BIND issueshttps://gitlab.isc.org/isc-projects/bind9/-/issues2021-10-08T14:37:43Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2071BIND stuck after error "unable to obtain neither an IPv4 nor an IPv6 dispatch"2021-10-08T14:37:43ZAnand BuddhdevBIND stuck after error "unable to obtain neither an IPv4 nor an IPv6 dispatch"### Summary
Server appeared to be stuck in some strange state after "rndc reconfig".
### BIND version used
```
BIND 9.16.5 (Stable Release) <id:c00b458>
running on Linux x86_64 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UT...### Summary
Server appeared to be stuck in some strange state after "rndc reconfig".
### BIND version used
```
BIND 9.16.5 (Stable Release) <id:c00b458>
running on Linux x86_64 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/named' '--disable-static' '--with-pic' '--without-python' '--with-libtool' '--without-lmdb' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-39)
compiled with OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
compiled with libxml2 version: 2.9.1
linked to libxml2 version: 20901
compiled with json-c version: 0.11
linked to json-c version: 0.11
compiled with zlib version: 1.2.7
linked to zlib version: 1.2.7
threads support is enabled
default paths:
named configuration: /etc/named/named.conf
rndc configuration: /etc/named/rndc.conf
DNSSEC root key: /etc/named/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
```
### Steps to reproduce
Haven't been able to reproduce this. We run "rndc reconfig" frequently on many of our BIND servers, and this is the first time I've seen such behaviour. On this specific server, after log rotation, logrotate ran "rndc reconfig" and BIND logged this:
### What is the current *bug* behavior?
After logging that error, BIND appeared to be stuck in a strange state. It was answering queries over UDP (did not check TCP). However, it was not refreshing any of the secondary zones. However, I don't know what was going on, because logrotate compressed the rotated log file and deleted the original, but the named process still held it open. However, it couldn't write any logs. "rndc zonestatus" for various zones showed them loaded and stuck on older serials.
### What is the expected *correct* behavior?
BIND should have reloaded its configuration and created a new log file in /var/log/named/named.log
### Relevant configuration files
I'm not including the entire config file here, but here are the relevant snippets:
```
logging {
channel "default" {
file "/var/log/named/named.log";
severity info;
print-time yes;
print-category yes;
};
channel "ratelimit" {
file "/var/log/named/ratelimit.ringlog" versions 10 size 10485760;
print-time yes;
};
category "default" {
"default";
};
category "rate-limit" {
"ratelimit";
};
category "update" {
"null";
};
category "update-security" {
"null";
};
};
options {
answer-cookie no;
directory "/var/named";
keep-response-order {
"any";
};
listen-on {
127.0.0.1/32;
IPv4 address/32;
};
listen-on-v6 {
::1/128;
IPv6 address/128;
};
server-id hostname;
tcp-clients 1000;
transfers-in 100;
transfers-out 100;
version "9.16";
dnssec-validation no;
ixfr-from-differences yes;
minimal-responses yes;
recursion no;
allow-transfer {
"internal";
};
max-journal-size 10485760;
notify explicit;
zero-no-soa-ttl no;
zone-statistics none;
};
```
### Relevant logs and/or screenshots
This was the last thing logged in the rotated file:
```
10-Aug-2020 09:21:29.548 general: received control channel command 'reconfig'
10-Aug-2020 09:21:29.548 general: loading configuration from '/etc/named/named.conf'
10-Aug-2020 09:21:29.848 general: unable to open '/etc/named/bind.keys'; using built-in keys instead
10-Aug-2020 09:21:29.851 general: using default UDP/IPv4 port range: [32768, 60999]
10-Aug-2020 09:21:29.851 general: using default UDP/IPv6 port range: [32768, 60999]
10-Aug-2020 09:21:29.853 general: sizing zone task pool based on 4615 zones
10-Aug-2020 09:21:30.253 config: none:98: 'max-cache-size 90%' - setting to 57795MB (out of 64216MB)
10-Aug-2020 09:21:30.253 general: ./server.c:4530: unexpected error:
10-Aug-2020 09:21:30.253 general: unable to obtain neither an IPv4 nor an IPv6 dispatch
10-Aug-2020 09:21:30.276 general: reloading configuration failed: unexpected error
```
We were debugging the issue the next day, on Aug 11. When we couldn't figure anything out, we tried to restart BIND. It runs under systemd on our server, and this is what appeared in the systemd journal:
```
Aug 11 09:08:00 hostname systemd[1]: Stopping BIND...
