BIND issueshttps://gitlab.isc.org/isc-projects/bind9/-/issues2022-08-26T09:07:43Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3479contrib/dlz/modules/{mysql,mysqldyn} sets LDAP_LIBS instead of MYSQL_LIBS2022-08-26T09:07:43ZAndreas Stiegercontrib/dlz/modules/{mysql,mysqldyn} sets LDAP_LIBS instead of MYSQL_LIBS### Summary
From https://gitlab.isc.org/isc-projects/bind9/-/commit/67f76b126900d313b343f563353f8237a6a264d2
and https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5427/diffs
In `contrib/dlz/modules/{mysql,mysqldyn}`. Instead o...### Summary
From https://gitlab.isc.org/isc-projects/bind9/-/commit/67f76b126900d313b343f563353f8237a6a264d2
and https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5427/diffs
In `contrib/dlz/modules/{mysql,mysqldyn}`. Instead of
`LDAP_LIBS=$(shell mysql_config --libs)` you probably means `MYSQL_LIBS [...]`
### BIND version used
9.18.5 (and master)
### Steps to reproduce
n/a, obvious fix (community user reported no bindings to `libmariadb`)
### What is the current *bug* behavior?
mysql bindings not generated
### What is the expected *correct* behavior?
mysql binding generated
### Relevant configuration files
n/a, obvious fix
### Relevant logs and/or screenshots
https://bugzilla.opensuse.org/show_bug.cgi?id=1202149
### Possible fixes
````
- LDAP_LIBS=$(shell mysql_config --libs)
+ MYSQL_LIBS=$(shell mysql_config --libs)
````September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/3478dig +nssearch crashes for the root zone2022-08-26T09:07:43ZArаm Sаrgsyаndig +nssearch crashes for the root zone`dig +nssearch .` command crashes, as discovered and reported by Thomas Amgarten in [this comment](https://gitlab.isc.org/isc-projects/bind9/-/issues/3474#note_305037).
This is a lookup reference counting bug, happening when `dig` sees ...`dig +nssearch .` command crashes, as discovered and reported by Thomas Amgarten in [this comment](https://gitlab.isc.org/isc-projects/bind9/-/issues/3474#note_305037).
This is a lookup reference counting bug, happening when `dig` sees a bad cookie in one of the queries running in parallel, and re-queues the lookup.
This isn't strictly related to the root zone, but the root zone has quite a few name servers, which increases the chances of encountering a `;; BADCOOKIE, retrying.` situation.
I'm preparing an MR with a fix and a more detailed description of the bug.September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3463Empty JSON in POST request causes connection die in BIND >= 9.182022-08-26T13:17:56ZSlawek FigielEmpty JSON in POST request causes connection die in BIND >= 9.18### Summary
We send an HTTP request to the BIND9 statistics endpoint (`/json/v1`). The request uses the POST method and contains empty JSON (`{}`) in the body. We re-use the HTTP connection between requests.
The problem starts occurrin...### Summary
We send an HTTP request to the BIND9 statistics endpoint (`/json/v1`). The request uses the POST method and contains empty JSON (`{}`) in the body. We re-use the HTTP connection between requests.
The problem starts occurring from the BIND 9.18 version. Every second request is refused. In previous BIND9 versions (tested on 9.16 and 9.11) worked well.
An external user initially reported the issue in [the Stork repository](https://gitlab.isc.org/isc-projects/stork/-/issues/798).
### BIND version used
We use BIND 9.18 inside [the official Docker container](https://hub.docker.com/r/internetsystemsconsortium/bind9).
### Steps to reproduce
The issue isn't related to the Stork code and can be reproduced using `curl`:
`curl -v -d '{}' -o/dev/null http://127.0.0.1:80/json/v1 -o/dev/null http://127.0.0.1:80/json/v1`
This command sends two requests to the statistics endpoint, re-using the same connection. The request body is an empty JSON. It implies the POST method. The request passes and returns HTTP 200 OK status. The second causes the connection to die. The `curl` recreates the connection and retry that finishes with success.
### What is the current *bug* behavior?
Every second request to BIND9 fails.
### What is the expected *correct* behavior?
BIND9 should accept every request as in the previous versions, or the documentation should contain a definition of the valid request.
### Relevant configuration files
`named.conf` content:
```
include "/etc/bind/rndc.key";
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
controls {
inet 127.0.0.1 allow { localhost; };
};
statistics-channels {
inet 127.0.0.1 port 80 allow { 127.0.0.1; };
};
zone "test" {
type master;
allow-transfer { any; };
zone-statistics full;
file "/etc/bind/db.test";
};
```
`db.test`` content:
```
test. 604800 IN SOA test. root.test. 1 604800 86400 2419200 604800
test. 604800 IN NS test.
test. 604800 IN A 127.0.0.1
test. 604800 IN AAAA ::1
```
### Relevant logs and/or screenshots
The output of the command described in the "Steps to reproduce" section:
```
# curl -v -d '{}' -o/dev/null http://127.0.0.1:80/json/v1 -o/dev/null http://127.0.0.1:80/json/v1
* Trying 127.0.0.1:80...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> POST /json/v1 HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.81.0
> Accept: */*
> Content-Length: 2
> Content-Type: application/x-www-form-urlencoded
>
} [2 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: application/json
< Date: Mon, 04 Jul 2022 07:09:27 GMT
< Expires: Mon, 04 Jul 2022 07:09:27 GMT
< Last-Modified: Mon, 04 Jul 2022 07:09:27 GMT
< Pragma: no-cache
< Cache-Control: no-cache
< Server: libisc
< Content-Length: 58431
<
{ [11824 bytes data]
100 58433 100 58431 100 2 21.7M 782 --:--:-- --:--:-- --:--:-- 27.8M
* Connection #0 to host 127.0.0.1 left intact
* Found bundle for host 127.0.0.1: 0x5568a154fec0 [serially]
* Can not multiplex, even if we wanted to!
* Re-using existing connection! (#0) with host 127.0.0.1
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0> POST /json/v1 HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.81.0
> Accept: */*
> Content-Length: 2
> Content-Type: application/x-www-form-urlencoded
>
} [2 bytes data]
* Connection died, retrying a fresh connect (retry count: 1)
^^^^^^^^^^^^^^^^^^^^^ SECOND REQUEST DIES ^^^^^^^^^^^^^^^^^^^^^
100 2 0 0 100 2 0 1282 --:--:-- --:--:-- --:--:-- 2000
* Closing connection 0
* Issue another request to this URL: 'http://127.0.0.1:80/json/v1'
* Hostname 127.0.0.1 was found in DNS cache
* Trying 127.0.0.1:80...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#1)
> POST /json/v1 HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.81.0
> Accept: */*
> Content-Length: 2
> Content-Type: application/x-www-form-urlencoded
>
} [2 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: application/json
< Date: Mon, 04 Jul 2022 07:09:27 GMT
< Expires: Mon, 04 Jul 2022 07:09:27 GMT
< Last-Modified: Mon, 04 Jul 2022 07:09:27 GMT
< Pragma: no-cache
< Cache-Control: no-cache
< Server: libisc
< Content-Length: 58431
<
{ [35984 bytes data]
100 58433 100 58431 100 2 11.4M 409 --:--:-- --:--:-- --:--:-- 11.4M
* Connection #1 to host 127.0.0.1 left intact
```
### Possible fixes
The requests with the empty bodies are accepted correctly with both POST and GET methods.September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3459RRL wildcard special-case strips only a single label2022-09-21T11:34:33ZPeter DaviesRRL wildcard special-case strips only a single labelThe following received by Security Officer:
I think I've found a bug in the request-rate limiting logic. The issue
is that the RRL logic for wildcard domains strips exactly 1 label from
the domain.
The idea is that a million u...The following received by Security Officer:
I think I've found a bug in the request-rate limiting logic. The issue
is that the RRL logic for wildcard domains strips exactly 1 label from
the domain.
The idea is that a million unique queries with one src addr for
*.example.com should be treated as a million identical queries for
example.com (triggering the RRL).
However, *.example.com will match any.number.of.labels.example.com, so
stripping a single label is insufficient. An attacker who can spoof
their source IP is able to send a million queries of
x.$UNIQUE.example.com, the RRL strips the x, and sees a million unique
queries still.
Is there a flag somewhere that limits wildcards to matching a single
label? If not, this seems like a security issue because it opens any
authoritative name server with a wildcard record to be hijacked for
reflection attacks.
I've verified the bug exists with the latest development version of bind
available on isc.org (9.19.2).
For reproducing, I've included a query.c file that will run 100 queries
against a nameserver. Read the source code or compile it and run it
without arguments for details on using it.
But if you have a local bind server serving a *.example.com record, you
can reproduce the behavior by running:
```
# the $ means "make this label always unique"
./query $.example.com
```
which will hang after hitting the RRL limit, and then running
```
./query x.$.example.com
```
which will finish all 100 queries without issue.[query.c](/uploads/ba6f80b4e92ab4dec500d1f40cc886b6/query.c)September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3458Reintroduce testing with --without-cmocka and --without-gssapi2022-09-06T08:38:33ZMichal NowakReintroduce testing with --without-cmocka and --without-gssapiWith Debian 9 removal (aa86a8bcf0aaa25f678cf0fcd22050e8ce084227) we lost building with `--without-cmocka` and `--without-gssapi` `./configure` options. It hasn't been explicitly discussed in isc-projects/bind9#3408 or isc-projects/bind9!...With Debian 9 removal (aa86a8bcf0aaa25f678cf0fcd22050e8ce084227) we lost building with `--without-cmocka` and `--without-gssapi` `./configure` options. It hasn't been explicitly discussed in isc-projects/bind9#3408 or isc-projects/bind9!6486.
An inadvertent change, @pspacek?September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3425ThreadSanitizer: data race lib/dns/adb.c:3509:2 in dump_entry2022-09-06T09:02:31ZTom KrizekThreadSanitizer: data race lib/dns/adb.c:3509:2 in dump_entryTest `system:clang:tsan`/`fetchlimit` ([job #2602753](https://gitlab.isc.org/isc-projects/bind9/-/jobs/2602753)) failed for `v9_18`.
