BIND issueshttps://gitlab.isc.org/isc-projects/bind9/-/issues2023-10-04T13:26:29Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4312pytest runner convenience symlinks may collide and cause test setup error2023-10-04T13:26:29ZTom Krizekpytest runner convenience symlinks may collide and cause test setup errorRunning `dnstap` system test with xdist may cause an `ERROR` due to a race condition:
```
__________________________________________ ERROR at setup of test_dnstap_dispatch_socket_addresses __________________________________________
[gw2...Running `dnstap` system test with xdist may cause an `ERROR` due to a race condition:
```
__________________________________________ ERROR at setup of test_dnstap_dispatch_socket_addresses __________________________________________
[gw2] linux -- Python 3.11.5 /usr/bin/python
conftest.py:421: in system_test_dir
symlink_dst.symlink_to(os.path.relpath(testdir, start=system_test_root))
/usr/lib/python3.11/pathlib.py:1198: in symlink_to
os.symlink(target, self, target_is_directory)
E FileExistsError: [Errno 17] File exists: 'dnstap_tmp_wtfssttj' -> '/home/tkrizek/git/bind9/bin/tests/system/dnstap_dnstap'
```
This happens because `tests_sh_dnstap.py` and `tests_dnstap.py` modules attempted to both create `dnstap_dnstap` symlink to the temporary directory at the same time. The python module name should be adjusted to avoid the name clash. This may affect other system tests as well and should be fixed if that's the case.
This is a followup for #4252November 2023 (9.16.45, 9.16.45-S1, 9.18.20, 9.18.20-S1, 9.19.18)Tom KrizekTom Krizekhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4311Remove support for Unix Domain Sockets in control channel2023-10-04T13:26:29ZOndřej SurýRemove support for Unix Domain Sockets in control channelThe support for UDS in control channel (and `rndc`) has been an fatal error since BIND 9.18. Properly cleanup the code to remove the remnants of it.
We might want to partially backport the `named-checkconf` changes to BIND 9.18, so it'...The support for UDS in control channel (and `rndc`) has been an fatal error since BIND 9.18. Properly cleanup the code to remove the remnants of it.
We might want to partially backport the `named-checkconf` changes to BIND 9.18, so it's also a fatal error in BIND 9.18.November 2023 (9.16.45, 9.16.45-S1, 9.18.20, 9.18.20-S1, 9.19.18)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4310REQUIRE when changing primaries list.2023-12-20T22:17:15ZMark AndrewsREQUIRE when changing primaries list.I removed a now non-existent primary server in a secondary zone configuration and named triggered a REQUIRE trying to cancel an outstanding request as the `tid` did not match.
`REQUIRE(request->tid == isc_tid());`
```
Thread 0 Crashed:...I removed a now non-existent primary server in a secondary zone configuration and named triggered a REQUIRE trying to cancel an outstanding request as the `tid` did not match.
`REQUIRE(request->tid == isc_tid());`
```
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x199ad0764 __pthread_kill + 8
1 libsystem_pthread.dylib 0x199b07c28 pthread_kill + 288
2 libsystem_c.dylib 0x199a15ae8 abort + 180
3 named 0x104bc03d0 assertion_failed + 408 (main.c:234)
4 libisc-9.19.17-dev.dylib 0x104d9c808 isc_assertion_failed + 56 (assertions.c:48)
5 libdns-9.19.17-dev.dylib 0x1053420c0 dns_request_cancel + 160 (request.c:749)
6 libdns-9.19.17-dev.dylib 0x1053bb6b8 dns_zone_setprimaries + 472 (zone.c:5953)
7 named 0x104c0b370 named_zone_configure + 14504 (zoneconf.c:1811)
8 named 0x104beaa5c configure_zone + 4160 (server.c:6821)
9 named 0x104be03e4 configure_view + 1560 (server.c:4126)
10 named 0x104bdb750 load_configuration + 9828 (server.c:9149)
11 named 0x104bc8734 loadconfig + 60 (server.c:10277)
12 named 0x104bc84b4 reload + 68 (server.c:10303)
13 named 0x104bc82e0 named_server_reloadcommand + 180 (server.c:10632)
14 named 0x104bb5d3c named_control_docommand + 2080 (control.c:250)
15 named 0x104bba100 control_command + 88 (controlconf.c:401)
16 libisc-9.19.17-dev.dylib 0x104d9cd9c isc__async_cb + 448 (async.c:111)
17 libuv.1.dylib 0x104f663c4 uv__async_io + 320
18 libuv.1.dylib 0x104f761e0 uv__io_poll + 1748
19 libuv.1.dylib 0x104f667bc uv_run + 244
20 libisc-9.19.17-dev.dylib 0x104dbddb0 loop_thread + 372 (loop.c:282)
21 libisc-9.19.17-dev.dylib 0x104dd9ff4 thread_body + 88 (thread.c:85)
22 libisc-9.19.17-dev.dylib 0x104dd9f6c isc_thread_main + 104 (thread.c:116)
23 libisc-9.19.17-dev.dylib 0x104dbdb0c isc_loopmgr_run + 472 (loop.c:454)
24 named 0x104bc00f0 main + 508 (main.c:1592)
25 dyld 0x1997aff28 start + 2236
```January 2024 (9.16.46, 9.16.46-S1, 9.18.22, 9.18.22-S1, 9.19.20) (❗RECALLED❗)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/4309Named Crashes: Named startup crash on low-memory devices2023-09-11T07:49:34ZJingtian LiuNamed Crashes: Named startup crash on low-memory devices<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confident...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confidential!
-->
### Summary
Named startup crash on low-memory devices if generate too much rr through `$GENERATE`
### BIND version used
```sh
BIND 9.19.17-dev (Development Release) <id:edd9925>
```
### Steps to reproduce
#### step1. configure named
- named.conf
```sh
options {
directory "/path/to/directory";
allow-query { any; };
listen-on port specify-a-port { any; };
};
zone "example.com." {
type primary;
file "example.db";
};
```
- example.db
```sh
$ORIGIN .
$TTL 120
@ SOA tld4. hostmaster.ns.tld4. ( 1 3600 1200 604800 60 )
NS ns
ns A 16.53.0.2
$GENERATE 0-28836000 HOST-$ MX "0 ."
```
#### step2. create a low-ram environment
```sh
ulimit -v 512000 # or 204800
```
#### step3. startup named
### What is the current *bug* behavior?
#### set 200M virtual memory
```sh
ulimit -v 204800
```
```log
#0 0x00007ffff4d97438 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff4d9903a in __GI_abort () at abort.c:89
#2 0x0000000000433489 in assertion_failed (file=0x7ffff7bbba8e "./jemalloc_shim.h", line=66, type=<optimized out>,
cond=0x7ffff7bbbb34 "ptr != ((void*)0)") at main.c:225
#3 0x00007ffff7b2a331 in isc_assertion_failed (file=0x63bb <error: Cannot access memory at address 0x63bb>, line=25538,
line@entry=66, type=6, type@entry=isc_assertiontype_insist, cond=0x7ffff4d97438 <__GI_raise+56> "H=")
at assertions.c:48
#4 0x00007ffff7b67178 in mallocx (size=65576, flags=0) at ./jemalloc_shim.h:66
#5 mem_get (ctx=0x706630, size=65576, flags=0) at mem.c:306
#6 isc__mem_get (ctx=ctx@entry=0x706630, size=size@entry=65576, flags=flags@entry=0,
file=0x4931de "../../lib/isc/include/isc/buffer.h", line=line@entry=1085) at mem.c:691
#7 0x000000000041b65d in isc_buffer_allocate (mctx=0x706630, dbufp=0x7ffff2c90f40, length=65512)
at ../../lib/isc/include/isc/buffer.h:1085
#8 putrr (node=node@entry=0x7ffff7e19010, type=<optimized out>, ttl=ttl@entry=0, data=data@entry=0x7ffff7e27010 "@")
at builtin.c:176
#9 0x0000000000417bde in builtin_authority (node=0x7ffff7e19010, bdb=<optimized out>) at builtin.c:489
#10 findnode (db=db@entry=0x7ffff7ff2010, name=<optimized out>, name@entry=0x8f2460, create=<optimized out>,
nodep=nodep@entry=0x7ffff2c91900) at builtin.c:897
#11 0x00007ffff7508817 in dns__db_findnode (db=db@entry=0x7ffff7ff2010, name=name@entry=0x8f2460, create=false,
nodep=nodep@entry=0x7ffff2c91900) at db.c:419
#12 0x00007ffff7860e9e in check_nsec3param (zone=zone@entry=0x8f22a0, db=db@entry=0x7ffff7ff2010) at zone.c:3881
#13 0x00007ffff78091ea in zone_postload (zone=<optimized out>, zone@entry=0x8f22a0, db=<optimized out>, loadtime=...,
result=result@entry=ISC_R_SUCCESS) at zone.c:4944
#14 0x00007ffff77d8e94 in zone_load (zone=<optimized out>, zone@entry=0x8f22a0, flags=<optimized out>, locked=false)
at zone.c:2342
#15 0x00007ffff77d9ec7 in zone_asyncload (arg=0x7601a0) at zone.c:2371
#16 0x00007ffff7b2a9e0 in isc__async_cb (handle=<optimized out>) at async.c:111
#17 0x00007ffff609f3b4 in uv__async_io (loop=0x6f3bf0, w=<optimized out>, events=<optimized out>) at src/unix/async.c:163
--Type <RET> for more, q to quit, c to continue without paging--
#18 0x00007ffff60b2a0c in uv__io_poll (loop=loop@entry=0x6f3bf0, timeout=<optimized out>) at src/unix/epoll.c:374
#19 0x00007ffff609fbd0 in uv_run (loop=loop@entry=0x6f3bf0, mode=mode@entry=UV_RUN_DEFAULT) at src/unix/core.c:406
#20 0x00007ffff7b60d96 in loop_thread (arg=arg@entry=0x6f3bd0) at loop.c:282
#21 0x00007ffff7b8b511 in thread_body (wrap=0x702200) at thread.c:85
#22 thread_run (wrap=0x702200) at thread.c:100
#23 0x00007ffff5a546ba in start_thread (arg=0x7ffff2c97700) at pthread_create.c:333
#24 0x00007ffff4e6951d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
```
#### set 500M virtual memory
```sh
ulimit -v 512000
```
```log
#0 0x00007ffff4d97438 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff4d9903a in __GI_abort () at abort.c:89
#2 0x000000000043366a in library_fatal_error (file=0x7ffff7bbf4eb "thread.c", line=140,
func=0x7ffff7bbf521 "isc_thread_create", format=0x7ffff7bb3e96 "%s(): %s (%d)", args=0x7fffffffdf30) at main.c:265
#3 0x00007ffff7b32404 in isc_error_fatal (file=0x6ea1 <error: Cannot access memory at address 0x6ea1>, line=28321,
line@entry=140, func=0x6 <error: Cannot access memory at address 0x6>, format=0x7ffff4d97438 <__GI_raise+56> "H=")
at error.c:69
#4 0x00007ffff7b8b434 in isc_thread_create (func=<optimized out>, arg=0x6f5550, thread=thread@entry=0x6f5560)
at thread.c:140
#5 0x00007ffff7b60abd in isc_loopmgr_run (loopmgr=0x6ef0b0) at loop.c:448
#6 0x000000000043295a in main (argc=<optimized out>, argv=<optimized out>) at main.c:1535
```https://gitlab.isc.org/isc-projects/bind9/-/issues/4308Named Crashed: named aborted while handling dns query with certain format.2023-09-11T03:54:42ZJingtian LiuNamed Crashed: named aborted while handling dns query with certain format.<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confident...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confidential!