Aug 11 09:08:01 hostname named[3686]: named: src/unix/udp.c:119: uv__udp_finish_close: Assertion `handle->send_queue_size == 0' failed.
Aug 11 09:08:01 hostname named[3686]: named: src/unix/udp.c:119: uv__udp_finish_close: Assertion `handle->send_queue_size == 0' failed.
Aug 11 09:08:01 hostname named[3686]: named: src/unix/udp.c:119: uv__udp_finish_close: Assertion `handle->send_queue_size == 0' failed.
Aug 11 09:08:01 hostname named[3686]: named: src/unix/udp.c:119: uv__udp_finish_close: Assertion `handle->send_queue_size == 0' failed.
Aug 11 09:08:01 hostname named[3686]: named: src/unix/udp.c:119: uv__udp_finish_close: Assertion `handle->send_queue_size == 0' failed.
Aug 11 09:08:01 hostname named[3686]: named: src/unix/udp.c:119: uv__udp_finish_close: Assertion `handle->send_queue_size == 0' failed.
Aug 11 09:08:01 hostname named[3686]: named: src/unix/udp.c:119: uv__udp_finish_close: Assertion `handle->send_queue_size == 0' failed.
Aug 11 09:08:01 hostname named[3686]: named: src/unix/udp.c:119: uv__udp_finish_close: Assertion `handle->send_queue_size == 0' failed.
Aug 11 09:08:01 hostname named[3686]: named: src/unix/udp.c:119: uv__udp_finish_close: Assertion `handle->send_queue_size == 0' failed.
Aug 11 09:08:01 hostname named[3686]: named: src/unix/udp.c:119: uv__udp_finish_close: Assertion `handle->send_queue_size == 0' failed.
Aug 11 09:08:01 hostname named[3686]: named: src/unix/udp.c:119: uv__udp_finish_close: Assertion `handle->send_queue_size == 0' failed.
Aug 11 09:09:30 hostname systemd[1]: named.service stop-sigterm timed out. Killing.
```
BIND logged those errors, but failed to exit, so systemd sent it a KILL signal after 90s.
### Possible fixes
I don't have any suggestion for a fix.February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)https://gitlab.isc.org/isc-projects/bind9/-/issues/2403dig has a fit with option -multi (typo on +multi)2022-04-26T13:16:36ZJP Mensdig has a fit with option -multi (typo on +multi)### Summary
`dig` crashes when erroneously given option `-multi`
During a training, a student (Rob) erroneously specified `-multi` instead of `+multi` when using `dig` on an internal training domain. This was using `bind-utils-9.11.20-...### Summary
`dig` crashes when erroneously given option `-multi`
During a training, a student (Rob) erroneously specified `-multi` instead of `+multi` when using `dig` on an internal training domain. This was using `bind-utils-9.11.20-5.el8.x86_64` on CentOS 8.
I am able to reproduce this on a similar machine with an ISC COPR release.
### BIND version used
```
BIND 9.16.11 (Stable Release) <id:9ff601b>
running on Linux x86_64 4.18.0-240.1.1.el8_3.x86_64 #1 SMP Thu Nov 19 17:20:08 UTC 2020
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/isc/isc-bind/root/usr' '--exec-prefix=/opt/isc/isc-bind/root/usr' '--bindir=/opt/isc/isc-bind/root/usr/bin' '--sbindir=/opt/isc/isc-bind/root/usr/sbin' '--sysconfdir=/etc/opt/isc/scls/isc-bind' '--datadir=/opt/isc/isc-bind/root/usr/share' '--includedir=/opt/isc/isc-bind/root/usr/include' '--libdir=/opt/isc/isc-bind/root/usr/lib64' '--libexecdir=/opt/isc/isc-bind/root/usr/libexec' '--localstatedir=/var/opt/isc/scls/isc-bind' '--sharedstatedir=/var/opt/isc/scls/isc-bind/lib' '--mandir=/opt/isc/isc-bind/root/usr/share/man' '--infodir=/opt/isc/isc-bind/root/usr/share/info' '--disable-static' '--enable-dnstap' '--with-pic' '--with-gssapi' '--with-json-c' '--with-libtool' '--with-libxml2' '--without-lmdb' '--with-python' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L/opt/isc/isc-bind/root/usr/lib64' 'LT_SYS_LIBRARY_PATH=/usr/lib64' 'PKG_CONFIG_PATH=:/opt/isc/isc-bind/root/usr/lib64/pkgconfig:/opt/isc/isc-bind/root/usr/share/pkgconfig' 'SPHINX_BUILD=/builddir/build/BUILD/bind-9.16.11/sphinx/bin/sphinx-build'
compiled by GCC 8.3.1 20191121 (Red Hat 8.3.1-5)
compiled with OpenSSL version: OpenSSL 1.1.1g FIPS 21 Apr 2020