I encountered this during an attempted clang update to version `14.0.6-++20220622053050+f28c006a5895-1~...Test `system:clang:tsan`/`fetchlimit` ([job #2602753](https://gitlab.isc.org/isc-projects/bind9/-/jobs/2602753)) failed for `v9_18`.
I encountered this during an attempted clang update to version `14.0.6-++20220622053050+f28c006a5895-1~exp1~20220622173135.152` (from version `14.0.5-++20220610033153+c12386ae247c-1~exp1~20220610153237.151` that's currently in CI).
```
WARNING: ThreadSanitizer: data race
Read of size 4 at 0x000000000001 by thread T1 (mutexes: write M2, write M2):
#0 dump_entry lib/dns/adb.c:3509:2 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#1 print_namehook_list lib/dns/adb.c:3623:3 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#2 dump_adb lib/dns/adb.c:3448:4
#3 dns_adb_dump lib/dns/adb.c:3364:2
#4 dumpdone bin/named/server.c:11643:4 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#5 named_server_dumpdb bin/named/server.c (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#6 named_control_docommand bin/named/control.c:217:3 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#7 control_command bin/named/controlconf.c:391:17 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#8 task_run lib/isc/task.c:821:5 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#9 isc_task_run lib/isc/task.c:901:10
#10 isc__nm_async_task lib/isc/netmgr/netmgr.c:834:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#11 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#12 process_queue lib/isc/netmgr/netmgr.c:998:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#13 process_all_queues lib/isc/netmgr/netmgr.c:753:25 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#14 async_cb lib/isc/netmgr/netmgr.c:782:6
#15 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#16 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Previous write of size 4 at 0x000000000001 by thread T2 (mutexes: write M3):
#0 adjustsrtt lib/dns/adb.c:4166:20 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#1 dns_adb_adjustsrtt lib/dns/adb.c:4126:2
#2 fctx_cancelquery lib/dns/resolver.c:1413:3 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#3 rctx_done lib/dns/resolver.c:9822:2 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#4 rctx_timedout lib/dns/resolver.c:8123:3 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#5 resquery_response lib/dns/resolver.c:7611:11
#6 udp_recv lib/dns/dispatch.c:593:3 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#7 isc__nm_async_readcb lib/isc/netmgr/netmgr.c:2788:2 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#8 isc__nm_readcb lib/isc/netmgr/netmgr.c:2761:3 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#9 isc__nmsocket_readtimeout_cb lib/isc/netmgr/netmgr.c:2064:4 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#10 uv__run_timers /usr/src/libuv-v1.44.1/src/timer.c:178:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#11 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Location is heap block of size 280 at 0x000000000024 allocated by thread T3:
#0 malloc <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 mallocx lib/isc/./jemalloc_shim.h:35:10 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 mem_get lib/isc/mem.c:344:8
#3 isc__mem_get lib/isc/mem.c:759:8
#4 new_adbentry lib/dns/adb.c:1828:6 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#5 import_rdataset lib/dns/adb.c:945:12 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#6 fetch_callback lib/dns/adb.c:3970:11 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#7 task_run lib/isc/task.c:821:5 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#8 isc_task_run lib/isc/task.c:901:10
#9 isc__nm_async_task lib/isc/netmgr/netmgr.c:834:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#10 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#11 process_queue lib/isc/netmgr/netmgr.c:998:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#12 process_all_queues lib/isc/netmgr/netmgr.c:753:25 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#13 async_cb lib/isc/netmgr/netmgr.c:782:6
#14 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#15 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Mutex M3 (0x000000000030) created at:
#0 pthread_mutex_init <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 isc__mutex_init lib/isc/mutex.c:52:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 dns_adb_create lib/dns/adb.c:2592:2 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#3 dns_view_createresolver lib/dns/view.c:844:11 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#4 configure_view bin/named/server.c:4773:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#5 load_configuration bin/named/server.c:9336:3 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#6 run_server bin/named/server.c:10048:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#7 task_run lib/isc/task.c:821:5 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#8 isc_task_run lib/isc/task.c:901:10
#9 isc__nm_async_task lib/isc/netmgr/netmgr.c:834:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#10 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#11 process_queue lib/isc/netmgr/netmgr.c:998:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#12 process_all_queues lib/isc/netmgr/netmgr.c:753:25 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#13 async_cb lib/isc/netmgr/netmgr.c:782:6
#14 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#15 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Mutex M3 (0x000000000038) created at:
#0 pthread_mutex_init <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 isc__mutex_init lib/isc/mutex.c:52:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 isc_mutexblock_init lib/isc/mutexblock.c:24:3 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#3 dns_adb_create lib/dns/adb.c:2626:2 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#4 dns_view_createresolver lib/dns/view.c:844:11 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#5 configure_view bin/named/server.c:4773:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#6 load_configuration bin/named/server.c:9336:3 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#7 run_server bin/named/server.c:10048:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#8 task_run lib/isc/task.c:821:5 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#9 isc_task_run lib/isc/task.c:901:10
#10 isc__nm_async_task lib/isc/netmgr/netmgr.c:834:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#11 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#12 process_queue lib/isc/netmgr/netmgr.c:998:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#13 process_all_queues lib/isc/netmgr/netmgr.c:753:25 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#14 async_cb lib/isc/netmgr/netmgr.c:782:6
#15 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#16 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Mutex M3 (0x000000000041) created at:
#0 pthread_mutex_init <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 isc__mutex_init lib/isc/mutex.c:52:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 isc_mutexblock_init lib/isc/mutexblock.c:24:3 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#3 dns_adb_create lib/dns/adb.c:2642:2 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#4 dns_view_createresolver lib/dns/view.c:844:11 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#5 configure_view bin/named/server.c:4773:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#6 load_configuration bin/named/server.c:9336:3 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#7 run_server bin/named/server.c:10048:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#8 task_run lib/isc/task.c:821:5 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#9 isc_task_run lib/isc/task.c:901:10
#10 isc__nm_async_task lib/isc/netmgr/netmgr.c:834:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#11 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#12 process_queue lib/isc/netmgr/netmgr.c:998:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#13 process_all_queues lib/isc/netmgr/netmgr.c:753:25 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#14 async_cb lib/isc/netmgr/netmgr.c:782:6
#15 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#16 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Thread T1 (running) created by main thread at:
#0 pthread_create <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 isc_thread_create lib/isc/thread.c:81:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:311:3 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#3 isc_managers_create lib/isc/managers.c:31:2 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#4 create_managers bin/named/main.c:925:11 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#5 setup bin/named/main.c:1189:11
#6 main bin/named/main.c:1457:2
Thread T2 (running) created by main thread at:
#0 pthread_create <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 isc_thread_create lib/isc/thread.c:81:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:311:3 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#3 isc_managers_create lib/isc/managers.c:31:2 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#4 create_managers bin/named/main.c:925:11 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#5 setup bin/named/main.c:1189:11
#6 main bin/named/main.c:1457:2
Thread T3 (running) created by main thread at:
#0 pthread_create <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 isc_thread_create lib/isc/thread.c:81:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:311:3 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#3 isc_managers_create lib/isc/managers.c:31:2 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#4 create_managers bin/named/main.c:925:11 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#5 setup bin/named/main.c:1189:11
#6 main bin/named/main.c:1457:2
SUMMARY: ThreadSanitizer: data race lib/dns/adb.c:3509:2 in dump_entry
```September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/issues/3424ThreadSanitizer: data race lib/dns/adb.c:4320:23 in dns_adb_timeout2022-09-06T09:02:29ZTom KrizekThreadSanitizer: data race lib/dns/adb.c:4320:23 in dns_adb_timeoutTest `system:clang:tsan`/`fetchlimit` ([job #2602753](https://gitlab.isc.org/isc-projects/bind9/-/jobs/2602753)) failed for `v9_18`.
I encountered this during an attempted clang update to version `14.0.6-++20220622053050+f28c006a5895-1~...Test `system:clang:tsan`/`fetchlimit` ([job #2602753](https://gitlab.isc.org/isc-projects/bind9/-/jobs/2602753)) failed for `v9_18`.
I encountered this during an attempted clang update to version `14.0.6-++20220622053050+f28c006a5895-1~exp1~20220622173135.152` (from version `14.0.5-++20220610033153+c12386ae247c-1~exp1~20220610153237.151` that's currently in CI).