-->
### Summary
named server crashes down due to `an assertion failure` while handling dns query with certain format.
```c
name.c:692: ENSURE(name->labels <= 127) failed
```
### BIND version used
```sh
BIND 9.19.12-dev (Development Release) <id:91c4792>
```
### Steps to reproduce
#### step1. launch a named server
Launch a named use a regular config file.
```sh
options {
directory "/path/to/directory";
allow-query { any; };
listen-on port specify-a-port { any; };
};
```
#### step2. build a dns query
The query should contain `at least one question`. To the `name field` of that question, it constains `exactly 127 labels` and each label is consists of `one ASCII control character`. Here is an eg.
```sh
$ hexdump dnsquery
0000000 76c7 0001 0100 0000 0000 0000 1f01 0401
0000010 1101 1201 0201 1901 1e01 1401 0101 0601
0000020 1b01 0601 0401 0f01 1401 7f01 0701 1b01
0000030 1901 0f01 0b01 1b01 0f01 0b01 0f01 1101
0000040 1f01 1401 0901 1401 0701 0e01 1601 0401
0000050 1501 0901 1901 0601 1101 1601 7f01 0701
0000060 1c01 7f01 1c01 7f01 0701 0e01 1601 0a01
0000070 0301 0801 1501 0201 1d01 0301 1d01 1901
0000080 0301 1b01 0c01 1f01 0801 0d01 1d01 0601
0000090 0801 1a01 1901 7f01 1201 1001 0b01 0501
00000a0 0101 0a01 1901 1d01 1301 1c01 1f01 0f01
00000b0 0d01 0201 0301 1a01 0301 0101 1201 1901
00000c0 0301 1d01 0901 1b01 0101 0b01 1701 0601
00000d0 7f01 0901 0801 1501 0b01 1701 1901 0d01
00000e0 1101 1701 0101 1501 0701 0101 1701 0101
00000f0 0c01 1801 0a01 1e01 0101 1001 0301 1401
0000100 0501 0d01 1b01 0701 1f01 0000 0001 0001
000010f
```
[dnsquery](/uploads/1e3ff1ce70619e70b709c80981e19d64/dnsquery)
#### step3. send the query to named
Send this query to named, and it will trigger an assersion failure.
### What is the current *bug* behavior?
```log
07-Sep-2023 18:06:22.485 name.c:692: ENSURE(name->labels <= 127) failed, back trace
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/isc/.libs/libisc-9.19.12-dev.so(isc_backtrace+0x80) [0x7f340e1dae20]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/bin/named/.libs/named() [0x53bcaa]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/isc/.libs/libisc-9.19.12-dev.so(isc_assertion_failed+0x57) [0x7f340e1da4b7]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/dns/.libs/libdns-9.19.12-dev.so(+0x2d51fc) [0x7f340d95d1fc]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/ns/.libs/libns-9.19.12-dev.so(+0x64702) [0x7f340d3c7702]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/ns/.libs/libns-9.19.12-dev.so(ns__query_start+0xb7d) [0x7f340d3c1abd]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/ns/.libs/libns-9.19.12-dev.so(+0x75b84) [0x7f340d3d8b84]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/ns/.libs/libns-9.19.12-dev.so(ns_query_start+0x2274) [0x7f340d3d79a4]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/ns/.libs/libns-9.19.12-dev.so(ns__client_request+0x2abb) [0x7f340d39d7cb]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/isc/.libs/libisc-9.19.12-dev.so(isc__nm_readcb+0x510) [0x7f340e195530]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/isc/.libs/libisc-9.19.12-dev.so(isc__nm_udp_read_cb+0x9fc) [0x7f340e1d440c]
07-Sep-2023 18:06:22.485 /usr/local/lib/libuv.so.1(+0x1dff3) [0x7f340c14dff3]
07-Sep-2023 18:06:22.485 /usr/local/lib/libuv.so.1(+0x1ef4b) [0x7f340c14ef4b]
07-Sep-2023 18:06:22.485 /usr/local/lib/libuv.so.1(+0x22a0c) [0x7f340c152a0c]
07-Sep-2023 18:06:22.485 /usr/local/lib/libuv.so.1(uv_run+0xc0) [0x7f340c13fbd0]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/isc/.libs/libisc-9.19.12-dev.so(+0x1091e7) [0x7f340e2331e7]
07-Sep-2023 18:06:22.485 /home/ubuntu/bind9/lib/isc/.libs/libisc-9.19.12-dev.so(isc__trampoline_run+0x74) [0x7f340e28ca94]
07-Sep-2023 18:06:22.485 /lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba) [0x7f340b8da6ba]
07-Sep-2023 18:06:22.485 /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7f340aee751d]
07-Sep-2023 18:06:22.485 exiting (due to assertion failure)
```
### What is the expected *correct* behavior?
The assertion is not supposed to be failed.https://gitlab.isc.org/isc-projects/bind9/-/issues/4307nslookup timeout is ignored after several requests2023-09-09T18:13:01ZGeoffrey McRaenslookup timeout is ignored after several requests### Summary
nslookup doesn't properly implement the timeout on lookup sometimes.
### BIND version used
```
BIND 9.18.16-1~deb12u1-Debian (Extended Support Version) <id:>
running on Linux x86_64 6.1.0-rc7-pstate #3 SMP PREEMPT_DYNAMIC ...### Summary
nslookup doesn't properly implement the timeout on lookup sometimes.
### BIND version used
```
BIND 9.18.16-1~deb12u1-Debian (Extended Support Version) <id:>
running on Linux x86_64 6.1.0-rc7-pstate #3 SMP PREEMPT_DYNAMIC Mon Dec 5 22:02:30 AEDT 2022
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-yTvTm0/bind9-9.18.16=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 12.2.0
compiled with OpenSSL version: OpenSSL 3.0.9 30 May 2023
linked to OpenSSL version: OpenSSL 3.0.9 30 May 2023
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with libnghttp2 version: 1.52.0
linked to libnghttp2 version: 1.52.0
compiled with libxml2 version: 2.9.14
linked to libxml2 version: 20914
compiled with json-c version: 0.16
linked to json-c version: 0.16
compiled with zlib version: 1.2.13
linked to zlib version: 1.2.13
linked to maxminddb version: 1.7.1
compiled with protobuf-c version: 1.4.1
linked to protobuf-c version: 1.4.1
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
1. run `nslookup`
2. perform several queries, usually only takes 3-4 before the bug exhibits.
### What is the current *bug* behavior?
nslookup doesn't wait for the timeout and immediately responds with the following before attempting again and succeeding.
```
;; communications error to 0000:0000:000:0000:000:0000:feca:e1ff#53: timed out
```
Note the IP has been redacted for security reasons, it is a valid global IPv6 address.
Wireshark confirms the request was sent, and `nslookup` did not wait for a response.
Once this occurs the first time, it happens for every single dns request until `nslookup` is restarted.
Here is the output of `nslookup -d2` when this occurs.
```
> asd.com
addlookup()
make_empty_lookup()
make_empty_lookup() = 0x7ffa2ae00000->references = 1
looking up asd.com
start_lookup()
setup_lookup(0x7ffa2ae00000)
resetting lookup counter.
cloning server list
clone_server_list()
make_server(0000:0000:000:0000:000:0000:feca:e1ff)
idn_textname: asd.com
using root origin
recursive query
add_question()
starting to render the message
done rendering
create query 0x7ffa2ae42000 linked to lookup 0x7ffa2ae00000
dighost.c:2177:lookup_attach(0x7ffa2ae00000) = 2
dighost.c:2690:new_query(0x7ffa2ae42000) = 1
do_lookup()
start_udp(0x7ffa2ae42000)
dighost.c:3301:query_attach(0x7ffa2ae42000) = 2
working on lookup 0x7ffa2ae00000, query 0x7ffa2ae42000
dighost.c:3346:query_attach(0x7ffa2ae42000) = 3
udp_ready()
udp_ready(0x7ffa2ae81000, success, 0x7ffa2ae42000)
lock_lookup dighost.c:3188
success
dighost.c:3189:lookup_attach(0x7ffa2ae00000) = 3
dighost.c:3261:query_attach(0x7ffa2ae42000) = 4
recving with lookup=0x7ffa2ae00000, query=0x7ffa2ae42000, handle=0x7ffa2ae81000
recvcount=1
have local timeout of 5000
dighost.c:3135:query_attach(0x7ffa2ae42000) = 5
sending a request
sendcount=1
dighost.c:1761:query_detach(0x7ffa2ae42000) = 4
dighost.c:3281:query_detach(0x7ffa2ae42000) = 3
dighost.c:3282:lookup_detach(0x7ffa2ae00000) = 2
unlock_lookup dighost.c:3283
send_done(0x7ffa2ae81000, success, 0x7ffa2ae42000)
sendcount=0
lock_lookup dighost.c:2765
success
dighost.c:2769:lookup_attach(0x7ffa2ae00000) = 3
dighost.c:2787:query_detach(0x7ffa2ae42000) = 2
dighost.c:2788:lookup_detach(0x7ffa2ae00000) = 2
check_if_done()
list empty
unlock_lookup dighost.c:2792
recv_done(0x7ffa2ae81000, timed out, 0x7ffa2bdff1c0, 0x7ffa2ae42000)
lock_lookup dighost.c:3955
success
recvcount=0
dighost.c:3960:lookup_attach(0x7ffa2ae00000) = 3
;; communications error to 0000:0000:000:0000:000:0000:feca:e1ff#53: timed out
create query 0x7ffa2ae421c0 linked to lookup 0x7ffa2ae00000
dighost.c:2177:lookup_attach(0x7ffa2ae00000) = 4
dighost.c:4048:new_query(0x7ffa2ae421c0) = 1
making new UDP request, 2 tries left
start_udp(0x7ffa2ae421c0)
dighost.c:3301:query_attach(0x7ffa2ae421c0) = 2
working on lookup 0x7ffa2ae00000, query 0x7ffa2ae421c0
dighost.c:3346:query_attach(0x7ffa2ae421c0) = 3
check_if_queries_done(0x7ffa2ae00000)
there is a pending query 0x7ffa2ae421c0
dighost.c:4554:query_detach(0x7ffa2ae42000) = 1
dighost.c:4562:lookup_detach(0x7ffa2ae00000) = 3
unlock_lookup dighost.c:4566
udp_ready()
udp_ready(0x7ffa2ae81480, success, 0x7ffa2ae421c0)
lock_lookup dighost.c:3188
success
dighost.c:3189:lookup_attach(0x7ffa2ae00000) = 4
dighost.c:3261:query_attach(0x7ffa2ae421c0) = 4
recving with lookup=0x7ffa2ae00000, query=0x7ffa2ae421c0, handle=0x7ffa2ae81480
recvcount=1
have local timeout of 5000
dighost.c:3135:query_attach(0x7ffa2ae421c0) = 5
sending a request
sendcount=1
dighost.c:1761:query_detach(0x7ffa2ae421c0) = 4
dighost.c:3281:query_detach(0x7ffa2ae421c0) = 3
dighost.c:3282:lookup_detach(0x7ffa2ae00000) = 3
unlock_lookup dighost.c:3283
send_done(0x7ffa2ae81480, success, 0x7ffa2ae421c0)
sendcount=0
lock_lookup dighost.c:2765
success
dighost.c:2769:lookup_attach(0x7ffa2ae00000) = 4
dighost.c:2787:query_detach(0x7ffa2ae421c0) = 2
dighost.c:2788:lookup_detach(0x7ffa2ae00000) = 3
check_if_done()
list empty
unlock_lookup dighost.c:2792
recv_done(0x7ffa2ae81480, success, 0x7ffa2bdfbe90, 0x7ffa2ae421c0)
lock_lookup dighost.c:3955
success
recvcount=0
dighost.c:3960:lookup_attach(0x7ffa2ae00000) = 4
before parse starts
after parse
printmessage()
Server: 0000:0000:000:0000:000:0000:feca:e1ff
Address: 0000:0000:000:0000:000:0000:feca:e1ff#53
clone_lookup()
make_empty_lookup()
make_empty_lookup() = 0x7ffa2ae01800->references = 1
Non-authoritative answer:
printsection()
Name: asd.com
Address: 198.46.84.198
still pending.
