank
[ ERROR ] --- p_value_t >= 0.0001
[ LINE ] --- random_test.c:433: error: Failure!
[ FAILED ] isc_random_uniform_binarymatrixrank
```
Did not failed anywhere else, passed on reschedule.BIND 9.17 Backburnerhttps://gitlab.isc.org/isc-projects/stork/-/issues/356Make sure Stork runs on RHEL7 with FIPS enabled2020-08-11T07:58:05ZTomek MrugalskiMake sure Stork runs on RHEL7 with FIPS enabledThere's a report that Stork migration fails on RHEL7 with FIPS enabled.
For details, see [support#16817](https://support.isc.org/Ticket/Display.html?id=16817).
On a related note, we should migrate away from poor security algorithms lik...There's a report that Stork migration fails on RHEL7 with FIPS enabled.
For details, see [support#16817](https://support.isc.org/Ticket/Display.html?id=16817).
On a related note, we should migrate away from poor security algorithms like MD5 and use something modern.0.10Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/355Add server option to skip DB migration on startup2021-04-09T10:46:37ZTomek MrugalskiAdd server option to skip DB migration on startupBy default, the server always runs migrations on startup. This is convenient, as users don't need to remember about it and migrations are done automatically. However, on some systems where migration is causing problems, there should be a...By default, the server always runs migrations on startup. This is convenient, as users don't need to remember about it and migrations are done automatically. However, on some systems where migration is causing problems, there should be a way to skip migration.
When migration is disabled, the server should simply check if the schema version is as expected. If it's not, refuse to start. Alternatively, it could print a critical warning and try to run, but if the DB is not up to date, there would be problems that's impossible to predict.
Background for this request [support#16817](https://support.isc.org/Ticket/Display.html?id=16817).outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/354DB migration tool must allow migration to specific schema versions2021-03-05T13:12:48ZTomek MrugalskiDB migration tool must allow migration to specific schema versionsSee background for this request: [support#16817](https://support.isc.org/Ticket/Display.html?id=16817).
There's a need to be able to migrate to specific version. In some environments (with FIPS enabled), some migrations may have to be d...See background for this request: [support#16817](https://support.isc.org/Ticket/Display.html?id=16817).
There's a need to be able to migrate to specific version. In some environments (with FIPS enabled), some migrations may have to be done manually. This is not ideal, but it's useful for troubleshooting/workaround purposes.
There should be a command, like `migrate 12`.1.0-backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/353Event manager should log reconfiguration events2020-12-07T10:26:13ZVicky Riskvicky@isc.orgEvent manager should log reconfiguration eventsEvent manager should log Kea reconfiguration events (config-set)Event manager should log Kea reconfiguration events (config-set)0.14Vicky Riskvicky@isc.orgVicky Riskvicky@isc.orghttps://gitlab.isc.org/isc-projects/stork/-/issues/352More BIND resolver query details2021-06-01T08:44:41ZVicky Riskvicky@isc.orgMore BIND resolver query detailsNow that we have the basic query details in Grafana, we would like even more details. These additional requirements were moved from #63
- [ ] regular vs encrypted queries (once we have DoT)
- [ ] 'direct' vs forwarded queries
- [ ] RPZ...Now that we have the basic query details in Grafana, we would like even more details. These additional requirements were moved from #63
- [ ] regular vs encrypted queries (once we have DoT)
- [ ] 'direct' vs forwarded queries
- [ ] RPZ statistics - # of RPZ matches
- [ ] # of rewrites, NXDOMAINs, by RPZ zone, % of queries that hit RPZ.
- [ ] It is also relevant, if possible to ask what % of different negative answers, such as, NXDOMAINs, SERVFAILs or NODATAs are 'real' vs RPZ re-writes.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1332extend perfdhcp to simulate ha failure2020-11-20T09:09:38ZWlodzimierz Wencelextend perfdhcp to simulate ha failureat this moment we can't simulate ha failure using perfdhcp. Extend perfdhcpat this moment we can't simulate ha failure using perfdhcp. Extend perfdhcpkea1.9.2Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2038Bind not handling interfaces changes correctly when listen-on-v6 any specified2020-08-04T09:47:10ZPeter DaviesBind not handling interfaces changes correctly when listen-on-v6 any specifiedBind not handling interfaces changes correctly when listen-on-v6 any is specified:
Ref: [RT #16753](https://support.isc.org/Ticket/Display.html?id=16753)
Interfaces changes not being correctly handled on ipv6 changes, when the l...Bind not handling interfaces changes correctly when listen-on-v6 any is specified:
Ref: [RT #16753](https://support.isc.org/Ticket/Display.html?id=16753)
Interfaces changes not being correctly handled on ipv6 changes, when the listen-on-v6 statement is defined as "any".