```
WARNING: ThreadSanitizer: data race
Write of size 1 at 0x000000000001 by thread T1 (mutexes: write M1):
#0 dns_adb_timeout lib/dns/adb.c:4320:23 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#1 update_edns_stats lib/dns/resolver.c:1263:3 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#2 fctx_cancelquery lib/dns/resolver.c:1357:4
#3 rctx_done lib/dns/resolver.c:9822:2 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#4 rctx_timedout lib/dns/resolver.c:8123:3 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#5 resquery_response lib/dns/resolver.c:7611:11
#6 udp_recv lib/dns/dispatch.c:593:3 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#7 isc__nm_async_readcb lib/isc/netmgr/netmgr.c:2788:2 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#8 isc__nm_readcb lib/isc/netmgr/netmgr.c:2761:3 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#9 isc__nmsocket_readtimeout_cb lib/isc/netmgr/netmgr.c:2064:4 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#10 uv__run_timers /usr/src/libuv-v1.44.1/src/timer.c:178:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#11 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Previous read of size 1 at 0x000000000001 by thread T2 (mutexes: write M3, write M3):
#0 dump_entry lib/dns/adb.c:3509:2 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#1 print_namehook_list lib/dns/adb.c:3623:3 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#2 dump_adb lib/dns/adb.c:3448:4
#3 dns_adb_dump lib/dns/adb.c:3364:2
#4 dumpdone bin/named/server.c:11643:4 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#5 named_server_dumpdb bin/named/server.c (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#6 named_control_docommand bin/named/control.c:217:3 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#7 control_command bin/named/controlconf.c:391:17 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#8 task_run lib/isc/task.c:821:5 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#9 isc_task_run lib/isc/task.c:901:10
#10 isc__nm_async_task lib/isc/netmgr/netmgr.c:834:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#11 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#12 process_queue lib/isc/netmgr/netmgr.c:998:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#13 process_all_queues lib/isc/netmgr/netmgr.c:753:25 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#14 async_cb lib/isc/netmgr/netmgr.c:782:6
#15 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#16 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Location is heap block of size 280 at 0x000000000024 allocated by thread T2:
#0 malloc <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 mallocx lib/isc/./jemalloc_shim.h:35:10 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 mem_get lib/isc/mem.c:344:8
#3 isc__mem_get lib/isc/mem.c:759:8
#4 new_adbentry lib/dns/adb.c:1828:6 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#5 import_rdataset lib/dns/adb.c:945:12 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#6 fetch_callback lib/dns/adb.c:3970:11 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#7 task_run lib/isc/task.c:821:5 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#8 isc_task_run lib/isc/task.c:901:10
#9 isc__nm_async_task lib/isc/netmgr/netmgr.c:834:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#10 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#11 process_queue lib/isc/netmgr/netmgr.c:998:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#12 process_all_queues lib/isc/netmgr/netmgr.c:753:25 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#13 async_cb lib/isc/netmgr/netmgr.c:782:6
#14 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#15 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Mutex M3 (0x000000000030) created at:
#0 pthread_mutex_init <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 isc__mutex_init lib/isc/mutex.c:52:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 isc_mutexblock_init lib/isc/mutexblock.c:24:3 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#3 dns_adb_create lib/dns/adb.c:2642:2 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#4 dns_view_createresolver lib/dns/view.c:844:11 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#5 configure_view bin/named/server.c:4773:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#6 load_configuration bin/named/server.c:9336:3 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#7 run_server bin/named/server.c:10048:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#8 task_run lib/isc/task.c:821:5 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#9 isc_task_run lib/isc/task.c:901:10
#10 isc__nm_async_task lib/isc/netmgr/netmgr.c:834:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#11 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#12 process_queue lib/isc/netmgr/netmgr.c:998:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#13 process_all_queues lib/isc/netmgr/netmgr.c:753:25 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#14 async_cb lib/isc/netmgr/netmgr.c:782:6
#15 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#16 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Mutex M3 (0x000000000039) created at:
#0 pthread_mutex_init <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 isc__mutex_init lib/isc/mutex.c:52:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 dns_adb_create lib/dns/adb.c:2592:2 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#3 dns_view_createresolver lib/dns/view.c:844:11 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#4 configure_view bin/named/server.c:4773:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#5 load_configuration bin/named/server.c:9336:3 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#6 run_server bin/named/server.c:10048:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#7 task_run lib/isc/task.c:821:5 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#8 isc_task_run lib/isc/task.c:901:10
#9 isc__nm_async_task lib/isc/netmgr/netmgr.c:834:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#10 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#11 process_queue lib/isc/netmgr/netmgr.c:998:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#12 process_all_queues lib/isc/netmgr/netmgr.c:753:25 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#13 async_cb lib/isc/netmgr/netmgr.c:782:6
#14 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#15 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Mutex M3 (0x000000000041) created at:
#0 pthread_mutex_init <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 isc__mutex_init lib/isc/mutex.c:52:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 isc_mutexblock_init lib/isc/mutexblock.c:24:3 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#3 dns_adb_create lib/dns/adb.c:2626:2 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#4 dns_view_createresolver lib/dns/view.c:844:11 (BuildId: eceb8edd9aed511f6e4a029347f576b4a7ccfe7b)
#5 configure_view bin/named/server.c:4773:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#6 load_configuration bin/named/server.c:9336:3 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#7 run_server bin/named/server.c:10048:2 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#8 task_run lib/isc/task.c:821:5 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#9 isc_task_run lib/isc/task.c:901:10
#10 isc__nm_async_task lib/isc/netmgr/netmgr.c:834:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#11 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#12 process_queue lib/isc/netmgr/netmgr.c:998:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#13 process_all_queues lib/isc/netmgr/netmgr.c:753:25 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#14 async_cb lib/isc/netmgr/netmgr.c:782:6
#15 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#16 isc__trampoline_run lib/isc/trampoline.c:189:11 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
Thread T2 (running) created by main thread at:
#0 pthread_create <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 isc_thread_create lib/isc/thread.c:81:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:311:3 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#3 isc_managers_create lib/isc/managers.c:31:2 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#4 create_managers bin/named/main.c:925:11 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#5 setup bin/named/main.c:1189:11
#6 main bin/named/main.c:1457:2
Thread T2 (running) created by main thread at:
#0 pthread_create <null> (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#1 isc_thread_create lib/isc/thread.c:81:8 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:311:3 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#3 isc_managers_create lib/isc/managers.c:31:2 (BuildId: 2cc4193627d6055c0448e9780e5aeffcf21be151)
#4 create_managers bin/named/main.c:925:11 (BuildId: 9a5d6ed49c2850712bc2b880dbcd672b96adabdf)
#5 setup bin/named/main.c:1189:11
#6 main bin/named/main.c:1457:2
SUMMARY: ThreadSanitizer: data race lib/dns/adb.c:4320:23 in dns_adb_timeout
```September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/issues/3394[CVE-2022-2795] Processing large delegations may severely degrade resolver pe...2023-11-15T08:47:02ZYehuda Afek[CVE-2022-2795] Processing large delegations may severely degrade resolver performance### CVE-specific actions
- [x] [Assign a CVE identifier](#note_306871)
- [x] [Determine CVSS score](#note_306873)
- [x] [Determine the range of BIND versions affected (including the Subscription Edition)](#note_306877)
- [x] [De...### CVE-specific actions
- [x] [Assign a CVE identifier](#note_306871)
- [x] [Determine CVSS score](#note_306873)
- [x] [Determine the range of BIND versions affected (including the Subscription Edition)](#note_306877)
- [x] [Determine whether workarounds for the problem exists](#note_306880)
- [x] [Create a draft of the security advisory and put the information above in there](https://portal.document360.io/956e37e2-5ec0-4942-8b27-35533899f099/document/v1/view/802f6c03-dbcc-438b-a252-b5ee436c1b03)
- [x] Prepare a detailed description of the problem which should include the following by default:
- [instructions for reproducing the problem (a system test is good enough)](isc-private/bind9!430)
- [explanation of code flow which triggers the problem (a system test is *not* good enough)](#note_306898)
- [x] Prepare a private merge request containing the following items in separate commits:
- [a test for the issue (may be moved to a separate merge request for deferred merging)](isc-private/bind9!430)
- [a fix for the issue](isc-private/bind9!431)
- [documentation updates (`CHANGES`, release notes, anything else applicable)](isc-private/bind9!431)
- [x] Ensure the merge request from the previous step is reviewed by SWENG staff and has no outstanding discussions
- [x] Ensure the documentation changes introduced by the merge request addressing the problem are reviewed by Support and Marketing staff
- [x] Prepare backports of the merge request addressing the problem for all affected (and still maintained) BIND branches (backporting might affect the issue's scope and/or description)
- [x] Prepare a standalone patch for the last stable release of each affected (and still maintained) BIND branch
### Release-specific actions
- [x] Create/update the private issue containing links to fixes & reproducers for all CVEs fixed in a given release cycle
- [x] Reserve a block of `CHANGES` placeholders once the complete set of vulnerabilities fixed in a given release cycle is determined
- [x] Ensure the merge requests containing CVE fixes are merged into `security-*` branches in CVE identifier order
### Post-disclosure actions
- [x] Merge a regression test reproducing the bug into all affected (and still maintained) BIND branches
---
### Paper
[NXRedirect_-_Attack_Complexity_DDoS_attack_on_DNS_Recursive_Resolvers_WithNames.pdf](/uploads/87d6de4ff8e9372614249ac1affbe9bd/NXRedirect_-_Attack_Complexity_DDoS_attack_on_DNS_Recursive_Resolvers_WithNames.pdf)sSeptember 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3385Explicit inline-signing for dnssec-policy2023-08-09T12:48:26ZMatthijs Mekkingmatthijs@isc.orgExplicit inline-signing for dnssec-policyHaving implicit `inline-signing` set for `dnssec-policy` when there is no update policy is confusing, so lets make this explicit.Having implicit `inline-signing` set for `dnssec-policy` when there is no update policy is confusing, so lets make this explicit.September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/3381zone with dnssec-policy breaks when you add update-policy to it2023-08-09T12:48:25Zelmaimbozone with dnssec-policy breaks when you add update-policy to it### Summary
I have a zone which is configured with a `dnssec-policy`, which has been working fine for a long time. Then yesterday I added an `update-policy` stanza to the zone. The reason for doing this was to allow certbot to use DNS01...### Summary
I have a zone which is configured with a `dnssec-policy`, which has been working fine for a long time. Then yesterday I added an `update-policy` stanza to the zone. The reason for doing this was to allow certbot to use DNS01 challenge to issue a letsencrypt certificate. After I did this I discovered that replication from the primary to the secondary servers for the zone had stopped working.
On investigation I discovered that the zone SOA serial number on the primary server had gone backwards, and this was the reason why the zone had stopped replicating.
Before adding the `update-policy` stanza, the files in /var/lib/bind were as follows. (NB: I don't remember the exact SOA serial numbers so I've made up SOA serial numbers and zone name for illustrative purposes.)
- db.example.com (hard-link to my original zone file with SOA serial=2022010101)
- db.example.com.jbk
- db.example.com.jnl
- db.example.com.signed (signed version of my zone file, with SOA serial=2022010180 - i.e. much greater than original)
- db.example.com.signed.jnl
After adding the `update-policy` stanza, the db.example.com file had changed:
- db.example.com (no longer a hard-link, but now a _signed_ version of my original zone file with SOA serial=2022010120 - i.e. greater than my original zone file but less than the SOA serial number in db.example.com.signed)
The other files were still there, although I didn't notice which of them had changed. In trying to get everything working I stopped named.service, deleted all of the files above and recreated the hard-link to the original file, and also deleted the contents of /var/cache/bind, then started named.service again, and after that I discovered that the .signed files hadn't been recreated. So I was left with:
- db.example.com (_signed_ version of my original zone file with SOA serial greater than my original zone file but less than what the SOA serial number in db.example.com.signed had been)
- db.example.com.jnl
I managed to fix the problem by removing the `update-policy` from the zone, and repeating the steps above (i.e. stopped named.service, deleted all of the files above and recreated the hard-link to the original file, and also deleted the contents of /var/cache/bind, then started named.service again).