linked to OpenSSL version: OpenSSL 1.1.1g FIPS 21 Apr 2020
compiled with libuv version: 1.40.0
linked to libuv version: 1.40.0
compiled with libxml2 version: 2.9.7
linked to libxml2 version: 20907
compiled with json-c version: 0.13.1
linked to json-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
default paths:
named configuration: /etc/opt/isc/scls/isc-bind/named.conf
rndc configuration: /etc/opt/isc/scls/isc-bind/rndc.conf
DNSSEC root key: /etc/opt/isc/scls/isc-bind/bind.keys
nsupdate session key: /var/opt/isc/scls/isc-bind/run/named/session.key
named PID file: /var/opt/isc/scls/isc-bind/run/named/named.pid
named lock file: /var/opt/isc/scls/isc-bind/run/named/named.lock
```
### Steps to reproduce
```
/opt/isc/isc-bind/root/bin/dig isc.org -multi
```
### What is the current *bug* behavior?
```console
$ /opt/isc/isc-bind/root/bin/dig isc.org -multi
add 0x55a9501c2160 size 8528 file log.c line 257 mctx 0x55a9501b53e0
add 0x7fd9d72c6010 size 72 file log.c line 306 mctx 0x55a9501b53e0
add 0x7fd9d72c7010 size 80 file log.c line 665 mctx 0x55a9501b53e0
add 0x7fd9d72c8018 size 23 file log.c line 667 mctx 0x55a9501b53e0
add 0x7fd9d72c7060 size 80 file log.c line 665 mctx 0x55a9501b53e0
add 0x7fd9d72c8030 size 23 file log.c line 667 mctx 0x55a9501b53e0
add 0x7fd9d72c70b0 size 80 file log.c line 665 mctx 0x55a9501b53e0
add 0x7fd9d72c8048 size 22 file log.c line 667 mctx 0x55a9501b53e0
add 0x7fd9d72c7100 size 80 file log.c line 665 mctx 0x55a9501b53e0
add 0x7fd9d72c9008 size 13 file log.c line 667 mctx 0x55a9501b53e0
add 0x7fd9d72c9010 size 32 file log.c line 996 mctx 0x55a9501b53e0
add 0x7fd9d72ca010 size 336 file log.c line 996 mctx 0x55a9501b53e0
del 0x7fd9d72c9010 size 32 file log.c line 1004 mctx 0x55a9501b53e0
add 0x7fd9d72c9010 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9030 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9050 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9070 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9090 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9090 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c90b0 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c90d0 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c90f0 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9110 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9130 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9150 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9170 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9190 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c91b0 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c91d0 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c91f0 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9210 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9230 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9250 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9270 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72c9290 size 32 file log.c line 952 mctx 0x55a9501b53e0
add 0x7fd9d72cb010 size 288 file task.c line 1386 mctx 0x55a9501b53e0
add 0x7fd9d72cc010 size 144 file task.c line 1410 mctx 0x55a9501b53e0
add 0x7fd9d72cd010 size 216 file task.c line 286 mctx 0x55a9501b53e0
add 0x7fd9d72ce010 size 160 file timer.c line 697 mctx 0x55a9501b53e0
add 0x7fd9d72cf010 size 56 file heap.c line 87 mctx 0x55a9501b53e0
add 0x7fd9d72d0010 size 168 file socket.c line 3806 mctx 0x55a9501b53e0
add 0x7fd9d72c7150 size 80 file socket.c line 3827 mctx 0x55a9501b53e0
add 0x7fd9d729c010 size 168000 file socket.c line 3578 mctx 0x55a9501b53e0
add 0x55a9501c7ce0 size 84000 file socket.c line 3584 mctx 0x55a9501b53e0
add 0x55a9501dc550 size 40960 file socket.c line 3589 mctx 0x55a9501b53e0
add 0x55a9501e65a0 size 84000 file socket.c line 3631 mctx 0x55a9501b53e0
add 0x55a9501fae10 size 24576 file socket.c line 3638 mctx 0x55a9501b53e0
add 0x7fd9d72cefb0 size 96 file mem.c line 1607 mctx 0x55a9501b53e0