After network reconfiguration bind stopped listening on an previously active ipv6 socket.August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)https://gitlab.isc.org/isc-projects/bind9/-/issues/2037[CVE-2020-8623] A flaw in native PKCS#11 code can lead to a remotely triggera...2020-11-27T20:05:53ZOndřej Surý[CVE-2020-8623] A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c> Came from ...@yandex.ru:
>
> BIND should be compiled with --enable-native-pkcs11 and --with-pkcs11 options.
>
> The exploit triggers abort() in pk11_numbits function.
>
> Bug details:
> from lib/isc/pk11.c
>
> ```c
> unsigned int
>...> Came from ...@yandex.ru:
>
> BIND should be compiled with --enable-native-pkcs11 and --with-pkcs11 options.
>
> The exploit triggers abort() in pk11_numbits function.
>
> Bug details:
> from lib/isc/pk11.c
>
> ```c
> unsigned int
> pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt) {
> unsigned int bitcnt, i;
> CK_BYTE top;
>
> if (bytecnt == 0) {
> return (0);
> }
> bitcnt = bytecnt * 8;
> for (i = 0; i < bytecnt; i++) {
> top = data[i];
> if (top == 0) {
> bitcnt -= 8;
> continue;
> }
> ...
> }
> INSIST(0);
> ISC_UNREACHABLE();
> }
> ```
> Which means that if all bytes are 0, abort will be triggered.
>
> How to reproduce:
> 1) configure and build softhsm 2.6.1:
> ```
> $ ./configure --prefix=/var/softhsm --with-openssl=/var/openssl --with-crypto-backend=openssl
> $ make && sudo make install
> ```
>
> 2) compile BIND with PKCS11 support
> ```
> $ ./configure --prefix=/opt/bind --disable-chroot --enable-native-pkcs11 --with-pkcs11=/var/softhsm/lib/softhsm/libsofthsm2.so
> $ make && sudo make install
> ```
>
> 3) Configure BIND
> ```
> # init softhsm (PIN 1234)
> # /var/softhsm/bin//softhsm2-util --init-token --free --label softhsm
> Slot 1 has a free/uninitialized token.
> === SO PIN (4-255 characters) ===
> Please enter SO PIN: ****
> Please reenter SO PIN: ****
> === User PIN (4-255 characters) ===
> Please enter user PIN: ****
> Please reenter user PIN: ****
> The token has been initialized and is reassigned to slot 1294545520
>
> # export SLOT=1294545520
>
> # cd bin/tests/system/pkcs11
> ```
>
> Edit ns1/example.db.in and ns1/named.conf.in, change IP from 10.53.0.1 to your server IP
> After that run included setports.sh:
> ```
> # bash setports.sh
> ```
>
> Now you can generate the keys:
> ```
> # bash setup.sh
> ```
>
> ```
> # cp ns1/* /opt/bind/etc
> ```
>
> Fix permissions:
> ```
> # chown -R bind:bind /opt/bind/var/run
> ```
>
> Edit `/opt/bind/etc/named.conf` and change all paths to `*.example.db.signed` to full path, should be like this:
> ```
> zone "ecdsap384sha384.example." {
> type master;
> file "/opt/bind/etc/ecdsap384sha384.example.db.signed";
> allow-update { any; };
> };
> ```
>
>
> 4) Run BIND
> ```
> # cd /opt/bind/var/run
> # /opt/bind/sbin/named -g -d0 -u bind -c /opt/bind/etc/named.conf
> ```
>
> 5) run t1.py
> ```
> $ ./t1.py <your_server_ip> 53
> ```
>
> Example bind log:
>
> ```
> 25-Jun-2020 01:23:14.297 pk11.c:698: INSIST(0) failed, back trace
> 25-Jun-2020 01:23:14.297 #0 0x5583e7797e9b in __do_global_dtors_aux_fini_array_entry()+0x5583e6971623
> 25-Jun-2020 01:23:14.297 #1 0x5583e705686d in __do_global_dtors_aux_fini_array_entry()+0x5583e622fff5
> 25-Jun-2020 01:23:14.301 #2 0x5583e779783d in __do_global_dtors_aux_fini_array_entry()+0x5583e6970fc5
> 25-Jun-2020 01:23:14.301 #3 0x5583e77909d1 in __do_global_dtors_aux_fini_array_entry()+0x5583e696a159
> 25-Jun-2020 01:23:14.301 #4 0x5583e76de425 in __do_global_dtors_aux_fini_array_entry()+0x5583e68b7bad