### BIND version used
```
BIND 9.18.1-1ubuntu1.1-Ubuntu (Stable Release) <id:>
running on Linux x86_64 5.15.0-33-generic #34-Ubuntu SMP Wed May 18 13:34:26 UTC 2022
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-IeZYTB/bind9-9.18.1=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 11.2.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.43.0
linked to libuv version: 1.43.0
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
threads support is enabled
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
1. Create zone with `dnssec-policy`, and make sure it is working fine (i.e. without `update-policy`).
2. If possible resign the zone a few times to cause the SOA serial number in the signed version of the zone to be significantly higher than the original zone file.
3. Use `dig` to query the SOA for the zone.
4. Add `update-policy` to the zone. For example:
```
update-policy {
grant keyname name _acme-challenge.example.com. TXT;
};
```
5. Apply the changes by running `rndc reload`.
6. Use `dig` to query the SOA for the zone. You should find that the SOA has gone backwards from step 3.
### What is the current *bug* behavior?
The zone SOA serial number has gone backwards.
The original zone file has been replaced by a file containing RRSIG records, etc.
The .signed files are no longer used.
### What is the expected *correct* behavior?
I'm not too sure what the correct behaviour should be? Some options might be:
- Leave the original zone file intact, and apply dynamic updates to the .signed file?
- Treat this condition (i.e. using dnssec-policy and update-policy together) as an error?
### Relevant configuration files
```
dnssec-policy kskrsa-zskrsa {
keys {
ksk lifetime unlimited algorithm rsasha256 2048;
zsk lifetime unlimited algorithm rsasha256 2048;
};
nsec3param iterations 0 optout no salt-length 0;
};
zone "example.com" {
type primary;
file "/var/lib/bind/db.example.com";
dnssec-policy kskrsa-zskrsa;
notify explicit;
also-notify { ...; };
allow-transfer { ...; };
allow-query { any; };
#update-policy {
# grant certbot name _acme-challenge.example.com. TXT;
#};
};
```
### Relevant logs and/or screenshots
Sorry I don't know exactly what happened when, so it is difficult to find relevant logs.
### Possible fixes
It is likely that what I was trying to do was a silly idea. And in fact I'm going to find another way to achieve this, such as creating a CNAME that references an unsigned dynamic zone?
However I thought I should report this as a bug because even if someone does something silly like this, I don't think it should have the impact that it did?
As a final note I feel that this is (at least in part) related to issue #1709 which discusses inline signing and dynamic zones, although TBH I didn't understand all the discussion.September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/3348OPENSSL_init_ssl() fails on Fedora 362022-09-06T08:39:16ZMichal NowakOPENSSL_init_ssl() fails on Fedora 36`OPENSSL_init_ssl()` fails on Fedora 36 (`main`):
```
tls.c:87: fatal error: RUNTIME_CHECK(OPENSSL_init_ssl((0x00000200L | 0x00000400L | 0x00001000L | 0x00002000L | 0x00004000L) | 0x00000040L, ((void *)0)) == 1) failed
```
I originally t...`OPENSSL_init_ssl()` fails on Fedora 36 (`main`):
```
tls.c:87: fatal error: RUNTIME_CHECK(OPENSSL_init_ssl((0x00000200L | 0x00000400L | 0x00001000L | 0x00002000L | 0x00004000L) | 0x00000040L, ((void *)0)) == 1) failed
```
I originally though this is sanitizer problem because Fedora in our CI is used only for ASAN/TSAN and stress test jobs, but I added [vanilla Fedora 36 jobs](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6297/diffs?commit_id=8aced51932722c33add9ed261a77c1ee684ee063) and they [fail](https://gitlab.isc.org/isc-projects/bind9/-/jobs/2508348) nevertheless (same with system tests).
Can't reproduce it locally, even with the `fedora-36-amd64` staging image - test binary which fails in CI, works in my local container.
<details><summary>aes_test.log</summary>
```
tls.c:87: fatal error: RUNTIME_CHECK(OPENSSL_init_ssl((0x00000200L | 0x00000400L | 0x00001000L | 0x00002000L | 0x00004000L) | 0x00000040L, ((void *)0)) == 1) failed
./../../unit-test-driver.sh: line 36: 2805 Aborted (core dumped) "${TEST_PROGRAM}"
I:aes_test:Core dump found: ./core.2805
D:aes_test:backtrace from ./core.2805 start
[New LWP 2805]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/builds/isc-projects/bind9/lib/isc/tests/.libs/aes_test'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007fafa9fd6aec in __pthread_kill_implementation () from /lib64/libc.so.6
Thread 1 (Thread 0x7fafa94b4140 (LWP 2805)):
#0 0x00007fafa9fd6aec in __pthread_kill_implementation () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007fafa9f869c6 in raise () from /lib64/libc.so.6
No symbol table info available.
#2 0x00007fafa9f7082f in abort () from /lib64/libc.so.6
No symbol table info available.
#3 0x00007fafaa191544 in isc_error_fatal (file=file@entry=0x7fafaa1ce095 "tls.c", line=line@entry=87, format=format@entry=0x7fafaa1c49f1 "RUNTIME_CHECK(%s) failed") at error.c:70
args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7ffe156c4ff0, reg_save_area = 0x7ffe156c4f30}}
#4 0x00007fafaa19155c in isc_error_runtimecheck (file=file@entry=0x7fafaa1ce095 "tls.c", line=line@entry=87, expression=expression@entry=0x7fafaa1ce378 "OPENSSL_init_ssl((0x00000200L | 0x00000400L | 0x00001000L | 0x00002000L | 0x00004000L) | 0x00000040L, ((void *)0)) == 1") at error.c:75
No locals.
#5 0x00007fafaa1af396 in tls_initialize () at tls.c:87
No locals.
#6 0x00007fafa9fd9cd8 in __pthread_once_slow () from /lib64/libc.so.6
No symbol table info available.
#7 0x00007fafaa1af5d0 in isc__tls_initialize () at tls.c:136
result = <optimized out>
#8 0x00007fafaa199a7a in isc__initialize () at lib.c:45
No locals.
#9 0x00007fafaa6ecf7e in call_init (env=0x7ffe156c5138, argv=0x7ffe156c5128, argc=1, l=<optimized out>) at dl-init.c:70
j = 0
jm = <optimized out>
addrs = <optimized out>
init_array = <optimized out>
__PRETTY_FUNCTION__ = "call_init"
init_array = <optimized out>
j = <optimized out>
jm = <optimized out>
addrs = <optimized out>
#10 call_init (l=<optimized out>, argc=1, argv=0x7ffe156c5128, env=0x7ffe156c5138) at dl-init.c:26
init_array = <optimized out>
__PRETTY_FUNCTION__ = "call_init"
j = <optimized out>
jm = <optimized out>
addrs = <optimized out>
#11 0x00007fafaa6ed06c in _dl_init (main_map=0x7fafaa71f2a0, argc=1, argv=0x7ffe156c5128, env=0x7ffe156c5138) at dl-init.c:117
preinit_array = <optimized out>
preinit_array_size = <optimized out>
i = <optimized out>
#12 0x00007fafaa704e6a in _dl_start_user () from /lib64/ld-linux-x86-64.so.2
_dl_rtld_libname = {name = 0x400318 "/lib64/ld-linux-x86-64.so.2", next = 0x7fafaa71f1f0 <newname>, dont_free = 0}
tls_init_tp_called = true
DL_LOOKUP_GSCOPE_LOCK = DL_LOOKUP_GSCOPE_LOCK
relocate_time = 1874146
DL_LOOKUP_RETURN_NEWEST = DL_LOOKUP_RETURN_NEWEST
DL_LOOKUP_FOR_RELOCATE = DL_LOOKUP_FOR_RELOCATE
_dl_rtld_libname2 = {name = 0x0, next = 0x0, dont_free = 0}
DL_LOOKUP_ADD_DEPENDENCY = DL_LOOKUP_ADD_DEPENDENCY
start_time = 95800059371580934
load_time = 1204282
lc_property_unknown = lc_property_unknown
lt_executable = lt_executable