add 0x55a95021a170 size 2464 file resconf.c line 522 mctx 0x55a9501b53e0
add 0x7fd9d72d1010 size 152 file resconf.c line 239 mctx 0x55a9501b53e0
add 0x7fd9d72d10a8 size 152 file resconf.c line 239 mctx 0x55a9501b53e0
add 0x55a950220418 size 2072 file dighost.c line 487 mctx 0x55a9501b53e0
add 0x55a950220418 size 2072 file dighost.c line 487 mctx 0x55a9501b53e0
add 0x55a950220c38 size 2072 file dighost.c line 487 mctx 0x55a9501b53e0
del 0x7fd9d72d1010 size 152 file resconf.c line 652 mctx 0x55a9501b53e0
del 0x7fd9d72d10a8 size 152 file resconf.c line 652 mctx 0x55a9501b53e0
del 0x55a95021a170 size 2464 file resconf.c line 665 mctx 0x55a9501b53e0
add 0x55a950221458 size 5176 file dighost.c line 618 mctx 0x55a9501b53e0
add 0x55a950222898 size 5176 file dighost.c line 618 mctx 0x55a9501b53e0
Invalid option: -lti
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Use "dig -h" (or "dig -h | more") for complete list of options
```
### What is the expected *correct* behavior?
```
Invalid option: -lti
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Use "dig -h" (or "dig -h | more") for complete list of options
```
### Relevant configuration files
### Relevant logs and/or screenshots
### Possible fixesFebruary 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)https://gitlab.isc.org/isc-projects/bind9/-/issues/2342rndc retransfer issues misleading diagnostic on primary zone2021-01-27T22:45:04ZJP Mensrndc retransfer issues misleading diagnostic on primary zone### Summary
The `rndc` command has a subcommand `retransfer` which retransfers a single zone without checking serial number. When used on a primary zone on a primary server, the command issues the following diagnostic:
```console
% rnd...### Summary
The `rndc` command has a subcommand `retransfer` which retransfers a single zone without checking serial number. When used on a primary zone on a primary server, the command issues the following diagnostic:
```console
% rndc retransfer inline.zone12.dane.onl
rndc: 'retransfer' failed: not found
```
However, if the zone doesn't exist at all, `rndc` emits this clearer message:
```console
% rndc retransfer yyy
rndc: 'retransfer' failed: not found
no matching zone 'yyy' in any view
```
### BIND version used
```
BIND 9.16.9 (Stable Release) <id:b3f41b7>
running on Linux x86_64 4.18.0-193.6.3.el8_2.x86_64 #1 SMP Wed Jun 10 11:09:32 UTC 2020
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/isc/isc-bind/root/usr' '--exec-prefix=/opt/isc/isc-bind/root/usr' '--bindir=/opt/isc/isc-bind/root/usr/bin' '--sbindir=/opt/isc/isc-bind/root/usr/sbin' '--sysconfdir=/etc/opt/isc/scls/isc-bind' '--datadir=/opt/isc/isc-bind/root/usr/share' '--includedir=/opt/isc/isc-bind/root/usr/include' '--libdir=/opt/isc/isc-bind/root/usr/lib64' '--libexecdir=/opt/isc/isc-bind/root/usr/libexec' '--localstatedir=/var/opt/isc/scls/isc-bind' '--sharedstatedir=/var/opt/isc/scls/isc-bind/lib' '--mandir=/opt/isc/isc-bind/root/usr/share/man' '--infodir=/opt/isc/isc-bind/root/usr/share/info' '--disable-static' '--enable-dnstap' '--with-pic' '--with-gssapi' '--with-json-c' '--with-libtool' '--with-libxml2' '--without-lmdb' '--with-python' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L/opt/isc/isc-bind/root/usr/lib64' 'LT_SYS_LIBRARY_PATH=/usr/lib64' 'PKG_CONFIG_PATH=:/opt/isc/isc-bind/root/usr/lib64/pkgconfig:/opt/isc/isc-bind/root/usr/share/pkgconfig' 'SPHINX_BUILD=/builddir/build/BUILD/bind-9.16.9/sphinx/bin/sphinx-build'
compiled by GCC 8.3.1 20191121 (Red Hat 8.3.1-5)
compiled with OpenSSL version: OpenSSL 1.1.1c FIPS 28 May 2019
linked to OpenSSL version: OpenSSL 1.1.1c FIPS 28 May 2019
compiled with libuv version: 1.40.0
linked to libuv version: 1.40.0
compiled with libxml2 version: 2.9.7
linked to libxml2 version: 20907
compiled with json-c version: 0.13.1
linked to json-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
default paths:
named configuration: /etc/opt/isc/scls/isc-bind/named.conf
rndc configuration: /etc/opt/isc/scls/isc-bind/rndc.conf
DNSSEC root key: /etc/opt/isc/scls/isc-bind/bind.keys
nsupdate session key: /var/opt/isc/scls/isc-bind/run/named/session.key
named PID file: /var/opt/isc/scls/isc-bind/run/named/named.pid
named lock file: /var/opt/isc/scls/isc-bind/run/named/named.lock
```
### Steps to reproduce
1. configure a primary zone, say, `example`
2. issue `rndc retransfer example`
### What is the current *bug* behavior?
Diagnostic as shown above
### What is the expected *correct* behavior?
What I would like to see is `rndc` telling me that the zone is a primary zone and cannot be retransferred.February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)https://gitlab.isc.org/isc-projects/bind9/-/issues/2468CID 318094: Null pointer dereferences (REVERSE_INULL)2021-03-02T13:51:47ZMark AndrewsCID 318094: Null pointer dereferences (REVERSE_INULL)Remove redundant `version == NULL` check. This should have been included in 3b11bacbb7b92aa2c1043ad27f8fd89763ed984b.
```
*** CID 318094: Null pointer dereferences (REVERSE_INULL)
/lib/dns/rbtdb.c: 1389 in newversion()
1383 vers...Remove redundant `version == NULL` check. This should have been included in 3b11bacbb7b92aa2c1043ad27f8fd89763ed984b.
```
*** CID 318094: Null pointer dereferences (REVERSE_INULL)
/lib/dns/rbtdb.c: 1389 in newversion()
1383 version->xfrsize = rbtdb->current_version->xfrsize;
1384 RWUNLOCK(&rbtdb->current_version->rwlock, isc_rwlocktype_read);
1385 rbtdb->next_serial++;
1386 rbtdb->future_version = version;
1387 RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write);
1388
CID 318094: Null pointer dereferences (REVERSE_INULL)
Null-checking "version" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1389 if (version == NULL) {
1390 return (result);
1391 }
1392
1393 *versionp = version;
1394
```February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2462CID 316785: Error handling issues in dns_transport_list_new() (CHECKED_RETURN)2021-02-08T13:17:51ZMichal NowakCID 316785: Error handling issues in dns_transport_list_new() (CHECKED_RETURN)This came with the initial commit of the file (e488309da78d82e0c67990af264fcaa7b0ff0283):
```
*** CID 316785: Error handling issues (CHECKED_RETURN)
/lib/dns/transport.c: 292 in dns_transport_list_new()
286 dns_transport_list_t *
2...This came with the initial commit of the file (e488309da78d82e0c67990af264fcaa7b0ff0283):
```
*** CID 316785: Error handling issues (CHECKED_RETURN)
/lib/dns/transport.c: 292 in dns_transport_list_new()
286 dns_transport_list_t *
287 dns_transport_list_new(isc_mem_t *mctx) {
288 dns_transport_list_t *list = isc_mem_get(mctx, sizeof(*list));
289
290 *list = (dns_transport_list_t){ 0 };
291
>>> CID 316785: Error handling issues (CHECKED_RETURN)
>>> Calling "isc_rwlock_init" without checking return value (as is done elsewhere 17 out of 21 times).