dighost.c:4554:query_detach(0x7ffa2ae421c0) = 1
dighost.c:4556:_cancel_lookup()
canceling pending query 0x7ffa2ae42000, belonging to 0x7ffa2ae00000
dighost.c:2817:query_detach(0x7ffa2ae42000) = 0
dighost.c:2817:destroy_query(0x7ffa2ae42000) = 0
dighost.c:1719:lookup_detach(0x7ffa2ae00000) = 3
canceling pending query 0x7ffa2ae421c0, belonging to 0x7ffa2ae00000
dighost.c:2817:query_detach(0x7ffa2ae421c0) = 0
dighost.c:2817:destroy_query(0x7ffa2ae421c0) = 0
dighost.c:1719:lookup_detach(0x7ffa2ae00000) = 2
check_if_done()
list full
pending lookup 0x7ffa2ae01800
dighost.c:4562:lookup_detach(0x7ffa2ae00000) = 1
clear_current_lookup()
lookup cleared
dighost.c:1852:lookup_detach(0x7ffa2ae00000) = 0
destroy_lookup
freeing server 0x7ffa2ae27000 belonging to 0x7ffa2ae00000
start_lookup()
setup_lookup(0x7ffa2ae01800)
cloning server list
clone_server_list()
make_server(0000:0000:000:0000:000:0000:feca:e1ff)
idn_textname: asd.com
using root origin
recursive query
add_question()
starting to render the message
done rendering
create query 0x7ffa2ae421c0 linked to lookup 0x7ffa2ae01800
dighost.c:2177:lookup_attach(0x7ffa2ae01800) = 2
dighost.c:2690:new_query(0x7ffa2ae421c0) = 1
do_lookup()
start_udp(0x7ffa2ae421c0)
dighost.c:3301:query_attach(0x7ffa2ae421c0) = 2
working on lookup 0x7ffa2ae01800, query 0x7ffa2ae421c0
dighost.c:3346:query_attach(0x7ffa2ae421c0) = 3
unlock_lookup dighost.c:4566
udp_ready()
udp_ready(0x7ffa2ae81000, success, 0x7ffa2ae421c0)
lock_lookup dighost.c:3188
success
dighost.c:3189:lookup_attach(0x7ffa2ae01800) = 3
dighost.c:3261:query_attach(0x7ffa2ae421c0) = 4
recving with lookup=0x7ffa2ae01800, query=0x7ffa2ae421c0, handle=0x7ffa2ae81000
recvcount=1
have local timeout of 5000
dighost.c:3135:query_attach(0x7ffa2ae421c0) = 5
sending a request
sendcount=1
dighost.c:1761:query_detach(0x7ffa2ae421c0) = 4
dighost.c:3281:query_detach(0x7ffa2ae421c0) = 3
dighost.c:3282:lookup_detach(0x7ffa2ae01800) = 2
unlock_lookup dighost.c:3283
send_done(0x7ffa2ae81000, success, 0x7ffa2ae421c0)
sendcount=0
lock_lookup dighost.c:2765
success
dighost.c:2769:lookup_attach(0x7ffa2ae01800) = 3
dighost.c:2787:query_detach(0x7ffa2ae421c0) = 2
dighost.c:2788:lookup_detach(0x7ffa2ae01800) = 2
check_if_done()
list empty
unlock_lookup dighost.c:2792
recv_done(0x7ffa2ae81000, success, 0x7ffa2bdfbe90, 0x7ffa2ae421c0)
lock_lookup dighost.c:3955
success
recvcount=0
dighost.c:3960:lookup_attach(0x7ffa2ae01800) = 3
before parse starts
after parse
printmessage()
still pending.
dighost.c:4554:query_detach(0x7ffa2ae421c0) = 1
dighost.c:4556:_cancel_lookup()
canceling pending query 0x7ffa2ae421c0, belonging to 0x7ffa2ae01800
dighost.c:2817:query_detach(0x7ffa2ae421c0) = 0
dighost.c:2817:destroy_query(0x7ffa2ae421c0) = 0
dighost.c:1719:lookup_detach(0x7ffa2ae01800) = 2
check_if_done()
list empty
dighost.c:4562:lookup_detach(0x7ffa2ae01800) = 1
clear_current_lookup()
lookup cleared
dighost.c:1852:lookup_detach(0x7ffa2ae01800) = 0
destroy_lookup
freeing server 0x7ffa2ae27000 belonging to 0x7ffa2ae01800
start_lookup()
check_if_done()
list empty
shutting down
dighost_shutdown()
unlock_lookup dighost.c:4566
```
### What is the expected *correct* behavior?
No communication error and bind to wait up to 5 seconds for the DNS server to respond instead of giving up instantly.
### Relevant configuration files
resolv.conf:
```
search guest.ktmba. inf.ktmba. office.redacted.com.
nameserver 0000:0000:000:0000:000:0000:feca:e1ff
```
### Relevant logs and/or screenshots
Wireshark confirming that `nslookup` did not wait at all for a timeout before retrying, resulting in the DNS server responding twice, resulting in the unreachable response for the first request `nslookup` didn't wait for.
![2023-09-09-225658_922x104_scrot](/uploads/2b23d504c1c1d2a2f32d8b5cb40d59da/2023-09-09-225658_922x104_scrot.png)https://gitlab.isc.org/isc-projects/bind9/-/issues/4306Implement incremental hashing2023-11-09T10:56:18ZOndřej SurýImplement incremental hashingWhen computing the hash for the hashtables (both isc_ht and isc_hashmap), we sometimes use `dns_name_t` + something (something could be class, type or arbitrary value).
Currently, this requires copying the content of `dns_name_t` into p...When computing the hash for the hashtables (both isc_ht and isc_hashmap), we sometimes use `dns_name_t` + something (something could be class, type or arbitrary value).
Currently, this requires copying the content of `dns_name_t` into packed structure with the "something" appended, so we can hash that as a single `uint8_t` array.
Incremental rehashing would allow "fractured" keys.November 2023 (9.16.45, 9.16.45-S1, 9.18.20, 9.18.20-S1, 9.19.18)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4305dynamic update that replaces all apex NS records leaves a mix of old and new ...2023-10-06T16:23:09ZHåkan Lindqvistdynamic update that replaces all apex NS records leaves a mix of old and new recordsIf you send a dynamic update which replaces all the NS records at the apex (removes old + adds new), this currently results in something like this (as detailed in the log):
```
deleting an RR at example.com NS
attempt to delete last NS ...If you send a dynamic update which replaces all the NS records at the apex (removes old + adds new), this currently results in something like this (as detailed in the log):
```
deleting an RR at example.com NS
attempt to delete last NS ignored
adding an RR at 'example.com' NS ns1.example.com.
adding an RR at 'example.com' NS ns2.example.com.
```
Ie, because this "attempt to delete last NS ignored" check, seemingly meant to guard against leaving a zone in an invalid state, triggers without taking the entire transaction into account, BIND skips part of the update and leaves a mix of old and new records for no good reason (the end result would have been perfectly valid).
Additionally, I think really if such a validation step fails, I really believe that the reasonable behavior would be that no change is applied at all, and that an error rcode would be returned, rather than silently making part of the requested change.https://gitlab.isc.org/isc-projects/bind9/-/issues/4304Running with BIND 9.18.18 and libuv 1.44.1 giving error that "libuv version i...2023-09-07T11:08:01ZVirender KumarRunning with BIND 9.18.18 and libuv 1.44.1 giving error that "libuv version is to new".<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confident...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confidential!
-->
### Summary
We have compiled the latest BIND 9.18.18 with libuv 1.44.1.
The compilation was successfully done.
At the runtime, we encounter the error "libuv version too new: running with libuv 1.44.1 when compiled with libuv 1.44.1 will lead to libuv failures".
As per the below link, a maximal libuv version check is introduced in `lib/isc/netmgr/netmgr.c` file which says that the libuv version should not be greater than 1.34.99
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7480/diffs?commit_id=687a9e93fc5a5fa28550bba6dcf340dd9305b141
As per the BIND release notes in section 11.10.2, second bullet point, Running with libuv higher than 1.34.2 is now a fatal error when named is built against libuv 1.34.2.
But in our case, the libuv version compiled version is 1.44.1 and runtime version is also same.
Still as per the current code in netmgr.c file, we are getting the error that libuv version is too new.