lt_library = lt_library
lc_property_none = lc_property_none
lt_loaded = lt_loaded
lc_property_valid = lc_property_valid
arch_kind_zhaoxin = arch_kind_zhaoxin
arch_kind_unknown = arch_kind_unknown
arch_kind_intel = arch_kind_intel
arch_kind_other = arch_kind_other
dso_sort_algorithm_original = dso_sort_algorithm_original
arch_kind_amd = arch_kind_amd
dso_sort_algorithm_dfs = dso_sort_algorithm_dfs
unknown = unknown
nonexisting = nonexisting
existing = existing
cet_elf_property = cet_elf_property
cet_always_off = cet_always_off
cet_permissive = cet_permissive
cet_always_on = cet_always_on
RT_CONSISTENT = RT_CONSISTENT
RT_DELETE = RT_DELETE
RT_ADD = RT_ADD
TD_EVENTS_ENABLE = TD_EVENTS_ENABLE
_URC_END_OF_STACK = _URC_END_OF_STACK
TD_READY = TD_READY
TD_MIN_EVENT_NUM = TD_READY
_URC_NORMAL_STOP = _URC_NORMAL_STOP
TD_LOCK_TRY = TD_LOCK_TRY
TD_PRI_INHERIT = TD_PRI_INHERIT
_URC_FOREIGN_EXCEPTION_CAUGHT = _URC_FOREIGN_EXCEPTION_CAUGHT
TD_SWITCHTO = TD_SWITCHTO
_URC_CONTINUE_UNWIND = _URC_CONTINUE_UNWIND
TD_SLEEP = TD_SLEEP
TD_SWITCHFROM = TD_SWITCHFROM
TD_CATCHSIG = TD_CATCHSIG
TD_CREATE = TD_CREATE
TD_PREEMPT = TD_PREEMPT
TD_REAP = TD_REAP
TD_CONCURRENCY = TD_CONCURRENCY
_URC_HANDLER_FOUND = _URC_HANDLER_FOUND
TD_ALL_EVENTS = TD_ALL_EVENTS
TD_EVENT_NONE = TD_ALL_EVENTS
TD_IDLE = TD_IDLE
TD_TIMEOUT = TD_TIMEOUT
TD_MAX_EVENT_NUM = TD_TIMEOUT
_URC_FATAL_PHASE1_ERROR = _URC_FATAL_PHASE1_ERROR
TD_DEATH = TD_DEATH
_URC_FATAL_PHASE2_ERROR = _URC_FATAL_PHASE2_ERROR
_URC_INSTALL_CONTEXT = _URC_INSTALL_CONTEXT
_URC_NO_REASON = _URC_NO_REASON
LA_ACT_CONSISTENT = LA_ACT_CONSISTENT
LA_ACT_ADD = LA_ACT_ADD
LA_ACT_DELETE = LA_ACT_DELETE
PTHREAD_MUTEX_TIMED_NP = PTHREAD_MUTEX_TIMED_NP
PTHREAD_MUTEX_RECURSIVE_NP = PTHREAD_MUTEX_RECURSIVE_NP
PTHREAD_MUTEX_ERRORCHECK_NP = PTHREAD_MUTEX_ERRORCHECK_NP
PTHREAD_MUTEX_ADAPTIVE_NP = PTHREAD_MUTEX_ADAPTIVE_NP
PTHREAD_MUTEX_NORMAL = PTHREAD_MUTEX_TIMED_NP
PTHREAD_MUTEX_RECURSIVE = PTHREAD_MUTEX_RECURSIVE_NP
PTHREAD_MUTEX_ERRORCHECK = PTHREAD_MUTEX_ERRORCHECK_NP
PTHREAD_MUTEX_DEFAULT = PTHREAD_MUTEX_TIMED_NP
PTHREAD_MUTEX_FAST_NP = PTHREAD_MUTEX_TIMED_NP
cache_extension_tag_generator = cache_extension_tag_generator
cache_extension_tag_glibc_hwcaps = cache_extension_tag_glibc_hwcaps
cache_extension_count = cache_extension_count
_bitindex_arch_Fast_Rep_String = _bitindex_arch_Fast_Rep_String
_bitindex_arch_Slow_BSF = _bitindex_arch_Slow_BSF
_bitindex_arch_I686 = _bitindex_arch_I686
_bitindex_arch_Prefer_No_VZEROUPPER = _bitindex_arch_Prefer_No_VZEROUPPER
_bitindex_arch_Prefer_ERMS = _bitindex_arch_Prefer_ERMS
_bitindex_arch_Prefer_FSRM = _bitindex_arch_Prefer_FSRM
_bitindex_arch_Avoid_Short_Distance_REP_MOVSB = _bitindex_arch_Avoid_Short_Distance_REP_MOVSB
_bitindex_arch_Prefer_PMINUB_for_stringop = _bitindex_arch_Prefer_PMINUB_for_stringop
_bitindex_arch_Fast_Unaligned_Copy = _bitindex_arch_Fast_Unaligned_Copy
_bitindex_arch_Slow_SSE4_2 = _bitindex_arch_Slow_SSE4_2
_bitindex_arch_MathVec_Prefer_No_AVX512 = _bitindex_arch_MathVec_Prefer_No_AVX512
_bitindex_arch_Fast_Copy_Backward = _bitindex_arch_Fast_Copy_Backward
_bitindex_arch_Fast_Unaligned_Load = _bitindex_arch_Fast_Unaligned_Load
_bitindex_arch_I586 = _bitindex_arch_I586
_bitindex_arch_AVX_Fast_Unaligned_Load = _bitindex_arch_AVX_Fast_Unaligned_Load
_bitindex_arch_Prefer_No_AVX512 = _bitindex_arch_Prefer_No_AVX512
CPUID_INDEX_MAX = CPUID_INDEX_MAX
cpuid_register_index_ebx = cpuid_register_index_ebx
RSEQ_CS_FLAG_NO_RESTART_ON_SIGNAL_BIT = RSEQ_CS_FLAG_NO_RESTART_ON_SIGNAL_BIT
cpuid_register_index_ecx = cpuid_register_index_ecx
RSEQ_CS_FLAG_NO_RESTART_ON_PREEMPT_BIT = RSEQ_CS_FLAG_NO_RESTART_ON_PREEMPT_BIT
cpuid_register_index_eax = cpuid_register_index_eax
cpuid_register_index_edx = cpuid_register_index_edx
PREFERRED_FEATURE_INDEX_1 = PREFERRED_FEATURE_INDEX_1
PREFERRED_FEATURE_INDEX_MAX = PREFERRED_FEATURE_INDEX_MAX
RSEQ_CS_FLAG_NO_RESTART_ON_MIGRATE_BIT = RSEQ_CS_FLAG_NO_RESTART_ON_MIGRATE_BIT
rtld_mode_verify = rtld_mode_verify
rtld_mode_trace = rtld_mode_trace
rtld_mode_list_diagnostics = rtld_mode_list_diagnostics
rtld_mode_help = rtld_mode_help
rtld_mode_normal = rtld_mode_normal
rtld_mode_list = rtld_mode_list
rtld_mode_list_tunables = rtld_mode_list_tunables
CPUID_INDEX_1 = CPUID_INDEX_1
CPUID_INDEX_7 = CPUID_INDEX_7
CPUID_INDEX_80000001 = CPUID_INDEX_80000001
CPUID_INDEX_D_ECX_1 = CPUID_INDEX_D_ECX_1
CPUID_INDEX_80000007 = CPUID_INDEX_80000007
CPUID_INDEX_80000008 = CPUID_INDEX_80000008
CPUID_INDEX_7_ECX_1 = CPUID_INDEX_7_ECX_1
CPUID_INDEX_19 = CPUID_INDEX_19
CPUID_INDEX_14_ECX_0 = CPUID_INDEX_14_ECX_0
__GI__dl_argv = 0x7ffe156c5128
_dl_skip_args = 0
__pointer_chk_guard_local = 5298548975991939973
_rtld_global_ro = {_dl_debug_mask = 0, _dl_osversion = 267179, _dl_platform = 0x7fafaa7121de "haswell", _dl_platformlen = 7, _dl_pagesize = 4096, _dl_minsigstacksize = 1604, _dl_inhibit_cache = 0, _dl_initial_searchlist = {r_list = 0x7fafa95c1bf0, r_nlist = 15}, _dl_clktck = 100, _dl_verbose = 0, _dl_debug_fd = 2, _dl_lazy = 1, _dl_bind_not = 0, _dl_dynamic_weak = 0, _dl_fpu_control = 895, _dl_correct_cache_id = 771, _dl_hwcap = 2, _dl_auxv = 0x7ffe156c5710, _dl_x86_cpu_features = {basic = {kind = arch_kind_intel, max_cpuid = 22, family = 6, model = 158, stepping = 10}, features = {{{cpuid_array = {591594, 68159488, 2147154943, 3219913727}, cpuid = {eax = 591594, ebx = 68159488, ecx = 2147154943, edx = 3219913727}}, {active_array = {0, 0, 2128097795, 394821904}, active = {eax = 0, ebx = 0, ecx = 2128097795, edx = 394821904}}}, {{cpuid_array = {0, 43806651, 0, 2617254912}, cpuid = {eax = 0, ebx = 43806651, ecx = 0, edx = 2617254912}}, {active_array = {0, 9175848, 0, 2048}, active = {eax = 0, ebx = 9175848, ecx = 0, edx = 2048}}}, {{cpuid_array = {0, 0, 289, 739248128}, cpuid = {eax = 0, ebx = 0, ecx = 289, edx = 739248128}}, {active_array = {0, 0, 289, 134217728}, active = {eax = 0, ebx = 0, ecx = 289, edx = 134217728}}}, {{cpuid_array = {15, 960, 256, 0}, cpuid = {eax = 15, ebx = 960, ecx = 256, edx = 0}}, {active_array = {7, 0, 0, 0}, active = {eax = 7, ebx = 0, ecx = 0, edx = 0}}}, {{cpuid_array = {0, 0, 0, 256}, cpuid = {eax = 0, ebx = 0, ecx = 0, edx = 256}}, {active_array = {0, 0, 0, 0}, active = {eax = 0, ebx = 0, ecx = 0, edx = 0}}}, {{cpuid_array = {12327, 0, 0, 0}, cpuid = {eax = 12327, ebx = 0, ecx = 0, edx = 0}}, {active_array = {0, 0, 0, 0}, active = {eax = 0, ebx = 0, ecx = 0, edx = 0}}}, {{cpuid_array = {0, 0, 0, 0}, cpuid = {eax = 0, ebx = 0, ecx = 0, edx = 0}}, {active_array = {0, 0, 0, 0}, active = {eax = 0, ebx = 0, ecx = 0, edx = 0}}}, {{cpuid_array = {0, 0, 0, 0}, cpuid = {eax = 0, ebx = 0, ecx = 0, edx = 0}}, {active_array = {0, 0, 0, 0}, active = {eax = 0, ebx = 0, ecx = 0, edx = 0}}}, {{cpuid_array = {1, 15, 7, 0}, cpuid = {eax = 1, ebx = 15, ecx = 7, edx = 0}}, {active_array = {0, 0, 0, 0}, active = {eax = 0, ebx = 0, ecx = 0, edx = 0}}}}, preferred = {4857}, isa_1 = 7, xsave_state_size = 960, xsave_state_full_size = 1152, data_cache_size = 32768, shared_cache_size = 1048576, non_temporal_threshold = 786432, rep_movsb_threshold = 8192, rep_movsb_stop_threshold = 786432, rep_stosb_threshold = 2048, level1_icache_size = 32768, level1_icache_linesize = 64, level1_dcache_size = 