Empty JSON in POST request causes connection die in BIND >= 9.18

Summary

We send an HTTP request to the BIND9 statistics endpoint (/json/v1). The request uses the POST method and contains empty JSON ({}) in the body. We re-use the HTTP connection between requests.

The problem starts occurring from the BIND 9.18 version. Every second request is refused. In previous BIND9 versions (tested on 9.16 and 9.11) worked well.

An external user initially reported the issue in the Stork repository.

BIND version used

We use BIND 9.18 inside the official Docker container.

Steps to reproduce

The issue isn't related to the Stork code and can be reproduced using curl:

curl -v -d '{}' -o/dev/null http://127.0.0.1:80/json/v1 -o/dev/null http://127.0.0.1:80/json/v1

This command sends two requests to the statistics endpoint, re-using the same connection. The request body is an empty JSON. It implies the POST method. The request passes and returns HTTP 200 OK status. The second causes the connection to die. The curl recreates the connection and retry that finishes with success.

What is the current bug behavior?

Every second request to BIND9 fails.

What is the expected correct behavior?

BIND9 should accept every request as in the previous versions, or the documentation should contain a definition of the valid request.

Relevant configuration files

named.conf content:

include "/etc/bind/rndc.key";
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

controls {
	inet 127.0.0.1 allow { localhost; };
};

statistics-channels {
        inet 127.0.0.1 port 80 allow { 127.0.0.1; };
};

zone "test" {
	type master;
	allow-transfer { any; };
	zone-statistics full;
	file "/etc/bind/db.test";
};

`db.test`` content:

test.	604800	IN	SOA	test. root.test. 1 604800 86400 2419200 604800
test.	604800	IN	NS	test.
test.	604800	IN	A	127.0.0.1
test.	604800	IN	AAAA	::1

Relevant logs and/or screenshots

The output of the command described in the "Steps to reproduce" section:

# curl -v -d '{}' -o/dev/null http://127.0.0.1:80/json/v1 -o/dev/null http://127.0.0.1:80/json/v1
*   Trying 127.0.0.1:80...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> POST /json/v1 HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.81.0
> Accept: */*
> Content-Length: 2
> Content-Type: application/x-www-form-urlencoded
> 
} [2 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: application/json
< Date: Mon, 04 Jul 2022 07:09:27 GMT
< Expires: Mon, 04 Jul 2022 07:09:27 GMT
< Last-Modified: Mon, 04 Jul 2022 07:09:27 GMT
< Pragma: no-cache
< Cache-Control: no-cache
< Server: libisc
< Content-Length: 58431
< 
{ [11824 bytes data]
100 58433  100 58431  100     2  21.7M    782 --:--:-- --:--:-- --:--:-- 27.8M
* Connection #0 to host 127.0.0.1 left intact
* Found bundle for host 127.0.0.1: 0x5568a154fec0 [serially]
* Can not multiplex, even if we wanted to!
* Re-using existing connection! (#0) with host 127.0.0.1
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0> POST /json/v1 HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.81.0
> Accept: */*
> Content-Length: 2
> Content-Type: application/x-www-form-urlencoded
> 
} [2 bytes data]
* Connection died, retrying a fresh connect (retry count: 1)

^^^^^^^^^^^^^^^^^^^^^ SECOND REQUEST DIES ^^^^^^^^^^^^^^^^^^^^^

100     2    0     0  100     2      0   1282 --:--:-- --:--:-- --:--:--  2000
* Closing connection 0
* Issue another request to this URL: 'http://127.0.0.1:80/json/v1'
* Hostname 127.0.0.1 was found in DNS cache
*   Trying 127.0.0.1:80...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#1)
> POST /json/v1 HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.81.0
> Accept: */*
> Content-Length: 2
> Content-Type: application/x-www-form-urlencoded
> 
} [2 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: application/json
< Date: Mon, 04 Jul 2022 07:09:27 GMT
< Expires: Mon, 04 Jul 2022 07:09:27 GMT
< Last-Modified: Mon, 04 Jul 2022 07:09:27 GMT
< Pragma: no-cache
< Cache-Control: no-cache
< Server: libisc
< Content-Length: 58431
< 
{ [35984 bytes data]
100 58433  100 58431  100     2  11.4M    409 --:--:-- --:--:-- --:--:-- 11.4M
* Connection #1 to host 127.0.0.1 left intact

Possible fixes

The requests with the empty bodies are accepted correctly with both POST and GET methods.