Skip to content

`rndc freeze` command always fails, perhaps due to `in-view`

Summary

rndc freeze always fails:

rndc: 'freeze' failed: already frozen

BIND version used

BIND 9.17.16 (Development Release) <id:b33f621>
running on Linux x86_64 5.12.15-arch1-1-zen2 #1 SMP PREEMPT Sun, 11 Jul 2021 10:50:03 +0000
built by make with  '--prefix=/usr' '--sysconfdir=/etc' '--sbindir=/usr/bin' '--localstatedir=/var' '--disable-static' '--enable-fixed-rrset' '--enable-full-report' '--with-python=/usr/bin/python' '--with-maxminddb' '--with-openssl' '--with-libidn2' '--with-json-c' '--with-libxml2' '--with-lmdb' '--with-libtool' 'CFLAGS=-march=native -O2 -pipe -fno-plt -fexceptions         -Wp,-D_FORTIFY_SOURCE=2,-D_GLIBCXX_ASSERTIONS         -Wformat -Werror=format-security         -fstack-clash-protection -fcf-protection -DDIG_SIGCHASE -fcommon' 'LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now'
compiled by GCC 11.1.0
compiled with OpenSSL version: OpenSSL 1.1.1k  25 Mar 2021
linked to OpenSSL version: OpenSSL 1.1.1k  25 Mar 2021
compiled with libuv version: 1.41.0
linked to libuv version: 1.42.0
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.44.0
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.6.0
threads support is enabled

default paths:
  named configuration:  /etc/named.conf
  rndc configuration:   /etc/rndc.conf
  DNSSEC root key:      /etc/bind.keys
  nsupdate session key: /var/run/named/session.key
  named PID file:       /var/run/named/named.pid
  named lock file:      /var/run/named/named.lock
  geoip-directory:      /usr/share/GeoIP

Steps to reproduce

Set up a server with a few zones and views. (In particular, the in-view feature is used a lot. Could it be causing wrong zone freeze retries?) Then call rndc freeze.

What is the current bug behavior?

rndc freeze always fails. (But then thaw always succeeds.)

What is the expected correct behavior?

rndc freeze should succeed, definitely at least after a successful rndc thaw.

Relevant configuration files

There are lots of them. Not sure which ones are relevant. Please feel free to ask for details.

The server has a number of views, dnssec-policy, zones shared among views with in-view as well as zones that differ between views (signed with dnssec-policy in only one view while other views reuse the same DNSSEC keys (but not the same zone file/data) via auto-dnssec maintain; inline-signing yes;).

Relevant logs and/or screenshots

For rndc freeze, the logs look like repetitive attempts to freeze the same zones (all of which are defined in the loopback view mentioned in the log and reused in numerous views using in-view).

Thawing seems to work fine. Uneventful.

Aug 02 10:48:10 named[450242]: received control channel command 'thaw'
Aug 02 10:48:10 named[450242]: thawing all zones: success
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information