32768, level1_dcache_assoc = 8, level1_dcache_linesize = 64, level2_cache_size = 262144, level2_cache_assoc = 4, level2_cache_linesize = 64, level3_cache_size = 12582912, level3_cache_assoc = 16, level3_cache_linesize = 64, level4_cache_size = 0}, _dl_x86_hwcap_flags = {"sse2\000\000\000\000", "x86_64\000\000", "avx512_1"}, _dl_x86_platforms = {"i586\000\000\000\000", "i686\000\000\000\000", "haswell\000", "xeon_phi"}, _dl_inhibit_rpath = 0x0, _dl_origin_path = 0x0, _dl_use_load_bias = 18446744073709551615, _dl_tls_static_size = 11008, _dl_tls_static_align = 64, _dl_tls_static_surplus = 1664, _dl_profile = 0x0, _dl_profile_output = 0x7fafaa710ec0 "/var/tmp", _dl_trace_prelink = 0x0, _dl_trace_prelink_map = 0x0, _dl_init_all_dirs = 0x7fafaa6e5180, _dl_sysinfo_dso = 0x7ffe15761000, _dl_sysinfo_map = 0x7fafaa71f850, _dl_vdso_clock_gettime64 = 0x7ffe15761a20 <clock_gettime>, _dl_vdso_gettimeofday = 0x7ffe15761d50 <gettimeofday>, _dl_vdso_time = 0x7ffe15761f00 <time>, _dl_vdso_getcpu = 0x7ffe15761f10 <getcpu>, _dl_vdso_clock_getres_time64 = 0x0, _dl_hwcap2 = 0, _dl_dso_sort_algo = dso_sort_algorithm_dfs, _dl_debug_printf = 0x7fafaa6f5c60 <_dl_debug_printf>, _dl_mcount = 0x7fafaa6f6820 <__GI__dl_mcount>, _dl_lookup_symbol_x = 0x7fafaa6f2450 <_dl_lookup_symbol_x>, _dl_open = 0x7fafaa6f44b0 <_dl_open>, _dl_close = 0x7fafaa6ea0d0 <_dl_close>, _dl_catch_error = 0x7fafaa702390 <_rtld_catch_error>, _dl_error_free = 0x7fafaa6eb5f0 <_dl_error_free>, _dl_tls_get_addr_soft = 0x7fafaa6fab00 <_dl_tls_get_addr_soft>, _dl_libc_freeres = 0x7fafaa703060 <__rtld_libc_freeres>, _dl_find_object = 0x7fafaa6ebf40 <__GI__dl_find_object>, _dl_discover_osversion = 0x7fafaa704620 <_dl_discover_osversion>, _dl_dlfcn_hook = 0x0, _dl_audit = 0x0, _dl_naudit = 0}
_dl_argc = 1
_rtld_global = {_dl_ns = {{_ns_loaded = 0x7fafaa71f2a0, _ns_nloaded = 16, _ns_main_searchlist = 0x7fafaa71f560, _ns_global_scope_alloc = 0, _ns_global_scope_pending_adds = 0, libc_map = 0x7fafaa6e5c60, _ns_unique_sym_table = {lock = {mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 1, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 16 times>, "\001", '\000' <repeats 22 times>, __align = 0}}, entries = 0x0, size = 0, n_elements = 0, free = 0x0}, _ns_debug = {base = {r_version = 0, r_map = 0x0, r_brk = 0, r_state = RT_CONSISTENT, r_ldbase = 0}, r_next = 0x0}}, {_ns_loaded = 0x0, _ns_nloaded = 0, _ns_main_searchlist = 0x0, _ns_global_scope_alloc = 0, _ns_global_scope_pending_adds = 0, libc_map = 0x0, _ns_unique_sym_table = {lock = {mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}}, entries = 0x0, size = 0, n_elements = 0, free = 0x0}, _ns_debug = {base = {r_version = 0, r_map = 0x0, r_brk = 0, r_state = RT_CONSISTENT, r_ldbase = 0}, r_next = 0x0}} <repeats 15 times>}, _dl_nns = 1, _dl_load_lock = {mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 1, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 16 times>, "\001", '\000' <repeats 22 times>, __align = 0}}, _dl_load_write_lock = {mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 1, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 16 times>, "\001", '\000' <repeats 22 times>, __align = 0}}, _dl_load_tls_lock = {mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 1, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 16 times>, "\001", '\000' <repeats 22 times>, __align = 0}}, _dl_load_adds = 16, _dl_initfirst = 0x0, _dl_profile_map = 0x0, _dl_num_relocations = 1496, _dl_num_cache_relocations = 24, _dl_all_dirs = 0x7fafaa6e5180, _dl_rtld_map = {l_addr = 140392455368704, l_name = 0x400318 "/lib64/ld-linux-x86-64.so.2", l_ld = 0x7fafaa71de20, l_next = 0x7fafa95c10c0, l_prev = 0x7fafa9e65900, l_real = 0x7fafaa71eab0 <_rtld_local+2736>, l_ns = 0, l_libname = 0x7fafaa71f240 <_dl_rtld_libname>, l_info = {0x0, 0x0, 0x7fafaa71dea0, 0x7fafaa71de90, 0x7fafaa71de30, 0x7fafaa71de50, 0x7fafaa71de60, 0x7fafaa71ded0, 0x7fafaa71dee0, 0x7fafaa71def0, 0x7fafaa71de70, 0x7fafaa71de80, 0x0, 0x0, 0x7fafaa71de20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fafaa71deb0, 0x0, 0x0, 0x7fafaa71dec0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fafaa71df20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fafaa71df10, 0x7fafaa71df00, 0x7fafaa71df30, 0x0, 0x7fafaa71df50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fafaa71df40, 0x0 <repeats 25 times>, 0x7fafaa71de40}, l_phdr = 0x7fafaa6e7040, l_entry = 0, l_phnum = 11, l_ldnum = 0, l_searchlist = {r_list = 0x0, r_nlist = 0}, l_symbolic_searchlist = {r_list = 0x0, r_nlist = 0}, l_loader = 0x0, l_versions = 0x7fafa94b65c0, l_nversions = 8, l_nbuckets = 37, l_gnu_bitmask_idxbits = 3, l_gnu_shift = 8, l_gnu_bitmask = 0x7fafaa6e7460, {l_gnu_buckets = 0x7fafaa6e7480, l_chain = 0x7fafaa6e7480}, {l_gnu_chain_zero = 0x7fafaa6e7510, l_buckets = 0x7fafaa6e7510}, l_direct_opencount = 0, l_type = lt_library, l_relocated = 1, l_init_called = 1, l_global = 1, l_reserved = 0, l_main_map = 0, l_visited = 1, l_map_used = 0, l_map_done = 0, l_phdr_allocated = 0, l_soname_added = 0, l_faked = 0, l_need_tls_init = 0, l_auditing = 0, l_audit_any_plt = 0, l_removed = 0, l_contiguous = 0, l_symbolic_in_local_scope = 0, l_free_initfini = 0, l_ld_readonly = 0, l_find_object_processed = 0, l_nodelete_active = false, l_nodelete_pending = false, l_property = lc_property_unknown, l_x86_feature_1_and = 0, l_x86_isa_1_needed = 0, l_1_needed = 0, l_rpath_dirs = {dirs = 0x0, malloced = 0}, l_reloc_result = 0x0, l_versyms = 0x7fafaa6e7c32, l_origin = 0x0, l_map_start = 140392455368704, l_map_end = 140392455598744, l_text_end = 140392455535173, l_scope_mem = {0x0, 0x0, 0x0, 0x0}, l_scope_max = 0, l_scope = 0x0, l_local_scope = {0x0, 0x0}, l_file_id = {dev = 0, ino = 0}, l_runpath_dirs = {dirs = 0x0, malloced = 0}, l_initfini = 0x0, l_reldeps = 0x0, l_reldepsmax = 0, l_used = 1, l_feature_1 = 0, l_flags_1 = 0, l_flags = 0, l_idx = 0, l_mach = {plt = 0, gotplt = 0, tlsdesc_table = 0x0}, l_lookup_cache = {sym = 0x7fafaa6e78f8, type_class = 1, value = 0x7fafaa6e5c60, ret = 0x7fafa9f4fd70}, l_tls_initimage = 0x0, l_tls_initimage_size = 0, l_tls_blocksize = 0, l_tls_align = 0, l_tls_firstbyte_offset = 0, l_tls_offset = 0, l_tls_modid = 0, l_tls_dtor_count = 0, l_relro_addr = 218528, l_relro_size = 6752, l_serial = 0}, _dl_rtld_auditstate = {{cookie = 0, bindflags = 0} <repeats 16 times>}, _dl_x86_feature_1 = 0, _dl_x86_feature_control = {ibt = cet_elf_property, shstk = cet_elf_property}, _dl_stack_flags = 6, _dl_tls_dtv_gaps = false, _dl_tls_max_dtv_idx = 5, _dl_tls_dtv_slotinfo_list = 0x7fafa94b69a0, _dl_tls_static_nelem = 5, _dl_tls_static_used = 6800, _dl_tls_static_optional = 512, _dl_initial_dtv = 0x7fafa94b4b60, _dl_tls_generation = 1, _dl_scope_free_list = 0x0, _dl_stack_used = {next = 0x7fafaa71f088 <_rtld_local+4232>, prev = 0x7fafaa71f088 <_rtld_local+4232>}, _dl_stack_user = {next = 0x7fafa94b4400, prev = 0x7fafa94b4400}, _dl_stack_cache = {next = 0x7fafaa71f0a8 <_rtld_local+4264>, prev = 0x7fafaa71f0a8 <_rtld_local+4264>}, _dl_stack_cache_actsize = 0, _dl_in_flight_stack = 0, _dl_stack_cache_lock = 0}
#13 0x0000000000000001 in ?? ()
No symbol table info available.
#14 0x00007ffe156c7388 in ?? ()
No symbol table info available.