> 25-Jun-2020 01:23:14.301 #5 0x5583e76c2080 in __do_global_dtors_aux_fini_array_entry()+0x5583e689b808
> 25-Jun-2020 01:23:14.301 #6 0x5583e76b4686 in __do_global_dtors_aux_fini_array_entry()+0x5583e688de0e
> 25-Jun-2020 01:23:14.305 #7 0x5583e734667e in __do_global_dtors_aux_fini_array_entry()+0x5583e651fe06
> 25-Jun-2020 01:23:14.305 #8 0x5583e7193db9 in __do_global_dtors_aux_fini_array_entry()+0x5583e636d541
> 25-Jun-2020 01:23:14.305 #9 0x5583e71a2181 in __do_global_dtors_aux_fini_array_entry()+0x5583e637b909
> 25-Jun-2020 01:23:14.305 #10 0x5583e7826f71 in __do_global_dtors_aux_fini_array_entry()+0x5583e6a006f9
> 25-Jun-2020 01:23:14.305 #11 0x5583e782800c in __do_global_dtors_aux_fini_array_entry()+0x5583e6a01794
> 25-Jun-2020 01:23:14.305 #12 0x7fd791aba6db in __do_global_dtors_aux_fini_array_entry()+0x7fd790c93e63
> 25-Jun-2020 01:23:14.305 #13 0x7fd7913d988f in __do_global_dtors_aux_fini_array_entry()+0x7fd7905b3017
> 25-Jun-2020 01:23:14.309 exiting (due to assertion failure)
> Aborted (core dumped)
> ```August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2036The "main" memory context may not be clean upon exit, causing crashes2020-09-30T06:24:50ZMichal NowakThe "main" memory context may not be clean upon exit, causing crashesI saw the `shutdown` test fail three times (50 % of times) on FreeBSD [11](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1034239) & [12](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1034321) on `main` (9dcf229634968dc7d808c1d23f4b...I saw the `shutdown` test fail three times (50 % of times) on FreeBSD [11](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1034239) & [12](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1034321) on `main` (9dcf229634968dc7d808c1d23f4bab5d3ba7f47f):
```
S:shutdown:2020-07-21T08:24:29+0000
T:shutdown:1:A
A:shutdown:System test shutdown
I:shutdown:PORTS:25125,25126,25127,25128,25129,25130,25131,25132,25133,25134
I:shutdown:starting servers
D:shutdown:============================= test session starts ==============================
D:shutdown:platform freebsd11 -- Python 3.7.7, pytest-4.5.0, py-1.8.1, pluggy-0.12.0 -- /usr/local/bin/python3.7
D:shutdown:cachedir: .pytest_cache
D:shutdown:rootdir: /builds/isc-projects/bind9/bin/tests/system/shutdown
D:shutdown:collecting ... collected 1 item
D:shutdown:
D:shutdown:tests-shutdown.py::test_named_shutdown FAILED [100%]
D:shutdown:
D:shutdown:=================================== FAILURES ===================================
D:shutdown:_____________________________ test_named_shutdown ______________________________
D:shutdown:
D:shutdown:named_port = 25125, control_port = 25134
D:shutdown:
D:shutdown:@pytest.mark.dnspython
D:shutdown:def test_named_shutdown(named_port, control_port):
D:shutdown:# pylint: disable-msg=too-many-locals
D:shutdown:cfg_dir = os.path.join(os.getcwd(), "resolver")
D:shutdown:assert os.path.isdir(cfg_dir)
D:shutdown:
D:shutdown:cfg_file = os.path.join(cfg_dir, "named.conf")
D:shutdown:assert os.path.isfile(cfg_file)
D:shutdown:
D:shutdown:named = os.getenv("NAMED")
D:shutdown:assert named is not None
D:shutdown:
D:shutdown:rndc = os.getenv("RNDC")
D:shutdown:assert rndc is not None
D:shutdown:
D:shutdown:systest_dir = os.getenv("SYSTEMTESTTOP")
D:shutdown:assert systest_dir is not None
D:shutdown:
D:shutdown:# rndc configuration resides in $SYSTEMTESTTOP/common/rndc.conf
D:shutdown:rndc_cfg = os.path.join(systest_dir, "common", "rndc.conf")
D:shutdown:assert os.path.isfile(rndc_cfg)
D:shutdown:
D:shutdown:# rndc command with default arguments.