292 isc_rwlock_init(&list->lock, 0, 0);
293
294 isc_mem_attach(mctx, &list->mctx);
295 isc_refcount_init(&list->references, 1);
296
297 list->magic = TRANSPORT_LIST_MAGIC;
```February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2448Sphinx-generated documentation built in GitLab CI is sometimes defective2022-08-05T11:42:43ZMichał KępieńSphinx-generated documentation built in GitLab CI is sometimes defective@pspacek noticed that the latest PDF version of the BIND 9 ARM is
missing the entire "BIND 9 Configuration Reference" chapter:
https://ftp.isc.org/isc/bind9/9.17.9/doc/arm/Bv9ARM.pdf
The same problem seems to be affecting the PDF for 9...@pspacek noticed that the latest PDF version of the BIND 9 ARM is
missing the entire "BIND 9 Configuration Reference" chapter:
https://ftp.isc.org/isc/bind9/9.17.9/doc/arm/Bv9ARM.pdf
The same problem seems to be affecting the PDF for 9.17.8:
https://ftp.isc.org/isc/bind9/9.17.8/doc/arm/Bv9ARM.pdf
but not for 9.17.7:
https://ftp.isc.org/isc/bind9/9.17.7/doc/arm/Bv9ARM.pdf
None of the 9.16.x PDFs seem to be broken this way.
I could not reproduce this problem locally and also confirmed there were
no changes in the `doc/` directory between 9.17.7 and 9.17.8 that could
have caused this. Upon further investigation, I discovered that the
problem is caused by using parallel `make` jobs (`-j`) when running
`make doc` in GitLab CI - this causes multiple `sphinx-build` instances
to run simultaneously in the same working directory, which means they
can stomp on each other's data. Unfortunately, problems like this only
triggered Sphinx warnings, not errors, so the relevant GitLab CI jobs
have been silently passing.
~~This conclusion means that *all* forms of our documentation might have
been malformed in one way or another ever since we migrated to Sphinx,
i.e. since May 2020 (see !1761, !3536). Looking at GitLab CI job traces
from the past 2 months, it can be estimated that the problem has a
roughly 15% chance of getting triggered for any Sphinx documentation
build job.~~ (See correction [below][1].)
[1]: #note_190871February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2442TSAN error: lib/dns/rbtdb.c2021-03-18T12:00:07ZMark AndrewsTSAN error: lib/dns/rbtdb.cJob [#1434050](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1434050) failed for e6064e7cd9dc4848cdcc63f051bda46e935c733d:
```
WARNING: ThreadSanitizer: data race
Write of size 4 at 0x000000000001 by thread T1 (mutexes: read M1, r...Job [#1434050](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1434050) failed for e6064e7cd9dc4848cdcc63f051bda46e935c733d:
```
WARNING: ThreadSanitizer: data race
Write of size 4 at 0x000000000001 by thread T1 (mutexes: read M1, read M2):
#0 check_stale_header lib/dns/rbtdb.c:4573
#1 cache_find lib/dns/rbtdb.c:5061
#2 dns_db_findext lib/dns/db.c:536
#3 query_lookup lib/ns/query.c:5805
#4 query_gotanswer lib/ns/query.c:7556
#5 query_resume lib/ns/query.c:6614
#6 fetch_callback lib/ns/query.c:6161
#7 dispatch lib/isc/task.c:1152
#8 run lib/isc/task.c:1344
#9 <null> <null>
Previous write of size 4 at 0x000000000001 by thread T2 (mutexes: read M1, read M2):
#0 check_stale_header lib/dns/rbtdb.c:4573
#1 cache_find lib/dns/rbtdb.c:5061
#2 dns_db_findext lib/dns/db.c:536
#3 query_lookup lib/ns/query.c:5805
#4 query_gotanswer lib/ns/query.c:7556
#5 query_resume lib/ns/query.c:6614
#6 fetch_callback lib/ns/query.c:6161
#7 dispatch lib/isc/task.c:1152
#8 run lib/isc/task.c:1344
#9 <null> <null>
Location is heap block of size 209 at 0x000000000011 allocated by thread T3:
#0 malloc <null>
#1 default_memalloc lib/isc/mem.c:713
#2 mem_get lib/isc/mem.c:622
#3 mem_allocateunlocked lib/isc/mem.c:1268
#4 isc___mem_allocate lib/isc/mem.c:1288
#5 isc__mem_allocate lib/isc/mem.c:2453
#6 isc___mem_get lib/isc/mem.c:1037
#7 isc__mem_get lib/isc/mem.c:2432
#8 dns_rdataslab_fromrdataset lib/dns/rdataslab.c:270
#9 addrdataset lib/dns/rbtdb.c:6813
#10 dns_db_addrdataset lib/dns/db.c:719
#11 addoptout lib/dns/ncache.c:281
#12 dns_ncache_add lib/dns/ncache.c:101
#13 ncache_adderesult lib/dns/resolver.c:6795
#14 ncache_message lib/dns/resolver.c:6972
#15 rctx_ncache lib/dns/resolver.c:9350
#16 resquery_response lib/dns/resolver.c:8063
#17 dispatch lib/isc/task.c:1152
#18 run lib/isc/task.c:1344
#19 <null> <null>
Mutex M1 is already destroyed.