#15 0x0000000000000000 in ?? ()
No symbol table info available.
D:aes_test:backtrace from ./core.2805 end
FAIL aes_test (exit status: 134)
```
</details>September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2982Resolver failures after stale-answer enabled2023-04-03T08:44:39ZBlažej KrajňákResolver failures after stale-answer enabledToday I got bug reports from our ISP customers. Their browser often
fail at page loading with `DNS_PROBE_FINISHED_NXDOMAIN`. After few
seconds (possibly after browser DNS re-query) page will load correctly. In
Bind9 log I see many of mes...Today I got bug reports from our ISP customers. Their browser often
fail at page loading with `DNS_PROBE_FINISHED_NXDOMAIN`. After few
seconds (possibly after browser DNS re-query) page will load correctly. In
Bind9 log I see many of messages like:
````
Oct 27 11:34:13 srv-snv-production named[576109]: configuration.ls.apple.com resolver failure, stale answer unavailable
Oct 27 11:34:13 srv-snv-production named[576109]: client @0x7fc71806cd58 10.202.42.196#58876 (configuration.ls.apple.com): view clients: query failed (SERVFAIL) for configuration.ls.apple.com/IN/TYPE65 at query.c:5832
Oct 27 11:34:13 srv-snv-production named[576109]: configuration.ls.apple.com resolver failure, stale answer unavailable
Oct 27 11:34:13 srv-snv-production named[576109]: client @0x7fc7180715a8 10.202.42.196#49219 (configuration.ls.apple.com): view clients: query failed (SERVFAIL) for configuration.ls.apple.com/IN/A
at query.c:5832
````
After I turned off `stale-answer-enable`, problem looks to be resolved. I'm
attaching huge debug log of above failures. The problematic query starts at `27-Oct-2021
11:34:13.858`
Linux srv-le-production 5.10.0-9-amd64 #1 SMP Debian 5.10.70-1
(2021-09-30) x86_64 GNU/Linux
bind9/stable,now 1:9.16.15-1 amd64
[bind-debug.log](/uploads/15e0dc054a301e0c47415bdc14325aa4/bind-debug.log)September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/3508Refactor event loop handling2022-09-07T11:21:59ZEvan HuntRefactor event loop handlingRefactor networking, tasks, timers and applications to use a new "loop manager" framework. This will be a front-end to the `uv_loop` API, replacing the old `isc_app` module completely, and will manage worker threads and application start...Refactor networking, tasks, timers and applications to use a new "loop manager" framework. This will be a front-end to the `uv_loop` API, replacing the old `isc_app` module completely, and will manage worker threads and application startup and shutdown.September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)https://gitlab.isc.org/isc-projects/bind9/-/issues/3410RFC 8914 - RPZ extended errors2023-07-11T10:00:20ZMatthijs Mekkingmatthijs@isc.orgRFC 8914 - RPZ extended errorsPer-RPZ-zone configuration to pick EDE code returned for blocked requests configured in a particular RPZ policy:
``none``
No Extended DNS Error code is set (default).
``forged``
Extended DNS Error code 4 - Forged Answer.
``block...Per-RPZ-zone configuration to pick EDE code returned for blocked requests configured in a particular RPZ policy:
``none``
No Extended DNS Error code is set (default).
``forged``
Extended DNS Error code 4 - Forged Answer.
``blocked``
Extended DNS Error code 15 - Blocked.
``censored``
Extended DNS Error code 16 - Censored.
``filtered``
Extended DNS Error code 17 - Filtered.
``prohibited``
Extended DNS Error code 18 - Prohibited.September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3514CID 356328: Control flow issues (DEADCODE) in bin/named/server.c2022-09-06T09:15:23ZMichal NowakCID 356328: Control flow issues (DEADCODE) in bin/named/server.cCoverity Scan reports supposed dead code (originated in b69e783164cd50e3306364668558e460617ee8fc):
```
/bin/named/server.c: 8756 in load_configuration()
8750 "creating UDP/IPv4 port set: %s",
8751 isc_result_tot...Coverity Scan reports supposed dead code (originated in b69e783164cd50e3306364668558e460617ee8fc):
```
/bin/named/server.c: 8756 in load_configuration()
8750 "creating UDP/IPv4 port set: %s",
8751 isc_result_totext(result));
8752 goto cleanup_bindkeys_parser;
8753 }
8754 isc_portset_create(named_g_mctx, &v6portset);
8755 if (result != ISC_R_SUCCESS) {
>>> CID 356328: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "isc_log_write(named_g_lctx,...".
8756 isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
8757 NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
8758 "creating UDP/IPv6 port set: %s",
8759 isc_result_totext(result));
8760 goto cleanup_v4portset;
8761 }
```September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3489CID 355779: Null pointer dereferences in lib/dns/tkey.c2022-08-26T13:17:55ZMichal NowakCID 355779: Null pointer dereferences in lib/dns/tkey.cCoverity Scan identified the following issue on `main`:
```
*** CID 355779: Null pointer dereferences (REVERSE_INULL)
/lib/dns/tkey.c: 997 in buildquery()
991 dns_message_puttempname(msg, &aname);
992 }
993 if (question...Coverity Scan identified the following issue on `main`:
```
*** CID 355779: Null pointer dereferences (REVERSE_INULL)
/lib/dns/tkey.c: 997 in buildquery()
991 dns_message_puttempname(msg, &aname);
992 }
993 if (question != NULL) {
994 dns_rdataset_disassociate(question);
995 dns_message_puttemprdataset(msg, &question);
996 }
>>> CID 355779: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "dynbuf" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
997 if (dynbuf != NULL) {
998 isc_buffer_free(&dynbuf);
999 }
1000 return (result);
1001 }
1002
```
5c8cb7cc3f13eb1d041bd6264c61b3d30707b4c5 might be the culprit. @aram can you have a look?September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3467dns_rdatalist_tordataset can not fail update prototype to return void2022-09-06T08:25:45ZMark Andrewsdns_rdatalist_tordataset can not fail update prototype to return voidUpdate prototype and cleanup unnecessary error handling.
Repeat for any calling functions that subsequently cannot fail.Update prototype and cleanup unnecessary error handling.
Repeat for any calling functions that subsequently cannot fail.September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3364Various Coverity issues after dns_message_gettemp* cleanup2022-09-08T10:57:47ZMichal NowakVarious Coverity issues after dns_message_gettemp* cleanupVarious issues identified by Coverity Scan after `dns_message_gettemp*` functions cleanup (33ba0057a7c44d4e5d63f7f55e1823279e996a19) on `main`:
```
** CID 352819: Control flow issues (DEADCODE)
/lib/dns/xfrin.c: 1366 in xfrin_send_requ...Various issues identified by Coverity Scan after `dns_message_gettemp*` functions cleanup (33ba0057a7c44d4e5d63f7f55e1823279e996a19) on `main`:
```
** CID 352819: Control flow issues (DEADCODE)
/lib/dns/xfrin.c: 1366 in xfrin_send_request()
________________________________________________________________________________________________________
*** CID 352819: Control flow issues (DEADCODE)
/lib/dns/xfrin.c: 1366 in xfrin_send_request()
1360
1361 failure:
1362 if (qname != NULL) {
1363 dns_message_puttempname(msg, &qname);
1364 }
1365 if (qrdataset != NULL) {
>>> CID 352819: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "dns_message_puttemprdataset...".
1366 dns_message_puttemprdataset(msg, &qrdataset);
1367 }
1368 if (msg != NULL) {
1369 dns_message_detach(&msg);
1370 }
1371 if (soatuple != NULL) {
** CID 352818: Null pointer dereferences (REVERSE_INULL)
/lib/dns/message.c: 2882 in dns_message_setquerytsig()
________________________________________________________________________________________________________
*** CID 352818: Null pointer dereferences (REVERSE_INULL)
/lib/dns/message.c: 2882 in dns_message_setquerytsig()
2876
2877 msg->querytsig = set;
2878
2879 return (result);
2880
2881 cleanup:
>>> CID 352818: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "rdata" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2882 if (rdata != NULL) {
2883 dns_message_puttemprdata(msg, &rdata);
2884 }
2885 if (list != NULL) {
2886 dns_message_puttemprdatalist(msg, &list);
2887 }
** CID 352817: Control flow issues (DEADCODE)
/lib/ns/xfrout.c: 1568 in sendstream()
________________________________________________________________________________________________________
*** CID 352817: Control flow issues (DEADCODE)
/lib/ns/xfrout.c: 1568 in sendstream()
1562
1563 /* Advance lasttsig to be the last TSIG generated */
1564 CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig));
1565
1566 failure:
1567 if (msgname != NULL) {
>>> CID 352817: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "if (msgrds != NULL) {
if ...".
1568 if (msgrds != NULL) {
1569 if (dns_rdataset_isassociated(msgrds)) {
1570 dns_rdataset_disassociate(msgrds);
1571 }
1572 dns_message_puttemprdataset(msg, &msgrds);
1573 }
** CID 352816: Control flow issues (DEADCODE)
/lib/ns/query.c: 8443 in query_dns64()
________________________________________________________________________________________________________
*** CID 352816: Control flow issues (DEADCODE)
/lib/ns/query.c: 8443 in query_dns64()
8437 cleanup:
8438 if (buffer != NULL) {
8439 isc_buffer_free(&buffer);
8440 }
8441
8442 if (dns64_rdata != NULL) {
>>> CID 352816: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "dns_message_puttemprdata(cl...".
8443 dns_message_puttemprdata(client->message, &dns64_rdata);
8444 }
8445
8446 if (dns64_rdataset != NULL) {
8447 dns_message_puttemprdataset(client->message, &dns64_rdataset);
8448 }
** CID 352815: Control flow issues (DEADCODE)
/lib/dns/xfrin.c: 1363 in xfrin_send_request()
________________________________________________________________________________________________________
*** CID 352815: Control flow issues (DEADCODE)
/lib/dns/xfrin.c: 1363 in xfrin_send_request()
1357 isc_nmhandle_attach(send_xfr->handle, &xfr->sendhandle);
1358 isc_refcount_increment0(&send_xfr->sends);
1359 isc_nm_send(xfr->handle, ®ion, xfrin_send_done, send_xfr);
1360
1361 failure:
1362 if (qname != NULL) {
>>> CID 352815: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "dns_message_puttempname(msg...".