D:shutdown:rndc_cmd = [rndc, "-c", rndc_cfg, "-p", str(control_port),
D:shutdown:"-s", "10.53.0.3"]
D:shutdown:
D:shutdown:# Helper function, launch named without blocking.
D:shutdown:def launch_named():
D:shutdown:proc = subprocess.Popen([named, "-c", cfg_file, "-f"], cwd=cfg_dir)
D:shutdown:# Ensure named is running
D:shutdown:assert proc.poll() is None
D:shutdown:
D:shutdown:return proc
D:shutdown:
D:shutdown:# We create a resolver instance that will be used to send queries.
D:shutdown:resolver = dns.resolver.Resolver()
D:shutdown:resolver.nameservers = ['10.53.0.3']
D:shutdown:resolver.port = named_port
D:shutdown:
D:shutdown:# We test named shutting down using two methods:
D:shutdown:# Method 1: using rndc ctop
D:shutdown:# Method 2: killing with SIGTERM
D:shutdown:# In both methods named should exit gracefully.
D:shutdown:for kill_method in ("rndc", "sigterm"):
D:shutdown:named_proc = launch_named()
D:shutdown:time.sleep(2)
D:shutdown:
D:shutdown:do_work(named_proc, resolver, rndc_cmd,
D:shutdown:kill_method, n_workers=12, n_queries=16)
D:shutdown:
D:shutdown:# Wait named to exit for a maximum of MAX_TIMEOUT seconds.
D:shutdown:MAX_TIMEOUT = 10
D:shutdown:is_dead = False
D:shutdown:for _ in range(MAX_TIMEOUT):
D:shutdown:if named_proc.poll() is not None:
D:shutdown:is_dead = True
D:shutdown:break
D:shutdown:time.sleep(1)
D:shutdown:
D:shutdown:if not is_dead:
D:shutdown:named_proc.kill()
D:shutdown:
D:shutdown:assert is_dead
D:shutdown:# Ensures that named exited gracefully.
D:shutdown:# If it crashed (abort()) exitcode will be non zero.
D:shutdown:> assert named_proc.returncode == 0
D:shutdown:E assert -6 == 0
D:shutdown:E --6
D:shutdown:E +0
D:shutdown:
D:shutdown:tests-shutdown.py:193: AssertionError
D:shutdown:----------------------------- Captured stdout call -----------------------------
D:shutdown:version: BIND 9.17.3 (Development Release) <id:b59e691>
D:shutdown:running on freebsd: FreeBSD amd64 11.4-RELEASE FreeBSD 11.4-RELEASE #0 r362094: Fri Jun 12 18:27:15 UTC 2020 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
D:shutdown:boot time: Tue, 21 Jul 2020 08:24:34 GMT
D:shutdown:last configured: Tue, 21 Jul 2020 08:24:34 GMT
D:shutdown:configuration file: /builds/isc-projects/bind9/bin/tests/system/shutdown/resolver/named.conf
D:shutdown:CPUs found: 4
D:shutdown:worker threads: 4
D:shutdown:UDP listeners per interface: 4
D:shutdown:number of zones: 100 (99 automatic)
D:shutdown:debug level: 0
D:shutdown:xfers running: 0
D:shutdown:xfers deferred: 0
D:shutdown:soa queries in progress: 0
D:shutdown:query logging is OFF
D:shutdown:recursive clients: 0/900/1000
D:shutdown:tcp clients: 0/150
D:shutdown:TCP high-water: 0
D:shutdown:server is up and running
D:shutdown:version: BIND 9.17.3 (Development Release) <id:b59e691>
D:shutdown:running on freebsd: FreeBSD amd64 11.4-RELEASE FreeBSD 11.4-RELEASE #0 r362094: Fri Jun 12 18:27:15 UTC 2020 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
D:shutdown:boot time: Tue, 21 Jul 2020 08:24:34 GMT
D:shutdown:last configured: Tue, 21 Jul 2020 08:24:34 GMT
D:shutdown:configuration file: /builds/isc-projects/bind9/bin/tests/system/shutdown/resolver/named.conf
D:shutdown:CPUs found: 4
D:shutdown:worker threads: 4
D:shutdown:UDP listeners per interface: 4
D:shutdown:number of zones: 100 (99 automatic)
D:shutdown:debug level: 0
