"client: error: query" in the log, when compiling with "--enable-singletrace" but not using "+qid=0" in the query
Summary
When compiling the current stable BIND (9.18.15) with --enable-singletrace
and using deny-answer-addresses { 127.0.0.1; 0.0.0.0; };
, then named
reports a resolver notice and a client error:
25-May-2023 14:46:23.594 resolver: notice: answer address 0.0.0.0 denied for test0.example.ch/A/IN
25-May-2023 14:46:23.594 client: error: query client=0x7f5d519ae168 thread=0x7f5d737fe700(test0.example.ch/A): query_gotanswer: unexpected error: SERVFAIL
Logging is configured like this:
logging {
channel default_debug {
file "/var/log/named/named.log";
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default { default_debug; };
When compiling the current stable BIND (9.18.15) without --enable-singletrace
and still using deny-answer-addresses { 127.0.0.1; 0.0.0.0; };
, then named
reports only a resolver notice:
25-May-2023 14:46:23.594 resolver: notice: answer address 0.0.0.0 denied for test0.example.ch/A/IN
I'm not sure, if this is a bug, but I assume that --enable-singletrace
should only report debugging stuff, when using +qid=0
in the query and should not report a query-error, when named
response a SERVFAIL back to the client. I can also enforce a similar error, when I block outbound dns traffic to an authoritative server. Then a client-error appears regarding the expected timeout:
25-May-2023 14:49:23.626 client: error: query client=0x7f5d51362168 thread=0x7f5d727fc700(test0.example.ch/A): query_gotanswer: unexpected error: timed out
BIND version used
# named -V
BIND 9.18.15 (Extended Support Version) <id:f53a076>
running on Linux x86_64 4.18.0-425.19.2.el8_7.x86_64 #1 SMP Tue Apr 4 22:38:11 UTC 2023
built by make with '--prefix=/usr/local/bind-9.18.15' '--sysconfdir=/opt/chroot/bind/etc/named/' '--mandir=/usr/local/share/man' '--localstatedir=/opt/chroot/bind/var' '--enable-largefile' '--enable-full-report' '--without-gssapi' '--with-json-c' '--enable-dnstap' '--with-libxml2' '--enable-singletrace' 'PKG_CONFIG_PATH=/usr/local/fstrm/lib/pkgconfig/:/usr/local/h2o/lib64/pkgconfig'
compiled by GCC 8.5.0 20210514 (Red Hat 8.5.0-16)
compiled with OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021
linked to OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021
compiled with libuv version: 1.41.1
linked to libuv version: 1.41.1
compiled with libnghttp2 version: 1.33.0
linked to libnghttp2 version: 1.33.0
compiled with libxml2 version: 2.9.7
linked to libxml2 version: 20907
compiled with json-c version: 0.13.1
linked to json-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
compiled with protobuf-c version: 1.3.0
linked to protobuf-c version: 1.3.0
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): no
default paths:
named configuration: /opt/chroot/bind/etc/named/named.conf
rndc configuration: /opt/chroot/bind/etc/named/rndc.conf
DNSSEC root key: /opt/chroot/bind/etc/named/bind.keys
nsupdate session key: /opt/chroot/bind/var/run/named/session.key
named PID file: /opt/chroot/bind/var/run/named/named.pid
named lock file: /opt/chroot/bind/var/run/named/named.lock
Steps to reproduce
See above.
What is the current bug behavior?
I expect debug info only, when using +quid=0
in the client query.
What is the expected correct behavior?
Not logging debug messages, when not using explicit debug-logging or not using +qid=0
when named
is compiled with --enable-singletrace
.