1363 dns_message_puttempname(msg, &qname);
1364 }
1365 if (qrdataset != NULL) {
1366 dns_message_puttemprdataset(msg, &qrdataset);
1367 }
1368 if (msg != NULL) {
** CID 352814: Null pointer dereferences (REVERSE_INULL)
/lib/dns/xfrin.c: 1267 in tuple2msgname()
________________________________________________________________________________________________________
*** CID 352814: Null pointer dereferences (REVERSE_INULL)
/lib/dns/xfrin.c: 1267 in tuple2msgname()
1261 failure:
1262
1263 if (rds != NULL) {
1264 dns_rdataset_disassociate(rds);
1265 dns_message_puttemprdataset(msg, &rds);
1266 }
>>> CID 352814: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "rdl" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1267 if (rdl != NULL) {
1268 ISC_LIST_UNLINK(rdl->rdata, rdata, link);
1269 dns_message_puttemprdatalist(msg, &rdl);
1270 }
1271 if (rdata != NULL) {
1272 dns_message_puttemprdata(msg, &rdata);
** CID 352813: Null pointer dereferences (REVERSE_INULL)
/lib/dns/tkey.c: 199 in add_rdata_to_list()
________________________________________________________________________________________________________
*** CID 352813: Null pointer dereferences (REVERSE_INULL)
/lib/dns/tkey.c: 199 in add_rdata_to_list()
193
194 ISC_LIST_APPEND(*namelist, newname, link);
195
196 return (ISC_R_SUCCESS);
197
198 failure:
>>> CID 352813: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "newrdata" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
199 if (newrdata != NULL) {
200 if (ISC_LINK_LINKED(newrdata, link)) {
201 INSIST(newlist != NULL);
202 ISC_LIST_UNLINK(newlist->rdata, newrdata, link);
203 }
204 dns_message_puttemprdata(msg, &newrdata);
** CID 352812: Control flow issues (DEADCODE)
/lib/ns/query.c: 8584 in query_filter64()
________________________________________________________________________________________________________
*** CID 352812: Control flow issues (DEADCODE)
/lib/ns/query.c: 8584 in query_filter64()
8578 cleanup:
8579 if (buffer != NULL) {
8580 isc_buffer_free(&buffer);
8581 }
8582
8583 if (myrdata != NULL) {
>>> CID 352812: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "dns_message_puttemprdata(cl...".
8584 dns_message_puttemprdata(client->message, &myrdata);
8585 }
8586
8587 if (myrdataset != NULL) {
8588 dns_message_puttemprdataset(client->message, &myrdataset);
8589 }
** CID 352811: Null pointer dereferences (REVERSE_INULL)
/lib/dns/tkey.c: 213 in add_rdata_to_list()
________________________________________________________________________________________________________
*** CID 352811: Null pointer dereferences (REVERSE_INULL)
/lib/dns/tkey.c: 213 in add_rdata_to_list()
207 dns_message_puttempname(msg, &newname);
208 }
209 if (newset != NULL) {
210 dns_rdataset_disassociate(newset);
211 dns_message_puttemprdataset(msg, &newset);
212 }
>>> CID 352811: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "newlist" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
213 if (newlist != NULL) {
214 dns_message_puttemprdatalist(msg, &newlist);
215 }
216 return (result);
217 }
218
** CID 352810: Null pointer dereferences (REVERSE_INULL)
/lib/dns/message.c: 2885 in dns_message_setquerytsig()
________________________________________________________________________________________________________
*** CID 352810: Null pointer dereferences (REVERSE_INULL)
/lib/dns/message.c: 2885 in dns_message_setquerytsig()
2879 return (result);
2880
2881 cleanup:
2882 if (rdata != NULL) {
2883 dns_message_puttemprdata(msg, &rdata);
2884 }
>>> CID 352810: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "list" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2885 if (list != NULL) {
2886 dns_message_puttemprdatalist(msg, &list);
2887 }
2888 if (set != NULL) {
2889 dns_message_puttemprdataset(msg, &set);
2890 }
** CID 352809: Null pointer dereferences (REVERSE_INULL)
/lib/dns/message.c: 4654 in dns_message_buildopt()
________________________________________________________________________________________________________
*** CID 352809: Null pointer dereferences (REVERSE_INULL)
/lib/dns/message.c: 4654 in dns_message_buildopt()
4648 if (rdata != NULL) {
4649 dns_message_puttemprdata(message, &rdata);
4650 }
4651 if (rdataset != NULL) {
4652 dns_message_puttemprdataset(message, &rdataset);
4653 }
>>> CID 352809: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "rdatalist" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
4654 if (rdatalist != NULL) {
4655 dns_message_puttemprdatalist(message, &rdatalist);
4656 }
4657 return (result);
4658 }
4659
** CID 352808: Null pointer dereferences (REVERSE_INULL)
/lib/dns/xfrin.c: 1271 in tuple2msgname()
________________________________________________________________________________________________________
*** CID 352808: Null pointer dereferences (REVERSE_INULL)
/lib/dns/xfrin.c: 1271 in tuple2msgname()
1265 dns_message_puttemprdataset(msg, &rds);
1266 }
1267 if (rdl != NULL) {
1268 ISC_LIST_UNLINK(rdl->rdata, rdata, link);
1269 dns_message_puttemprdatalist(msg, &rdl);
1270 }
>>> CID 352808: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "rdata" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1271 if (rdata != NULL) {
1272 dns_message_puttemprdata(msg, &rdata);
1273 }
1274
1275 return (result);
1276 }
```September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/3334rdata unit test fails on OpenBSD 7.1 in "key" and "sig_rrsig" tests2022-09-14T11:48:11ZMichal Nowakrdata unit test fails on OpenBSD 7.1 in "key" and "sig_rrsig" testsThe `rdata_test` unit test fails on OpenBSD 7.1 with Clang 13.0.0 on `main` (and only there) and thus prevents updating to the new release (isc-projects/images!163):
```
[==========] Running 27 test(s).
[ RUN ] amtrelay
[ OK ]...The `rdata_test` unit test fails on OpenBSD 7.1 with Clang 13.0.0 on `main` (and only there) and thus prevents updating to the new release (isc-projects/images!163):
```
[==========] Running 27 test(s).
[ RUN ] amtrelay
[ OK ] amtrelay
[ RUN ] apl
[ OK ] apl
[ RUN ] atma
[ OK ] atma
[ RUN ] cdnskey
[ OK ] cdnskey
[ RUN ] csync
[ OK ] csync
[ RUN ] dnskey
[ OK ] dnskey
[ RUN ] doa
[ OK ] doa
[ RUN ] ds
[ OK ] ds
[ RUN ] eid
[ OK ] eid
[ RUN ] hip
[ OK ] hip
[ RUN ] https_svcb
[ OK ] https_svcb
[ RUN ] isdn
[ OK ] isdn
[ RUN ] key
[ ERROR ] --- 0 == 0
[ LINE ] --- rdata_test.c:410: error: Failure!
[ FAILED ] key
[ RUN ] loc
[ OK ] loc
[ RUN ] nimloc
[ OK ] nimloc
[ RUN ] nsec
[ OK ] nsec
[ RUN ] nsec3
[ OK ] nsec3
[ RUN ] nxt
[ OK ] nxt
[ RUN ] rkey
[ OK ] rkey
[ RUN ] sig_rrsig
[ ERROR ] --- 0 == 0
[ LINE ] --- rdata_test.c:410: error: Failure!
[ FAILED ] sig_rrsig
[ RUN ] sshfp
[ OK ] sshfp
[ RUN ] wks
[ OK ] wks
[ RUN ] zonemd
[ OK ] zonemd
[ RUN ] edns_client_subnet
[ OK ] edns_client_subnet
[ RUN ] atcname
[ OK ] atcname
[ RUN ] atparent
[ OK ] atparent
[ RUN ] iszonecutauth
[ OK ] iszonecutauth
[==========] 27 test(s) run.
[ PASSED ] 25 test(s).
[ FAILED ] 2 test(s), listed below:
[ FAILED ] key
[ FAILED ] sig_rrsig
2 FAILED TEST(S)
FAIL rdata_test (exit status: 2)
```September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)https://gitlab.isc.org/isc-projects/bind9/-/issues/3521Crash during reconfig in ns_interface_create()2022-09-08T11:01:11ZCathy AlmondCrash during reconfig in ns_interface_create()Reported to us via [Support Ticket #21126](https://support.isc.org/Ticket/Display.html?id=21126)
Reported against BIND 9.16.23
> In ns_interface_create(), there's insufficient cleanup upon failure.
>
> The following is the patch commi...Reported to us via [Support Ticket #21126](https://support.isc.org/Ticket/Display.html?id=21126)
Reported against BIND 9.16.23
> In ns_interface_create(), there's insufficient cleanup upon failure.
>
> The following is the patch committed to fix it:
```patch
diff --git a/bind9.16/lib/ns/interfacemgr.c b/bind9.16/lib/ns/interfacemgr.c
index 7006e7c478b..0e1cc71560d 100644
--- a/bind9.16/lib/ns/interfacemgr.c
+++ b/bind9.16/lib/ns/interfacemgr.c
@@ -448,6 +448,15 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
return (ISC_R_SUCCESS);
failure:
+#ifdef ORIGINAL_ISC_CODE
+#else
+ LOCK(&ifp->mgr->lock);
+ ISC_LIST_UNLINK(ifp->mgr->interfaces, ifp, link);
+ UNLOCK(&ifp->mgr->lock);
+ ns_interfacemgr_detach(&ifp->mgr);
+ isc_refcount_decrementz(&ifp->references);
+ isc_refcount_destroy(&ifp->references);
+#endif
isc_mutex_destroy(&ifp->lock);
ifp->magic = 0;
```September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)