### BIND version used
```
BIND 9.18.18 (Extended Support Version) <id:1f8de2f>
running on Linux x86_64 4.18.0-372.64.1.el8_6.x86_64 #1 SMP Thu Jun 29 14:42:09 EDT 2023
built by make with '--prefix=/opt/af' '--sysconfdir=/etc/opt/af' '--with-openssl=no' '--disable-doh' 'PKG_CONFIG_PATH=/proj/vau/dev/bind/libuv/1.44.1/linux/libuv-v1.44.1:/proj/vau/dev/bind/jemalloc/5.3.0/linux/jemalloc-5.3.0/'
compiled by GCC 8.5.0 20210514 (Red Hat 8.5.0-16)
compiled with OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021
linked to OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021
compiled with libuv version: 1.44.1
linked to libuv version: 1.44.1
compiled with libxml2 version: 2.9.7
linked to libxml2 version: 20907
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/opt/af/named.conf
rndc configuration: /etc/opt/af/rndc.conf
DNSSEC root key: /etc/opt/af/bind.keys
nsupdate session key: /opt/af/var/run/named/session.key
named PID file: /opt/af/var/run/named/named.pid
named lock file: /opt/af/var/run/named/named.lock
```
### Steps to reproduce
1. Compile the BIND 9.18.18 with libuv 1.44.1
2. There are no errors in compilation.
3. On runtime, the errors comes on the console that "libuv version too new: running with libuv 1.44.1 when compiled with libuv 1.44.1 will lead to libuv failures".
### What is the current *bug* behavior?
The BIND does not able to start due to this strict validation check of libuv version of 1.34.99 in netmgr.c file at the runtime.
### What is the expected *correct* behavior?
As per the recommendation from BIND, we should not use libuv 1.35 and 1.36 version.
But even after using libuv 1.44.1, this check prevents the bind to start at runtime giving the error that libuv version is too new.
### Relevant configuration files
(Paste any relevant configuration files - please use code blocks (```)
to format console output. If submitting the contents of your
configuration file in a non-confidential Issue, it is advisable to
obscure key secrets: this can be done automatically by using
`named-checkconf -px`.)
### Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console
output, logs, and code, as it's very hard to read otherwise.)
### Possible fixes
The maximal libuv version check introduced in “lib/isc/netmgr/netmgr.c” file should be tweaked such that it should not fail at runtime when BIND is compiled with libuv version greater than 1.44.https://gitlab.isc.org/isc-projects/bind9/-/issues/4302named hangs after checkds test in cross-version-config-tests2023-10-04T13:26:29ZMark Andrewsnamed hangs after checkds test in cross-version-config-testsJob [#3642568](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3642568) failed for 5a990c0ba64a0f6ffe273ea9cad8112d979c7305:
```
2023-09-07 00:34:17 INFO:checkds I:checkds_tmp_pw7sw_j1:ns9 didn't die when sent a SIGTERM
2023-09-07 ...Job [#3642568](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3642568) failed for 5a990c0ba64a0f6ffe273ea9cad8112d979c7305:
```
2023-09-07 00:34:17 INFO:checkds I:checkds_tmp_pw7sw_j1:ns9 didn't die when sent a SIGTERM
2023-09-07 00:34:17 ERROR:checkds Failed to stop servers
2023-09-07 00:34:17 INFO:checkds I:checkds_tmp_pw7sw_j1:Core dump(s) found: /builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1/ns9/core.59289
2023-09-07 00:34:17 INFO:checkds D:checkds_tmp_pw7sw_j1:backtrace from /builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1/ns9/core.59289:
2023-09-07 00:34:17 INFO:checkds D:checkds_tmp_pw7sw_j1:--------------------------------------------------------------------------------
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:Core was generated by `/builds/isc-projects/bind9/bin/named/.libs/named -D checkds_tmp_pw7sw_j1-ns9 -X'.
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:Program terminated with signal SIGABRT, Aborted.
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:#0 futex_wait (private=0, expected=0, futex_word=0x7f1f01469754) at ../sysdeps/nptl/futex-internal.h:146
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:[Current thread is 1 (Thread 0x7f1f01803500 (LWP 59289))]
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:#0 futex_wait (private=0, expected=0, futex_word=0x7f1f01469754) at ../sysdeps/nptl/futex-internal.h:146
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:#1 futex_wait_simple (private=0, expected=0, futex_word=0x7f1f01469754) at ../sysdeps/nptl/futex-internal.h:177
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:#2 ___pthread_barrier_wait (barrier=0x7f1f01469750) at ./nptl/pthread_barrier_wait.c:184
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:#3 0x00007f1f04f7a21d in loop_thread (arg=arg@entry=0x7f1f014ae800) at loop.c:288
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:#4 0x00007f1f04f89b47 in thread_body (wrap=0x55b020286600) at thread.c:85
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:#5 0x00007f1f04f89bc0 in isc_thread_main (func=func@entry=0x7f1f04f7a174 <loop_thread>, arg=0x7f1f014ae800) at thread.c:116
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:#6 0x00007f1f04f7b14e in isc_loopmgr_run (loopmgr=0x7f1f014696c0) at loop.c:454
2023-09-07 00:34:26 INFO:checkds D:/builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1:#7 0x000055b01fc81900 in main (argc=<optimized out>, argv=<optimized out>) at main.c:1592
2023-09-07 00:34:26 INFO:checkds D:checkds_tmp_pw7sw_j1:--------------------------------------------------------------------------------
2023-09-07 00:34:26 INFO:checkds D:checkds_tmp_pw7sw_j1:full backtrace from /builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1/ns9/core.59289 saved in /builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1/ns9/core.59289-backtrace.txt
2023-09-07 00:34:27 INFO:checkds D:checkds_tmp_pw7sw_j1:core dump /builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1/ns9/core.59289 archived as /builds/isc-projects/bind9/bin/tests/system/checkds_tmp_pw7sw_j1/ns9/core.59289.gz
2023-09-07 00:34:27 ERROR:checkds Found core dumps
```November 2023 (9.16.45, 9.16.45-S1, 9.18.20, 9.18.20-S1, 9.19.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/4299CID 465168: Null pointer dereference in lib/ns/client.c2023-10-04T13:26:29ZMichal NowakCID 465168: Null pointer dereference in lib/ns/client.cCoverity Scan claims null pointer dereference in `lib/ns/client.c` on ~"v9.18". Possibly a result of !8271.
```
/lib/ns/client.c: 1675 in ns__client_put_cb()
1669 dns_message_puttemprdataset(client->message, &client->opt);
1670 ...Coverity Scan claims null pointer dereference in `lib/ns/client.c` on ~"v9.18". Possibly a result of !8271.
```
/lib/ns/client.c: 1675 in ns__client_put_cb()
1669 dns_message_puttemprdataset(client->message, &client->opt);
1670 }
1671 client_extendederror_reset(client);
1672
1673 dns_message_detach(&client->message);
1674
>>> CID 465168: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "client->manager" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1675 if (client->manager != NULL) {
1676 ns_clientmgr_detach(&client->manager);
1677 }
1678
1679 /*
1680 * Detaching the task must be done after unlinking from
```November 2023 (9.16.45, 9.16.45-S1, 9.18.20, 9.18.20-S1, 9.19.18)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4296Require jemalloc >= 4.0.02023-09-06T08:49:45ZOndřej SurýRequire jemalloc >= 4.0.0The recent commit that fixes send buffer hungry allocations requires features available only in jemalloc >= 4.0.0:
* memory arenas
* tcache
Instead of working around the ancient jemalloc <= 4 version, make it hard requirement by checki...The recent commit that fixes send buffer hungry allocations requires features available only in jemalloc >= 4.0.0:
* memory arenas
* tcache
Instead of working around the ancient jemalloc <= 4 version, make it hard requirement by checking for `sdallocx()` symbol that's only available in the jemalloc >= 4.0.0September 2023 (9.16.44, 9.16.44-S1, 9.18.19, 9.18.19-S1, 9.19.17)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4295nslookup: No need to try the next server after getting the authoritative answer2023-09-05T12:26:53Z罗震宇nslookup: No need to try the next server after getting the authoritative answer<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confident...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confidential!
-->
### Summary
The DNS server returns an authoritative answer, but nslookup won't use that.
### nslookup version used
nslookup 9.11.5-P4-5.1+deb10u6-Debian
### Steps to reproduce
#### Step 1: Set your local dns to these DNS servers of Google.
```text
nameserver 216.239.32.10 // ns1.google.com
nameserver 216.239.34.10 // ns2.google.com
nameserver 8.8.8.8 // Google public DNS
nameserver 8.8.4.4 // Google public DNS
```
#### Step 2: nslookup www.google.com
An authoritative answer can be found at ns1.google.com, but nslookup won't use that and try the next server.
```bash
$ nslookup www.google.com
;; Got recursion not available from 216.239.32.10, trying next server
;; Got recursion not available from 216.239.34.10, trying next server
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: www.google.com
Address: 142.251.167.99
Name: www.google.com
Address: 142.251.167.104
Name: www.google.com
Address: 142.251.167.106
Name: www.google.com
Address: 142.251.167.147
Name: www.google.com
Address: 142.251.167.103
Name: www.google.com
Address: 142.251.167.105
;; Got recursion not available from 216.239.32.10, trying next server
;; Got recursion not available from 216.239.34.10, trying next server
Name: www.google.com
Address: 2607:f8b0:4004:c1d::63
Name: www.google.com
Address: 2607:f8b0:4004:c1d::68
Name: www.google.com
Address: 2607:f8b0:4004:c1d::6a
Name: www.google.com
Address: 2607:f8b0:4004:c1d::67
```
#### Step 3: dig www.google.com
The DNS server returns AA flag but not RA flag.
```bash
$ dig www.google.com
; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24959
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 300 IN A 172.253.63.147
www.google.com. 300 IN A 172.253.63.103
www.google.com. 300 IN A 172.253.63.104
www.google.com. 300 IN A 172.253.63.105
www.google.com. 300 IN A 172.253.63.99
www.google.com. 300 IN A 172.253.63.106
;; Query time: 1 msec
;; SERVER: 216.239.32.10#53(216.239.32.10)
;; WHEN: Tue Sep 05 11:44:56 UTC 2023
;; MSG SIZE rcvd: 139
```
### What is the current *bug* behavior?
nslookup ignores the authoritative answer but expect the answer with a recursion available flag.
### What is the expected *correct* behavior?
nslookup respects the authoritative answer.
### Possible fixes
https://gitlab.isc.org/isc-projects/bind9/-/blob/main/bin/dig/dighost.c#L4302-L4329
```c
if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) ||
- (check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse))
+ (check_ra && (msg->flags & (DNS_MESSAGEFLAG_AA | DNS_MESSAGEFLAG_RA)) == 0 && l->recurse))
```https://gitlab.isc.org/isc-projects/bind9/-/issues/4292Uncleared libcrypto error: crypto/evp/evp_fetch.c:373 inner_evp_generic_fetch2023-09-06T08:51:40ZMichal NowakUncleared libcrypto error: crypto/evp/evp_fetch.c:373 inner_evp_generic_fetchJob [#3632150](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3632150) failed for 5969a7c1ac8013926f64bd857e431354e82e7d04.
The `rdata_test` unit test permanently fails on Oracle Linux 9 FIPS after the fix for isc-projects/bind9#4159 ...Job [#3632150](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3632150) failed for 5969a7c1ac8013926f64bd857e431354e82e7d04.
The `rdata_test` unit test permanently fails on Oracle Linux 9 FIPS after the fix for isc-projects/bind9#4159 was merged.