Mutex M2 is already destroyed.
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create pthreads/thread.c:73
#2 isc_taskmgr_create lib/isc/task.c:1434
#3 create_managers bin/named/main.c:940
#4 setup bin/named/main.c:1248
#5 main bin/named/main.c:1548
Thread T2 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create pthreads/thread.c:73
#2 isc_taskmgr_create lib/isc/task.c:1434
#3 create_managers bin/named/main.c:940
#4 setup bin/named/main.c:1248
#5 main bin/named/main.c:1548
Thread T3 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create pthreads/thread.c:73
#2 isc_taskmgr_create lib/isc/task.c:1434
#3 create_managers bin/named/main.c:940
#4 setup bin/named/main.c:1248
#5 main bin/named/main.c:1548
SUMMARY: ThreadSanitizer: data race lib/dns/rbtdb.c:4573 in check_stale_header
```February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Diego dos Santos FronzaDiego dos Santos Fronzahttps://gitlab.isc.org/isc-projects/bind9/-/issues/2420CID 316510: Memory - corruptions (USE_AFTER_FREE)2021-01-28T21:42:48ZMichal NowakCID 316510: Memory - corruptions (USE_AFTER_FREE)```
*** CID 316510: Memory - corruptions (USE_AFTER_FREE)
/bin/named/statschannel.c: 2353 in generatexml()
2347
2348 cleanup:
2349 isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
2350 NAMED_LOGMODULE_SE...```
*** CID 316510: Memory - corruptions (USE_AFTER_FREE)
/bin/named/statschannel.c: 2353 in generatexml()
2347
2348 cleanup:
2349 isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
2350 NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
2351 "failed generating XML response");
2352 if (writer != NULL) {
>>> CID 316510: Memory - corruptions (USE_AFTER_FREE)
>>> Calling "xmlFreeTextWriter" frees pointer "writer" which has already been freed.
2353 xmlFreeTextWriter(writer);
2354 }
2355 if (doc != NULL) {
2356 xmlFreeDoc(doc);
2357 }
2358 return (ISC_R_FAILURE);
```February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2415Update Coverity Scan CI job to 2020.092021-01-25T11:38:06ZMichal NowakUpdate Coverity Scan CI job to 2020.09Coverity Scan was [updated](https://community.synopsys.com/s/question/0D52H00005NeWJf/announcement-upcoming-coverity-scan-upgrade-to-coverity-202009-release) to [2020.09](https://scan.coverity.com/download). The `coverity` CI job assumes...Coverity Scan was [updated](https://community.synopsys.com/s/question/0D52H00005NeWJf/announcement-upcoming-coverity-scan-upgrade-to-coverity-202009-release) to [2020.09](https://scan.coverity.com/download). The `coverity` CI job assumes 2019.03 at few places.February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2391Check 'nsupdate -y' for all hmac algorithms.2021-01-28T01:57:38ZMark AndrewsCheck 'nsupdate -y' for all hmac algorithms.#2390 used `nsupdate -y` and the nsupdate system test does not exhaustively check the various hmac algorithms using `nsupdate -y`. It does check with `nsupdate -k`. Repeat the tests using `nsupdate -y` to ensure that path is complete.#2390 used `nsupdate -y` and the nsupdate system test does not exhaustively check the various hmac algorithms using `nsupdate -y`. It does check with `nsupdate -k`. Repeat the tests using `nsupdate -y` to ensure that path is complete.February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)https://gitlab.isc.org/isc-projects/bind9/-/issues/2380Documentation update - use of "-E pkcs11"2021-01-19T09:10:34ZPeter DaviesDocumentation update - use of "-E pkcs11"
The "named" man page but could be updated to specify that the engine-name is mandatory when using Bind not build with pkcs11 support.
-E engine-name
When applicable, specifies the hardware to use for cryptographic operations, suc...
The "named" man page but could be updated to specify that the engine-name is mandatory when using Bind not build with pkcs11 support.
