Skip to content

Unable to thaw a frozen dynamic zone when KASP is configured.

Summary

A zone is configured as a dynamic zone and KASP with 'dnssec-policy default'. When the zone is frozen it cannot be thawed afterwards.

BIND version used

BIND 9.16.12-Debian (Stable Release) <id:aeb943d>
running on Linux x86_64 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28)
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-9.16.12=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 8.3.0
compiled with OpenSSL version: OpenSSL 1.1.1d  10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d  10 Sep 2019
compiled with libuv version: 1.38.1
linked to libuv version: 1.38.1
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
compiled with json-c version: 0.12.1
linked to json-c version: 0.12.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.3.2
compiled with protobuf-c version: 1.3.1
linked to protobuf-c version: 1.3.1
threads support is enabled

default paths:
  named configuration:  /etc/bind/named.conf
  rndc configuration:   /etc/bind/rndc.conf
  DNSSEC root key:      /etc/bind/bind.keys
  nsupdate session key: //run/named/session.key
  named PID file:       //run/named/named.pid
  named lock file:      //run/named/named.lock
  geoip-directory:      /usr/share/GeoIP

Steps to reproduce

Freezing the zone:

# rndc freeze domain.name

Zones is frozen and dumped to file (including all KASP-generated records)

Thawing the zone:

# rndc thaw domain.name
rndc: 'thaw' failed: dynamic zone

What is the current bug behavior?

Zone is frozen and cannot be thawed.

What is the expected correct behavior?

Zone can be thawed :-)

Relevant configuration files

Zone configuration:

zone "domain.name." {
        type master;
        file "/etc/bind/master/domain.name./zone.db";
        update-policy {
          grant local-ddns zonesub any;
        };
        dnssec-policy default;
};

Relevant logs and/or screenshots

Feb 24 13:37:00 nic named[10000]: received control channel command 'freeze domain.name'
Feb 24 13:37:00 nic named[10000]: freezing zone 'domain.name/IN': success
Feb 24 13:38:12 nic named[10000]: received control channel command 'thaw domain.name'
Feb 24 13:38:12 nic named[10000]: thawing zone 'domain.name/IN': dynamic zone

Possible fixes

(If you can, link to the line of code that might be responsible for the problem.)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information