D:shutdown:xfers running: 0
D:shutdown:xfers deferred: 0
D:shutdown:soa queries in progress: 0
D:shutdown:query logging is OFF
D:shutdown:recursive clients: 0/900/1000
D:shutdown:tcp clients: 0/150
D:shutdown:TCP high-water: 0
D:shutdown:server is up and running
D:shutdown:version: BIND 9.17.3 (Development Release) <id:b59e691>
D:shutdown:running on freebsd: FreeBSD amd64 11.4-RELEASE FreeBSD 11.4-RELEASE #0 r362094: Fri Jun 12 18:27:15 UTC 2020 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
D:shutdown:boot time: Tue, 21 Jul 2020 08:24:34 GMT
D:shutdown:last configured: Tue, 21 Jul 2020 08:24:34 GMT
D:shutdown:configuration file: /builds/isc-projects/bind9/bin/tests/system/shutdown/resolver/named.conf
D:shutdown:CPUs found: 4
D:shutdown:worker threads: 4
D:shutdown:UDP listeners per interface: 4
D:shutdown:number of zones: 100 (99 automatic)
D:shutdown:debug level: 0
D:shutdown:xfers running: 0
D:shutdown:xfers deferred: 0
D:shutdown:soa queries in progress: 0
D:shutdown:query logging is OFF
D:shutdown:recursive clients: 0/900/1000
D:shutdown:tcp clients: 0/150
D:shutdown:TCP high-water: 0
D:shutdown:server is up and running
D:shutdown:----------------------------- Captured stderr call -----------------------------
D:shutdown:rndc: connection to remote host closed.
D:shutdown:* This may indicate that the
D:shutdown:* remote server is using an older
D:shutdown:* version of the command protocol,
D:shutdown:* this host is not authorized to connect,
D:shutdown:* the clocks are not synchronized,
D:shutdown:* the key signing algorithm is incorrect,
D:shutdown:* or the key is invalid.
D:shutdown:rndc: connection to remote host closed.
D:shutdown:* This may indicate that the
D:shutdown:* remote server is using an older
D:shutdown:* version of the command protocol,
D:shutdown:* this host is not authorized to connect,
D:shutdown:* the clocks are not synchronized,
D:shutdown:* the key signing algorithm is incorrect,
D:shutdown:* or the key is invalid.
D:shutdown:rndc: connection to remote host closed.
D:shutdown:* This may indicate that the
D:shutdown:* remote server is using an older
D:shutdown:* version of the command protocol,
D:shutdown:* this host is not authorized to connect,
D:shutdown:* the clocks are not synchronized,
D:shutdown:* the key signing algorithm is incorrect
D:shutdown:* or the key is invalid.
D:shutdown:rndc: connection to remote host closed.
D:shutdown:* This may indicate that the
D:shutdown:* remote server is using an older
D:shutdown:* version of the command protocol,
D:shutdown:* this host is not authorized to connect,
D:shutdown:* the clocks are not synchronized,
D:shutdown:* the key signing algorithm is incorrect,
D:shutdown:* or the key is invalid.
D:shutdown:Failing assertion due to probable leaked memory in context 0x805c23000 ("main") (stats[9].gets == 3).
D:shutdown:mem.c:893: INSIST(ctx->stats[i].gets == 0U) failed
D:shutdown:=========================== 1 failed in 6.57 seconds ===========================
I:system:FAILED
I:shutdown:stopping servers
I:shutdown:Core dump(s) found: shutdown/resolver/core.43405
D:shutdown:backtrace from shutdown/resolver/core.43405:
D:shutdown:--------------------------------------------------------------------------------
D:shutdown:Core was generated by `/builds/isc-projects/bind9/bin/named/.libs/named -c /builds/isc-projects/bind9/b'.