```
[==========] Running 26 test(s).
[ RUN ] amtrelay
# Uncleared libcrypto error: crypto/evp/evp_fetch.c:373 inner_evp_generic_fetch Global default library context, Algorithm (MD5 : 97), Properties (<null>) 50856204 3
leak
[ LINE ] --- rdata_test.c:142: error: Failure!../../tests/unit-test-driver.sh: line 36: 25969 Aborted (core dumped) "${TEST_PROGRAM}"
I:rdata_test:Core dump found: ./core.25969
D:rdata_test:backtrace from ./core.25969 start
[New LWP 25969]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/builds/isc-projects/bind9/tests/dns/.libs/lt-rdata_test'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007f53064a158c in __pthread_kill_implementation () from /lib64/libc.so.6
Thread 1 (Thread 0x7f530631a500 (LWP 25969)):
#0 0x00007f53064a158c in __pthread_kill_implementation () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007f5306454d46 in raise () from /lib64/libc.so.6
No symbol table info available.
#2 0x00007f53064287f3 in abort () from /lib64/libc.so.6
No symbol table info available.
#3 0x00007f53071a2255 in exit_test.constprop () from /lib64/libcmocka.so.0
No symbol table info available.
#4 0x00007f53071a2301 in _fail () from /lib64/libcmocka.so.0
No symbol table info available.
#5 0x00000000004049ba in detect_uncleared_libcrypto_error () at rdata_test.c:142
file = 0x7f5305c65440 "crypto/evp/evp_fetch.c"
func = 0x7f5305c65bc0 "inner_evp_generic_fetch"
data = 0x7f5305c0a460 "Global default library context, Algorithm (MD5 : 97), Properties (<null>)"
line = 373
flags = 3
err = <optimized out>
leak = true
#6 0x0000000000405805 in check_text_ok_single (text_ok=text_ok@entry=0x7fff0d6c3b88, rdclass=rdclass@entry=1, type=type@entry=260, structsize=structsize@entry=152) at rdata_test.c:427
buf_fromtext = '\000' <repeats 56 times>, ",\000\000\000\000\000\000\000 \322)\aS\177\000\000xqB\000\000\000\000\000@?l\r\377\177\000\000\032\000\000\000\000\000\000\000@>B\000\000\000\000\000\"\271'\aS\177\000\000\001\000\000\000\000\000\000\000\222\272'\aS\177\000\000\230\036A\006S\177\000\000@\227K\006S\177\000\000\000\000\000\000\000\000\000\000\320\017l\r\377\177\000\000@>l\r\377\177\000\000\240\"\032\aS\177\000\000@?l\r\377\177\000\000^\215&\aS\177\000\000\270c@", '\000' <repeats 13 times>...
buf_fromwire = '\000' <repeats 584 times>...
buf_towire = '\000' <repeats 1023 times>
rdata = {data = 0x7fff0d6c0b40 "", length = 2, rdclass = 1, type = 260, flags = 0, link = {prev = 0xffffffffffffffff, next = 0xffffffffffffffff}}
rdata2 = {data = 0x0, length = 0, rdclass = 0, type = 0, flags = 0, link = {prev = 0xffffffffffffffff, next = 0xffffffffffffffff}}
buf_totext = "0 0 0", '\000' <repeats 1018 times>
target = {magic = 1114990113, base = 0x7fff0d6bfee0, length = 1024, used = 5, current = 0, active = 0, extra = 0, dynamic = false, link = {prev = 0xffffffffffffffff, next = 0xffffffffffffffff}, mctx = 0x0}
result = ISC_R_SUCCESS
length = 0
i = <optimized out>
#7 0x0000000000406291 in check_text_ok (structsize=152, type=260, rdclass=1, text_ok=0x7fff0d6c0cd0) at rdata_test.c:675
i = <optimized out>
#8 check_rdata (text_ok=text_ok@entry=0x7fff0d6c3b40, wire_ok=wire_ok@entry=0x7fff0d6c0ff0, compare_ok=compare_ok@entry=0x0, empty_ok=empty_ok@entry=false, rdclass=rdclass@entry=1, type=type@entry=260, structsize=152) at rdata_test.c:793
No locals.
#9 0x000000000040641f in run_test_amtrelay (state=<optimized out>) at rdata_test.c:1121
text_ok = {{text_in = 0x4242cc "", text_out = 0x0, loop = 0}, {text_in = 0x40b49c "0", text_out = 0x0, loop = 0}, {text_in = 0x40b49a "0 0", text_out = 0x0, loop = 0}, {text_in = 0x40b498 "0 0 0", text_out = 0x40b498 "0 0 0", loop = 0}, {text_in = 0x40ae82 "0 1 0", text_out = 0x40ae82 "0 1 0", loop = 0}, {text_in = 0x40ae88 "0 2 0", text_out = 0x0, loop = 0}, {text_in = 0x40ae8e "255 1 0", text_out = 0x40ae8e "255 1 0", loop = 0}, {text_in = 0x40ae96 "256 1 0", text_out = 0x0, loop = 0}, {text_in = 0x40ae9e "0 0 1", text_out = 0x0, loop = 0}, {text_in = 0x40aea4 "0 0 1 0.0.0.0", text_out = 0x40aea4 "0 0 1 0.0.0.0", loop = 0}, {text_in = 0x40aeb2 "0 0 1 0.0.0.0 x", text_out = 0x0, loop = 0}, {text_in = 0x40aec2 "0 0 1 0.0.0.0.0", text_out = 0x0, loop = 0}, {text_in = 0x40aed2 "0 0 1 ::", text_out = 0x0, loop = 0}, {text_in = 0x40aedb "0 0 1 .", text_out = 0x0, loop = 0}, {text_in = 0x40aee3 "0 0 2", text_out = 0x0, loop = 0}, {text_in = 0x40aee9 "0 0 2 ::", text_out = 0x40aee9 "0 0 2 ::", loop = 0}, {text_in = 0x40aef2 "0 0 2 :: xx", text_out = 0x0, loop = 0}, {text_in = 0x40aefe "0 0 2 0.0.0.0", text_out = 0x0, loop = 0}, {text_in = 0x40af0c "0 0 2 .", text_out = 0x0, loop = 0}, {text_in = 0x40af14 "0 0 3", text_out = 0x0, loop = 0}, {text_in = 0x40af1a "0 0 3 0.0.0.0", text_out = 0x40af28 "0 0 3 0.0.0.0.", loop = 0}, {text_in = 0x40af37 "0 0 3 ::", text_out = 0x40af40 "0 0 3 ::.", loop = 0}, {text_in = 0x40af4a "0 0 3 example", text_out = 0x40af58 "0 0 3 example.", loop = 0}, {text_in = 0x40af58 "0 0 3 example.", text_out = 0x40af58 "0 0 3 example.", loop = 0}, {text_in = 0x40af67 "0 0 3 example. x", text_out = 0x0, loop = 0}, {text_in = 0x40af78 "\\# 2 0004", text_out = 0x40af78 "\\# 2 0004", loop = 0}, {text_in = 0x40af82 "\\# 2 0084", text_out = 0x40af82 "\\# 2 0084", loop = 0}, {text_in = 0x40af8c "\\# 2 007F", text_out = 0x40af8c "\\# 2 007F", loop = 0}, {text_in = 0x40af96 "\\# 3 000400", text_out = 0x40af96 "\\# 3 000400", loop = 0}, {text_in = 0x40afa2 "\\# 3 008400", text_out = 0x40afa2 "\\# 3 008400", loop = 0}, {text_in = 0x40afae "\\# 3 00FF00", text_out = 0x40afae "\\# 3 00FF00", loop = 0}, {text_in = 0x0, text_out = 0x0, loop = 0}}
wire_ok = {{data = '\000' <repeats 511 times>, len = 1, ok = false, loop = 0}, {data = '\000' <repeats 511 times>, len = 2, ok = true, loop = 0}, {data = "\000\200", '\000' <repeats 509 times>, len = 2, ok = true, loop = 0}, {data = '\000' <repeats 511 times>, len = 3, ok = false, loop = 0}, {data = "\000\200", '\000' <repeats 509 times>, len = 3, ok = false, loop = 0}, {data = "\000\001", '\000' <repeats 509 times>, len = 2, ok = false, loop = 0}, {data = "\000\001", '\000' <repeats 509 times>, len = 3, ok = false, loop = 0}, {data = "\000\001", '\000' <repeats 509 times>, len = 4, ok = false, loop = 0}, {data = "\000\001", '\000' <repeats 509 times>, len = 5, ok = false, loop = 0}, {data = "\000\001", '\000' <repeats 509 times>, len = 6, ok = true, loop = 0}, {data = "\000\001", '\000' <repeats 509 times>, len = 7, ok = false, loop = 0}, {data = "\000\002", '\000' <repeats 509 times>, len = 2, ok = false, loop = 0}, {data = "\000\002", '\000' <repeats 509 times>, len = 3, ok = false, loop = 0}, {data = "\000\002\000\001\002\003\004\005\006\a\b\t\020\021\022\023\024\025", '\000' <repeats 493 times>, len = 18, ok = true, loop = 0}, {data = "\000\002\000\001\002\003\004\005\006\a\b\t\020\021\022\023\024\025\026", '\000' <repeats 492 times>, len = 19, ok = false, loop = 0}, {data = "\000\003", '\000' <repeats 509 times>, len = 2, ok = false, loop = 0}, {data = "\000\003", '\000' <repeats 509 times>, len = 3, ok = true, loop = 0}, {data = "\000\003", '\000' <repeats 509 times>, len = 4, ok = false, loop = 0}, {data = "\000\004", '\000' <repeats 509 times>, len = 2, ok = true, loop = 0}, {data = "\000\004", '\000' <repeats 509 times>, len = 3, ok = true, loop = 0}, {data = '\000' <repeats 511 times>, len = 0, ok = false, loop = 0}}
#10 0x00007f53071a4cb1 in cmocka_run_one_test_or_fixture () from /lib64/libcmocka.so.0
No symbol table info available.
#11 0x00007f53071a538b in _cmocka_run_group_tests () from /lib64/libcmocka.so.0
No symbol table info available.
#12 0x00000000004071af in main () at rdata_test.c:3167
r = <optimized out>
D:rdata_test:backtrace from ./core.25969 end
FAIL rdata_test (exit status: 134)
```September 2023 (9.16.44, 9.16.44-S1, 9.18.19, 9.18.19-S1, 9.19.17)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/4291RNDC system test failed to run to completion2023-09-08T09:42:50ZMark AndrewsRNDC system test failed to run to completionJob [#3628321](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3628321) failed for 6a1a73759a51e38752970892821b24e137ba5465:
`check if query for the zone returns SERVFAIL` test failed as the `dig` command timed out. It is attempting t...Job [#3628321](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3628321) failed for 6a1a73759a51e38752970892821b24e137ba5465:
`check if query for the zone returns SERVFAIL` test failed as the `dig` command timed out. It is attempting to elicit a `SERVFAIL` response while the zone is loading but failed to get any response. At a minimum `|| ret=` needs to be added to the dig command to allow the test to complete and report failure. We also need to try to determine why named failed to respond while the server was loading `huge.zone`.