-E engine-name
When applicable, specifies the hardware to use for cryptographic operations, such as a secure key store
used for signing. When BIND is built with OpenSSL PKCS#11 support, this defaults to the string “pkcs11”, which identifies an OpenSSL engine that can drive a cryptographic accelerator or hardware service module. When BIND is built with
native PKCS#11 cryptography (–enable-native-pkcs11), it defaults to the path of the PKCS#11 provider library
specified via “–with-pkcs11”.
ARM:
5.11 PKCS#11 (Cryptoki) support
This text could be updated: to refer to or include : https://gitlab.isc.org/isc-projects/bind9/-/wikis/BIND-9-PKCS11
[RT #17522 ](https://support.isc.org/Ticket/Display.html?id=17522)February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2364CID 314969: Control flow issues (DEADCODE) in zoneconf.c2021-01-18T12:35:31ZMichal NowakCID 314969: Control flow issues (DEADCODE) in zoneconf.cCoverity Scan identified the following issue in `bin/named/zoneconf.c` on Sunday December 27 on `v9_16` and `main`:
```
*** CID 314969: Control flow issues (DEADCODE)
/bin/named/zoneconf.c: 2212 in named_zone_inlinesigning()
2206 ...Coverity Scan identified the following issue in `bin/named/zoneconf.c` on Sunday December 27 on `v9_16` and `main`:
```
*** CID 314969: Control flow issues (DEADCODE)
/bin/named/zoneconf.c: 2212 in named_zone_inlinesigning()
2206 if (!inline_signing && !zone_is_dynamic &&
2207 cfg_map_get(zoptions, "dnssec-policy", &signing) == ISC_R_SUCCESS &&
2208 signing != NULL)
2209 {
2210 if (strcmp(cfg_obj_asstring(signing), "none") != 0) {
2211 inline_signing = true;
>>> CID 314969: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression ""no"" inside this statement: "dns_zone_log(zone, 1, "inli...".
2212 dns_zone_log(
2213 zone, ISC_LOG_DEBUG(1), "inline-signing: %s",
2214 inline_signing
2215 ? "implicitly through dnssec-policy"
2216 : "no");
2217 } else {
```
The culprit likely lies in cf420b2af0d45693d0f5f34d9113ea411b5f2225 as it's the only change in that file between last two Coverity Scan runs.
Coverity Scan link: https://scan8.coverity.com/reports.htm#v38342/p12579/fileInstanceId=38520332&defectInstanceId=11383777&mergedDefectId=314969.February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2335TLSDNS refactoring2021-02-26T15:14:59ZOndřej SurýTLSDNS refactoringThe TLSDNS needs to be refactored to use libuv/OpenSSL directly, and not via netmgr layers.The TLSDNS needs to be refactored to use libuv/OpenSSL directly, and not via netmgr layers.February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2093tsan files are not being captured by unit tests2021-02-03T07:25:37ZMark Andrewstsan files are not being captured by unit testsFebruary 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/1992Backport primaries and documentation changes to v9.162021-06-28T09:15:09ZOndřej SurýBackport primaries and documentation changes to v9.16* [x] !3703
* [x] !3679
* [x] !3692
* [x] !3644
* [x] !3676
* [x] !3793
* [x] !3591
* [x] !3800* [x] !3703
* [x] !3679
* [x] !3692
* [x] !3644
* [x] !3676
* [x] !3793
* [x] !3591
* [x] !3800February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1923Teach danger about placeholder in CHANGES.2021-01-29T12:54:40ZMark AndrewsTeach danger about placeholder in CHANGES.February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1917danger, security and CVE.2021-01-29T12:54:56ZMark Andrewsdanger, security and CVE.It would be useful if danger checked that the CHANGES and release notes entries for [security] changes contain a CVE number.It would be useful if danger checked that the CHANGES and release notes entries for [security] changes contain a CVE number.February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1697isc_rwlock_init can no longer fail in master, clean up calls.2021-02-08T13:17:14ZMark Andrewsisc_rwlock_init can no longer fail in master, clean up calls.Coverity is complaining about unchecked returns from isc_rwlock_init. Silence by removing return value which is always ISC_R_SUCCESS.
Check earlier active branches to see if similar is appropriate for them.Coverity is complaining about unchecked returns from isc_rwlock_init. Silence by removing return value which is always ISC_R_SUCCESS.
Check earlier active branches to see if similar is appropriate for them.February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Mark AndrewsMark Andrews