D:shutdown:Program terminated with signal SIGABRT, Aborted.
D:shutdown:#0 0x0000000804b1b0ba in thr_kill () from /lib/libc.so.7
D:shutdown:#0 0x0000000804b1b0ba in thr_kill () from /lib/libc.so.7
D:shutdown:#1 0x0000000804b1b084 in raise () from /lib/libc.so.7
D:shutdown:#2 0x0000000804b1aff9 in abort () from /lib/libc.so.7
D:shutdown:#3 0x000000000041c612 in assertion_failed (file=<optimized out>, line=<optimized out>, type=isc_assertiontype_insist, cond=<optimized out>) at main.c:253
D:shutdown:#4 0x00000008008c144a in isc_assertion_failed (file=0x18b57 <error: Cannot access memory at address 0x18b57>, line=6, type=isc_assertiontype_require, cond=0x804b1b0da <thr_self+10> "\017\202\204\350\b") at assertions.c:46
D:shutdown:#5 0x00000008008ce783 in destroy (ctx=0x805c23000) at mem.c:893
D:shutdown:#6 0x00000008008ceb76 in isc_mem_destroy (ctxp=0x674fc0 <named_g_mctx>) at mem.c:1021
D:shutdown:#7 0x000000000041c55f in main (argc=<optimized out>, argv=<optimized out>) at main.c:1573
D:shutdown:--------------------------------------------------------------------------------
D:shutdown:full backtrace from shutdown/resolver/core.43405 saved in core.43405-backtrace.txt
D:shutdown:core dump shutdown/resolver/core.43405 archived as shutdown/resolver/core.43405.gz
R:shutdown:FAIL
E:shutdown:2020-07-21T08:24:42+0000
FAIL shutdown (exit status: 1)
```October 2020 (9.11.24, 9.11.24-S1, 9.16.8, 9.16.8-S1, 9.17.6)Witold KrecickiWitold Krecickihttps://gitlab.isc.org/isc-projects/bind9/-/issues/2035v9.16.5 fails to build on OS X 10.11: "error: use of undeclared identifier 'C...2020-07-21T08:35:21Zleonv9.16.5 fails to build on OS X 10.11: "error: use of undeclared identifier 'CLOCK_REALTIME'"### Steps to reproduce
```sh
$ brew install bind
# [..]
/openssl@1.1/1.1.1g/include -I/usr/local/Cellar/json-c/0.14/include -I/usr/local/Cellar/json-c/0.14/include/json-c -I/usr/include/libxml2 -g -O2 -Qunused-arguments -pthread -fP...### Steps to reproduce
```sh
$ brew install bind
# [..]
/openssl@1.1/1.1.1g/include -I/usr/local/Cellar/json-c/0.14/include -I/usr/local/Cellar/json-c/0.14/include/json-c -I/usr/include/libxml2 -g -O2 -Qunused-arguments -pthread -fPIC -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -Wno-missing-field-initializers -fno-strict-aliasing -c time.c
stdtime.c:41:20: error: use of undeclared identifier 'CLOCK_REALTIME'
if (clock_gettime(CLOCKSOURCE, &ts) == -1) {
^
stdtime.c:32:21: note: expanded from macro 'CLOCKSOURCE'
#define CLOCKSOURCE CLOCK_REALTIME
^
1 error generated.
make[3]: *** [stdtime.o] Error 1
make[3]: *** Waiting for unfinished jobs....
time.c:116:20: error: use of undeclared identifier 'CLOCK_REALTIME'
if (clock_gettime(CLOCKSOURCE, &ts) == -1) {
^
time.c:41:21: note: expanded from macro 'CLOCKSOURCE'
#define CLOCKSOURCE CLOCK_REALTIME
^
time.c:150:20: error: use of undeclared identifier 'CLOCK_REALTIME'
if (clock_gettime(CLOCKSOURCE, &ts) == -1) {
^
time.c:41:21: note: expanded from macro 'CLOCKSOURCE'
#define CLOCKSOURCE CLOCK_REALTIME
^
2 errors generated.
make[3]: *** [time.o] Error 1
make[2]: *** [subdirs] Error 1
make[1]: *** [subdirs] Error 1
make: *** [subdirs] Error 1
```