```
2023-09-01 02:25:00 INFO:rndc I:rndc_tmp_sza8xpb1:test 'rndc reconfig' with loading of a large zone (53)
2023-09-01 02:25:00 INFO:rndc I:rndc_tmp_sza8xpb1:reloading config
2023-09-01 02:25:01 INFO:rndc I:rndc_tmp_sza8xpb1:check if zone load was scheduled (54)
2023-09-01 02:25:01 INFO:rndc I:rndc_tmp_sza8xpb1:check if query for the zone returns SERVFAIL (55)
---------------------------- Captured log teardown -----------------------------
2023-09-01 02:25:19 INFO:rndc test artifacts in: rndc_rndc
$ awk '/^=+ ERRORS =+/{flag=1;next}/^=+.*=+$/{flag=0}flag' bin/tests/system/pytest.out.txt || true
$ find bin/tests/system -name "*dig.*" | xargs grep "error" || true
bin/tests/system/rndc_tmp_sza8xpb1/dig.out.4.test31:;; communications error to 10.53.0.4#19999: timed out
bin/tests/system/rndc_tmp_sza8xpb1/dig.out.1.test55:;; communications error to 10.53.0.6#19999: timed out
bin/tests/system/rndc_tmp_sza8xpb1/dig.out.1.test55:;; communications error to 10.53.0.6#19999: timed out
bin/tests/system/rndc_tmp_sza8xpb1/dig.out.1.test55:;; communications error to 10.53.0.6#19999: timed out
$ PYTHON="$(source bin/tests/system/conf.sh; echo $PYTHON)"
```
```
n=$((n+1))
echo_i "test 'rndc reconfig' with loading of a large zone ($n)"
ret=0
nextpart ns6/named.run > /dev/null
cp ns6/named.conf ns6/named.conf.save
echo "zone \"huge.zone\" { type primary; file \"huge.zone.db\"; };" >> ns6/named.conf
echo_i "reloading config"
$RNDCCMD 10.53.0.6 reconfig > rndc.out.1.test$n 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
sleep 1
n=$((n+1))
echo_i "check if zone load was scheduled ($n)"
wait_for_log_peek 20 "scheduled loading new zones" ns6/named.run || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
n=$((n+1))
echo_i "check if query for the zone returns SERVFAIL ($n)"
$DIG @10.53.0.6 -p ${PORT} -t soa huge.zone > dig.out.1.test$n
grep "SERVFAIL" dig.out.1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed (ignored)"; ret=0; fi
status=$((status+ret))
n=$((n+1))
echo_i "wait for the zones to be loaded ($n)"
wait_for_log_peek 60 "huge.zone/IN: loaded serial" ns6/named.run || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
n=$((n+1))
echo_i "check if query for the zone returns NOERROR ($n)"
$DIG @10.53.0.6 -p ${PORT} -t soa huge.zone > dig.out.1.test$n
grep "NOERROR" dig.out.1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
```
```
01-Sep-2023 02:25:00.172 received control channel command 'reconfig'
...
01-Sep-2023 02:25:00.184 load_configuration: success
01-Sep-2023 02:25:00.184 reloading configuration succeeded
01-Sep-2023 02:25:00.184 loop exclusive mode: starting
01-Sep-2023 02:25:00.184 loop exclusive mode: started
01-Sep-2023 02:25:00.188 loop exclusive mode: ending
01-Sep-2023 02:25:00.188 loop exclusive mode: ended
01-Sep-2023 02:25:00.188 scheduled loading new zones
01-Sep-2023 02:25:00.188 zone huge.zone/IN: starting load
01-Sep-2023 02:25:00.188 zone_startload: zone huge.zone/IN: enter
01-Sep-2023 02:25:00.192 huge.zone.db:234: signature has expired
01-Sep-2023 02:25:11.184 zone huge.zone/IN: number of nodes in database: 250163
01-Sep-2023 02:25:11.184 zone huge.zone/IN: no journal file, but that's OK
01-Sep-2023 02:25:11.184 zone huge.zone/IN: loaded; checking validity
01-Sep-2023 02:25:11.184 zone huge.zone/IN: ds01.huge.zone/NS 'ns42.huge.zone' has no address records (A or AAAA)
01-Sep-2023 02:25:11.184 zone huge.zone/IN: ds02.huge.zone/NS 'ns43.huge.zone' has no address records (A or AAAA)
01-Sep-2023 02:25:14.972 zone huge.zone/IN: mx01.huge.zone/MX 'mail.huge.zone' has no address records (A or AAAA)
01-Sep-2023 02:25:14.972 zone huge.zone/IN: 'spf01.huge.zone' found type SPF record but no SPF TXT record found, add matching type TXT record
01-Sep-2023 02:25:14.972 zone huge.zone/IN: 'spf02.huge.zone' found type SPF record but no SPF TXT record found, add matching type TXT record
01-Sep-2023 02:25:14.972 zone huge.zone/IN: srv02.huge.zone/SRV 'old-slow-box.huge.zone' has no address records (A or AAAA)
01-Sep-2023 02:25:18.652 dns_zone_verifydb: zone huge.zone/IN: enter
01-Sep-2023 02:25:18.652 zone huge.zone/IN: loaded serial 1397051952
01-Sep-2023 02:25:18.652 zone_postload: zone huge.zone/IN: done
01-Sep-2023 02:25:18.652 any newly configured zones are now loaded
01-Sep-2023 02:25:18.652 FIPS mode is disabled
01-Sep-2023 02:25:18.652 zone__settimer: zone version.bind/CH: enter
01-Sep-2023 02:25:18.652 zone_timer_stop: zone version.bind/CH: stop zone timer
01-Sep-2023 02:25:18.652 zone__settimer: zone hostname.bind/CH: enter
01-Sep-2023 02:25:18.652 zone_timer_stop: zone hostname.bind/CH: stop zone timer
01-Sep-2023 02:25:18.652 zone__settimer: zone id.server/CH: enter
01-Sep-2023 02:25:18.652 running
```September 2023 (9.16.44, 9.16.44-S1, 9.18.19, 9.18.19-S1, 9.19.17)https://gitlab.isc.org/isc-projects/bind9/-/issues/4290raise log level to ISC_LOG_NOTICE on FORMERR in xfrin.c2023-09-06T10:15:35ZMark Andrewsraise log level to ISC_LOG_NOTICE on FORMERR in xfrin.cThere is also a FORMERR without an associated log message.There is also a FORMERR without an associated log message.September 2023 (9.16.44, 9.16.44-S1, 9.18.19, 9.18.19-S1, 9.19.17)https://gitlab.isc.org/isc-projects/bind9/-/issues/4289Release Checklist for BIND 9.16.44, 9.16.44-S1, 9.18.19, 9.18.19-S1, 9.19.172023-09-22T10:46:47ZMichał KępieńRelease Checklist for BIND 9.16.44, 9.16.44-S1, 9.18.19, 9.18.19-S1, 9.19.17## Release Schedule
**Code Freeze:** Wednesday, 6 September 2023
**Tagging Deadline:** Monday, 11 September 2023
**Public Release:** Wednesday, 20 September 2023
## Documentation Review Links
**Closed issues assigned to the mileston...## Release Schedule
**Code Freeze:** Wednesday, 6 September 2023
**Tagging Deadline:** Monday, 11 September 2023
**Public Release:** Wednesday, 20 September 2023
## Documentation Review Links
**Closed issues assigned to the milestone without a release note:**
- [9.16.44](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.16)
- [9.16.44-S1](https://gitlab.isc.org/isc-private/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.16-S)
- [9.18.19](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.18)
- [9.18.19-S1](https://gitlab.isc.org/isc-private/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.18-S)
- [9.19.17](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.19)
**Merge requests merged into the milestone without a release note:**
- [9.16.44](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=bind-9.16)
- [9.16.44-S1](https://gitlab.isc.org/isc-private/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=bind-9.16-sub)
- [9.18.19](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=bind-9.18)
- [9.18.19-S1](https://gitlab.isc.org/isc-private/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=bind-9.18-sub)
- [9.19.17](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=main)
**Merge requests merged into the milestone without a `CHANGES` entry:**
- [9.16.44](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29&label_name%5B%5D=No+CHANGES&target_branch=bind-9.16)
- [9.16.44-S1](https://gitlab.isc.org/isc-private/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29&label_name%5B%5D=No+CHANGES&target_branch=bind-9.16-sub)
- [9.18.19](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29&label_name%5B%5D=No+CHANGES&target_branch=bind-9.18)
- [9.18.19-S1](https://gitlab.isc.org/isc-private/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29&label_name%5B%5D=No+CHANGES&target_branch=bind-9.18-sub)
- [9.19.17](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=September+2023+%289.16.44%2C+9.16.44-S1%2C+9.18.19%2C+9.18.19-S1%2C+9.19.17%29&label_name%5B%5D=No+CHANGES&target_branch=main)
## Release Checklist
### Before the Code Freeze
- [x] ***(QA)*** Rebase -S editions on top of current open-source versions: `git checkout bind-9.18-sub && git rebase origin/bind-9.18`
- [x] ***(QA)*** [Inform](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/inform_supp_marketing.py) Support and Marketing of impending release (and give estimated release dates).
- [x] ***(QA)*** Ensure there are no permanent test failures on any platform. Check [public](https://gitlab.isc.org/isc-projects/bind9/-/pipelines?scope=all&source=schedule) and [private](https://gitlab.isc.org/isc-private/bind9/-/pipelines?scope=all&source=schedule) scheduled pipelines.
- [x] ***(QA)*** Check [Perflab](https://perflab.isc.org/) to ensure there has been no unexplained drop in performance for the versions being released.
- [x] ***(QA)*** Check whether all issues assigned to the release milestone are resolved[^1].
- [x] ***(QA)*** Ensure that there are no outstanding [merge requests in the private repository](https://gitlab.isc.org/isc-private/bind9/-/merge_requests/)[^1] (Subscription Edition only).
- [x] ***(QA)*** [Ensure](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/check_backports.py) all merge requests marked for backporting have been indeed backported.
- [x] ***(QA)*** [Announce](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/inform_code_freeze.py) (on Mattermost) that the code freeze is in effect.
### Before the Tagging Deadline
- [x] ***(QA)*** Inspect the current output of the `cross-version-config-tests` job to verify that no unexpected backward-incompatible change was introduced in the current release cycle.
