Skip to content

GitLab

Closed
Created by LM Jogbäck@lmjogback

Unable to thaw a frozen dynamic zone when KASP is configured.

Summary

A zone is configured as a dynamic zone and KASP with 'dnssec-policy default'. When the zone is frozen it cannot be thawed afterwards.

BIND version used

BIND 9.16.12-Debian (Stable Release) <id:aeb943d>
running on Linux x86_64 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28)
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-9.16.12=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 8.3.0
compiled with OpenSSL version: OpenSSL 1.1.1d  10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d  10 Sep 2019
compiled with libuv version: 1.38.1
linked to libuv version: 1.38.1
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
compiled with json-c version: 0.12.1
linked to json-c version: 0.12.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.3.2
compiled with protobuf-c version: 1.3.1
linked to protobuf-c version: 1.3.1
threads support is enabled

default paths:
  named configuration:  /etc/bind/named.conf
  rndc configuration:   /etc/bind/rndc.conf
  DNSSEC root key:      /etc/bind/bind.keys
  nsupdate session key: //run/named/session.key
  named PID file:       //run/named/named.pid
  named lock file:      //run/named/named.lock
  geoip-directory:      /usr/share/GeoIP

Steps to reproduce

Freezing the zone:

# rndc freeze domain.name

Zones is frozen and dumped to file (including all KASP-generated records)

Thawing the zone:

# rndc thaw domain.name
rndc: 'thaw' failed: dynamic zone

What is the current bug behavior?

Zone is frozen and cannot be thawed.

What is the expected correct behavior?

Zone can be thawed :-)

Relevant configuration files

Zone configuration:

zone "domain.name." {
        type master;
        file "/etc/bind/master/domain.name./zone.db";
        update-policy {
          grant local-ddns zonesub any;
        };
        dnssec-policy default;
};

Relevant logs and/or screenshots

Feb 24 13:37:00 nic named[10000]: received control channel command 'freeze domain.name'
Feb 24 13:37:00 nic named[10000]: freezing zone 'domain.name/IN': success
Feb 24 13:38:12 nic named[10000]: received control channel command 'thaw domain.name'
Feb 24 13:38:12 nic named[10000]: thawing zone 'domain.name/IN': dynamic zone

Possible fixes

(If you can, link to the line of code that might be responsible for the problem.)