- [x] ***(QA)*** Ensure release notes are correct, ask Support and Marketing to check them as well. [Example](https://gitlab.isc.org/isc-private/bind9/-/merge_requests/510)
- [x] ***(QA)*** Add a release marker to `CHANGES`. Examples: [9.18](https://gitlab.isc.org/isc-projects/bind9/-/commit/f14d8ad78c0506fd4247187f2177f8eceeb6b3b9), [9.16](https://gitlab.isc.org/isc-projects/bind9/-/commit/1bcdf21874f99a00da389d723e0ad07dfd70f9f1)
- [x] ***(QA)*** Add a release marker to `CHANGES.SE` (Subscription Edition only). [Example](https://gitlab.isc.org/isc-private/bind9/-/commit/0f03d5737bcbdaa1bf713c6db1887b14938c3421)
- [x] ***(QA)*** Update BIND 9 version in `configure.ac` ([9.18+](https://gitlab.isc.org/isc-projects/bind9/-/commit/3c85ab7f4c35e6d8acef1393606002a0a8730100)) or `version` ([9.16](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7692/diffs?commit_id=1bcdf21874f99a00da389d723e0ad07dfd70f9f1)).
- [x] ***(QA)*** Rebuild `configure` using Autoconf on `docs.isc.org` (9.16).
- [x] ***(QA)*** Update GitLab settings for all maintained branches to disallow merging to them: [public](https://gitlab.isc.org/isc-projects/bind9/-/settings/repository), [private](https://gitlab.isc.org/isc-private/bind9/-/settings/repository)
- [x] ***(QA)*** Tag the releases in the private repository (`git tag -s -m "BIND 9.x.y" v9.x.y`).
### Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases)
- [x] ***(QA)*** Check that the formatting is correct for HTML and PDF versions of release notes.
- [x] ***(QA)*** Check that the formatting of the generated man pages is correct.
- [x] ***(QA)*** Verify GitLab CI results [for the tags](https://gitlab.isc.org/isc-private/bind9/-/pipelines?scope=tags) created and sign off on the releases to be published.
- [x] ***(QA)*** Update GitLab settings for all maintained branches to allow merging to them again: [public](https://gitlab.isc.org/isc-projects/bind9/-/settings/repository), [private](https://gitlab.isc.org/isc-private/bind9/-/settings/repository)
- [x] ***(QA)*** Prepare (using [`version_bump.py`](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/version_bump.py)) and merge MRs resetting the release notes and updating the version string for each maintained branch.
- [x] ***(QA)*** Announce (on Mattermost) that the code freeze is over.
- [x] ***(QA)*** Request signatures for the tarballs, providing their location and checksums. Ask [signers on Mattermost](https://mattermost.isc.org/isc/channels/bind-9-qa).
- [x] ***(Signers)*** Ensure that the contents of tarballs and tags are identical.
- [x] ***(Signers)*** Validate tarball checksums, sign tarballs, and upload signatures.
- [x] ***(QA)*** Verify tarball signatures and check tarball checksums again: Run `publish_bind.sh` on repo.isc.org to pre-publish.
- [x] ***(Support)*** Pre-publish ASN and/or Subscription Edition tarballs so that packages can be built.
- [x] ***(QA)*** Build and test ASN and/or Subscription Edition packages (in [cloudsmith branch in private repo](https://gitlab.isc.org/isc-private/rpms/bind/-/tree/cloudsmith)). [Example](https://gitlab.isc.org/isc-private/rpms/bind/-/commit/e2512f4cfaf991827a635e374e7e93b27a5f38ba)
- [x] ***(QA)*** Prepare the `patches/` subdirectory for each security release (if applicable).
- [x] ***(QA)*** Notify Support that the releases have been prepared.
- [x] ***(Support)*** Send out ASNs (if applicable).
### On the Day of Public Release
- [x] ***(Support)*** Wait for clearance from Security Officer to proceed with the public release (if applicable).
- [x] ***(Support)*** Place tarballs in public location on FTP site.
- [x] ***(Support)*** Publish links to downloads on ISC website. [Example](https://gitlab.isc.org/website/theme-staging-site/-/commit/1ac7b30b73cb03228df4cd5651fa4e774ac35625)
- [x] ***(Support)*** Add the new releases to the [vulnerability matrix in the Knowledge Base](https://kb.isc.org/docs/aa-00913).
- [x] ***(Support)*** [Use the Printing Press project to prepare a release announcement email and send it to the *bind-announce* mailing list.](isc-private/printing-press!69)
- [x] ***(Support)*** ~~Write email to *bind-users* (if a major release). [Example](https://lists.isc.org/pipermail/bind-users/2022-January/105624.html)~~
- [x] ***(Support)*** Send eligible customers updated links to the Subscription Edition (update the -S edition delivery tickets, even if those links were provided earlier via an ASN ticket).
- [x] ***(Support)*** Update tickets in case of waiting support customers.
- [x] ***(QA)*** ~~Build and test any outstanding private packages in [private repo](https://gitlab.isc.org/isc-private/rpms/bind/-/tree/cloudsmith). [Example](https://gitlab.isc.org/isc-private/rpms/bind/-/commit/2007d566db81dd9dfd79e571e2f600a3bc284da4)~~
- [x] ***(QA)*** [Build](https://copr.fedorainfracloud.org/coprs/isc/bind-esv/build/6421336/) [public](https://copr.fedorainfracloud.org/coprs/isc/bind/build/6421337/) [RPMs](https://copr.fedorainfracloud.org/coprs/isc/bind-dev/build/6421366/). [Example commit](https://gitlab.isc.org/isc-packages/rpms/bind/-/commit/3b5e851ea7c4e3570371a4878b5461f02a44f8cc) which triggers [Copr builds](https://copr.fedorainfracloud.org/coprs/isc/) automatically
- [x] ***(SwEng)*** [Build Debian/Ubuntu packages.](https://mattermost.isc.org/isc/pl/x54zjk33z3yidg4bbfw3hze5pa)
- [x] ***(SwEng)*** [Update](isc-projects/bind9-docker@1df6de5faa562394992e411becbd6c187aa3e950) [Docker](isc-projects/bind9-docker@42a68e3bd0282a02306d19923c54513b1843b2c8) [files](isc-projects/bind9-docker@0203a3a20f000e37377c803b335012a0028d7ab1) [here](https://gitlab.isc.org/isc-projects/bind9-docker/-/branches) and make sure push is synchronized to [GitHub](https://github.com/isc-projects/bind9-docker). [Docker Hub](https://hub.docker.com/r/internetsystemsconsortium/bind9) should pick it up automatically. [Example](https://gitlab.isc.org/isc-projects/bind9-docker/-/commit/cada7e10e9af951595c98bfffc4bd42512faac05)
- [x] ***(QA)*** Inform Marketing of the release.
- [x] ***(Marketing)*** ~~Post a short note to Mastodon.~~
- [x] ***(Marketing)*** Update [Wikipedia entry for BIND](https://en.wikipedia.org/wiki/BIND).
- [x] ***(Marketing)*** ~~Write blog article (if a major release).~~
- [x] ***(QA)*** Ensure all new tags are annotated and signed. `git show --show-signature v9.19.12`
- [x] ***(QA)*** Push tags for [the](https://gitlab.isc.org/isc-projects/bind9/-/tags/v9.19.17) [published](https://gitlab.isc.org/isc-projects/bind9/-/tags/v9.18.19) [releases](https://gitlab.isc.org/isc-projects/bind9/-/tags/v9.16.44) to the public repository.
- [x] ***(QA)*** Using [`merge_tag.py`](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/merge_tag.py), merge [published](!8319) [release](!8320) [tags](!8321) back into the their relevant development/maintenance branches.
- [x] ***(QA)*** ~~Ensure `allow_failure: true` is removed from the `cross-version-config-tests` job if it was set during the current release cycle.~~
- [x] ***(QA)*** Sanitize confidential issues which are assigned to the current release milestone and do not describe a security vulnerability, then make them public.
- [x] ***(QA)*** Sanitize [confidential issues](https://gitlab.isc.org/isc-projects/bind9/-/issues/?sort=milestone_due_desc&state=opened&confidential=yes) which are assigned to older release milestones and describe security vulnerabilities, then make them public if appropriate[^2].
- [x] ***(QA)*** [Update QA tools used in GitLab CI (e.g. Black, PyLint, Sphinx) by modifying the relevant `Dockerfile`](isc-projects/images!270)
- [x] ***(QA)*** [Run a pipeline to rebuild all images used in GitLab CI.](https://gitlab.isc.org/isc-projects/images/-/pipelines/148059)
- [x] ***(QA)*** [Update `metadata.json` with the upcoming release information.](isc-private/bind-qa!83)
[^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
[^2]: As a rule of thumb, security vulnerabilities which have reproducers merged to the public repository are considered okay for full disclosure.September 2023 (9.16.44, 9.16.44-S1, 9.18.19, 9.18.19-S1, 9.19.17)Michał KępieńMichał Kępień2023-09-20https://gitlab.isc.org/isc-projects/bind9/-/issues/4288dnssec-settime2023-08-29T16:31:51ZJan Sorensendnssec-settime
### Summary
Missing update of Kxxx.dk.+013+31752.state
### BIND version used
BIND 9.18.16
### What is the current *bug* behavior?
The command: dnssec-settime -I +2d -D +20d Kxxx.dk.+013+31752
will update: Kxxx.dk.+013+31752.key and...
### Summary
Missing update of Kxxx.dk.+013+31752.state
### BIND version used
BIND 9.18.16
### What is the current *bug* behavior?
The command: dnssec-settime -I +2d -D +20d Kxxx.dk.+013+31752
will update: Kxxx.dk.+013+31752.key and Kxxx.dk.+013+31752.private
However Kxxx.dk.+013+31752.state is not updated.
A subsequent rndc reload will update Kxxx.dk.+013+31752.statehttps://gitlab.isc.org/isc-projects/bind9/-/issues/4287ASSERT query.c:7965 INSIST2023-10-13T12:41:18ZBorja Marcos EA2EKHASSERT query.c:7965 INSIST<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confident...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confidential!
-->
### Summary
An asssertion violation.
### BIND version used
```
BIND 9.16.39 (Extended Support Version) <id:83e26c2>
running on FreeBSD amd64 13.1-RELEASE FreeBSD 13.1-RELEASE fc952ac22 DNS13
built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--without-python' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--without-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--disable-querytrace' '--enable-tcp-fastopen' '--enable-developer' '--enable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd13.1' 'build_alias=amd64-portbld-freebsd13.1' 'CC=cc' 'CFLAGS=-pipe -march=westmere -DLIBICONV_PLUG -g -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf' 'PKG_CONFIG_LIBDIR=/usr/ports/dns/bind916/work/.pkgconfig:/usr/local/libdata/pkgconfig:/usr/local/share/pkgconfig:/usr/libdata/pkgconfig'
compiled by CLANG FreeBSD Clang 13.0.0 (git@github.com:llvm/llvm-project.git llvmorg-13.0.0-0-gd7b669b3a303)
compiled with OpenSSL version: OpenSSL 1.1.1o-freebsd 3 May 2022
linked to OpenSSL version: OpenSSL 1.1.1o-freebsd 3 May 2022
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with zlib version: 1.2.12
linked to zlib version: 1.2.12
compiled with protobuf-c version: 1.4.1
linked to protobuf-c version: 1.4.1
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): no
default paths:
named configuration: /usr/local/etc/namedb/named.conf
rndc configuration: /usr/local/etc/namedb/rndc.conf
DNSSEC root key: /usr/local/etc/namedb/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/pid
named lock file: /var/run/named/named.lock
```
### Steps to reproduce
Probably the result of a query.
### What is the current *bug* behavior?
Assertion:
```
<26>1 2023-08-26T11:37:08.859617+00:00 [redacted] named 48128 - - query.c:7965: INSIST(qctx->rdataset == ((void *)0) || qctx->qtype == ((dns_rdatatype_t)dns_rdatatype_dname)) failed, back trace
<26>1 2023-08-26T11:37:08.859634+00:00 [redacted] named 48128 - - #0 0x30feaa in assertion_failed()+0x5a
<26>1 2023-08-26T11:37:08.859645+00:00 [redacted] named 48128 - - #1 0x6a391d in isc_assertion_failed()+0x2d
<26>1 2023-08-26T11:37:08.859655+00:00 [redacted] named 48128 - - #2 0x39cf59 in query_respond()+0x4f9
<26>1 2023-08-26T11:37:08.859664+00:00 [redacted] named 48128 - - #3 0x38f5a6 in query_prepresponse()+0x1c6
<26>1 2023-08-26T11:37:08.859673+00:00 [redacted] named 48128 - - #4 0x38d741 in query_gotanswer()+0x411
<26>1 2023-08-26T11:37:08.859682+00:00 [redacted] named 48128 - - #5 0x3881fa in query_lookup()+0xb4a
<26>1 2023-08-26T11:37:08.859691+00:00 [redacted] named 48128 - - #6 0x3a628d in query_lookup_stale()+0xad
<26>1 2023-08-26T11:37:08.859704+00:00 [redacted] named 48128 - - #7 0x388cec in fetch_callback()+0x22c
<26>1 2023-08-26T11:37:08.859714+00:00 [redacted] named 48128 - - #8 0x6f62c2 in task_run()+0x422
<26>1 2023-08-26T11:37:08.859723+00:00 [redacted] named 48128 - - #9 0x6f5e95 in isc_task_run()+0x15
<26>1 2023-08-26T11:37:08.859733+00:00 [redacted] named 48128 - - #10 0x6d1d85 in isc__nm_async_task()+0x25
<26>1 2023-08-26T11:37:08.859742+00:00 [redacted] named 48128 - - #11 0x6c9efb in process_netievent()+0xdb
<26>1 2023-08-26T11:37:08.859751+00:00 [redacted] named 48128 - - #12 0x6d1b2a in process_queue()+0x3aa
<26>1 2023-08-26T11:37:08.859760+00:00 [redacted] named 48128 - - #13 0x6d16ef in process_all_queues()+0x2f
<26>1 2023-08-26T11:37:08.859769+00:00 [redacted] named 48128 - - #14 0x6c5e64 in async_cb()+0x24
<26>1 2023-08-26T11:37:08.859778+00:00 [redacted] named 48128 - - #15 0x800cf8e3a in _fini()+0x8005e3d2e
<26>1 2023-08-26T11:37:08.859787+00:00 [redacted] named 48128 - - #16 0x800d0a3f1 in _fini()+0x8005f52e5
<26>1 2023-08-26T11:37:08.859796+00:00 [redacted] named 48128 - - #17 0x800cf9388 in _fini()+0x8005e427c
<26>1 2023-08-26T11:37:08.859805+00:00 [redacted] named 48128 - - #18 0x6c5ecd in nm_thread()+0x4d
<26>1 2023-08-26T11:37:08.859814+00:00 [redacted] named 48128 - - #19 0x6f9adf in isc__trampoline_run()+0x2f
<26>1 2023-08-26T11:37:08.859823+00:00 [redacted] named 48128 - - exiting (due to assertion failure)
<6>1 2023-08-26T11:37:39.754795+00:00 [redacted] kernel - - - pid 48128 (named), jid 0, uid 53: exited on signal 6 (core dumped)
```
```
(gdb) bt
#0 thr_kill () at thr_kill.S:4
#1 0x0000000800df2c74 in __raise (s=s@entry=6)
at /usr/src/lib/libc/gen/raise.c:52
#2 0x0000000800ea4109 in abort () at /usr/src/lib/libc/stdlib/abort.c:67
#3 0x0000000000310150 in assertion_failed (file=0x2836ab "query.c",
line=7965, type=isc_assertiontype_insist,
cond=0x26b3fa "qctx->rdataset == ((void *)0) || qctx->qtype == ((dns_rdatatype_t)dns_rdatatype_dname)") at ./main.c:271
#4 0x00000000006a391d in isc_assertion_failed (file=0x2836ab "query.c",
line=7965, type=isc_assertiontype_insist,
cond=0x26b3fa "qctx->rdataset == ((void *)0) || qctx->qtype == ((dns_rdatatype_t)dns_rdatatype_dname)") at assertions.c:48
#5 0x000000000039cf59 in query_respond (qctx=0x7fffdf5e7d90) at query.c:7965
#6 0x000000000038f5a6 in query_prepresponse (qctx=0x7fffdf5e7d90)
at query.c:10511
#7 0x000000000038d741 in query_gotanswer (qctx=0x7fffdf5e7d90, res=0)
at query.c:7357
#8 0x00000000003881fa in query_lookup (qctx=0x7fffdf5e7d90) at query.c:5996
#9 0x00000000003a628d in query_lookup_stale (client=0x83cb28558)
at query.c:6071
#10 0x0000000000388cec in fetch_callback (task=0x80a44bda0, event=0x83e1adf00)
at query.c:6114
#11 0x00000000006f62c2 in task_run (task=0x80a44bda0) at task.c:859
#12 0x00000000006f5e95 in isc_task_run (task=0x80a44bda0) at task.c:953
#13 0x00000000006d1d85 in isc__nm_async_task (worker=0x8016f1450,
ev0=0x88c8fb040) at netmgr.c:871
#14 0x00000000006c9efb in process_netievent (worker=0x8016f1450,
ievent=0x88c8fb040) at netmgr.c:943
#15 0x00000000006d1b2a in process_queue (worker=0x8016f1450,
type=NETIEVENT_TASK) at netmgr.c:1009
#16 0x00000000006d16ef in process_all_queues (worker=0x8016f1450)
at netmgr.c:790
#17 0x00000000006c5e64 in async_cb (handle=0x8016f1728) at netmgr.c:819
#18 0x0000000800cf8e3a in ?? () from /usr/local/lib/libuv.so.1
#19 0x0000000800d0a3f1 in ?? () from /usr/local/lib/libuv.so.1
#20 0x0000000800cf9388 in uv_run () from /usr/local/lib/libuv.so.1
#21 0x00000000006c5ecd in nm_thread (worker0=0x8016f1450) at netmgr.c:721
#22 0x00000000006f9adf in isc__trampoline_run (arg=0x80161b930)
at trampoline.c:213
#23 0x0000000800d2583a in thread_start (curthread=0x801615100)
at /usr/src/lib/libthr/thread/thr_create.c:292
#24 0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdf5f9000
```
qtcx contents follow as requested
```
(gdb) print *qctx
$2 = {dbuf = 0x80304e990, fname = 0x0, tname = 0x0, rdataset = 0x85d55b200,
sigrdataset = 0x0, noqname = 0x0, qtype = 1, type = 1, options = 0,
redirected = false, is_zone = false, is_staticstub_zone = false,
resuming = false, dns64 = false, dns64_exclude = false, rpz = false,
authoritative = false, want_restart = false, refresh_rrset = false,
need_wildcardproof = false, nxrewrite = false, findcoveringnsec = false,
answer_has_ns = false, wildcardname = {name = {magic = 0, ndata = 0x0,
length = 0, labels = 0, attributes = 0, offsets = 0x0, buffer = 0x0,
link = {prev = 0x0, next = 0x0}, list = {head = 0x0, tail = 0x0}},
offsets = '\000' <repeats 127 times>, buffer = {magic = 0, base = 0x0,
length = 0, used = 0, current = 0, active = 0, link = {prev = 0x0,
next = 0x0}, mctx = 0x0, autore = false},
data = '\000' <repeats 254 times>}, dsname = {name = {magic = 0,
ndata = 0x0, length = 0, labels = 0, attributes = 0, offsets = 0x0,
buffer = 0x0, link = {prev = 0x0, next = 0x0}, list = {head = 0x0,
tail = 0x0}}, offsets = '\000' <repeats 127 times>, buffer = {
magic = 0, base = 0x0, length = 0, used = 0, current = 0, active = 0,
link = {prev = 0x0, next = 0x0}, mctx = 0x0, autore = false},
data = '\000' <repeats 254 times>}, client = 0x83cb28558,
detach_client = false, event = 0x0, db = 0x8024c2400, version = 0x0,
node = 0x818a032b0, zdb = 0x0, znode = 0x0, zfname = 0x0, zversion = 0x0,
zrdataset = 0x0, zsigrdataset = 0x0, rpz_st = 0x0, zone = 0x0,
view = 0x809acee00, result = 0, line = 0}
```
### What is the expected *correct* behavior?
(What you should see instead.)
### Relevant configuration files
(Paste any relevant configuration files - please use code blocks (```)
to format console output. If submitting the contents of your
configuration file in a non-confidential Issue, it is advisable to
obscure key secrets: this can be done automatically by using
`named-checkconf -px`.)
### Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console
output, logs, and code, as it's very hard to read otherwise.)
### Possible fixes
(If you can, link to the line of code that might be responsible for the
problem.)November 2023 (9.16.45, 9.16.45-S1, 9.18.20, 9.18.20-S1, 9.19.18)https://gitlab.isc.org/isc-projects/bind9/-/issues/4286isc_mem_benchmark check of mem unit test killed on Debian 10 "buster"2023-11-10T07:49:25ZMichal Nowakisc_mem_benchmark check of mem unit test killed on Debian 10 "buster"The `isc_mem_benchmark` check of the `mem` unit test is [OOM killed on Debian 10 "buster"](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3614295) (exit code 137) on the `bind-9.18` branch. I can't reproduce it locally, so I bisected t...The `isc_mem_benchmark` check of the `mem` unit test is [OOM killed on Debian 10 "buster"](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3614295) (exit code 137) on the `bind-9.18` branch. I can't reproduce it locally, so I bisected the problem in CI as the problem started only recently ([on Aug 23](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3603661)). The conclusion is that it's not caused by a BIND 9 code change because even running the check on the v9.18.17 tag from the beginning of July [reproduces](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3616504) the issue but, possibly, a CI image change or the AWS image change.November 2023 (9.16.45, 9.16.45-S1, 9.18.20, 9.18.20-S1, 9.19.18)Artem BoldarievArtem Boldariev