Intermittent BIND Process Termination on FreeBSD System with Integrated DoH service
Summary
We are experiencing an issue on our FreeBSD system (12.4-RELEASE-p6) running BIND 9.18.20 (ESV), compiled from source code. The BIND process sporadically terminates due to an ASSERT failure. This problem began a few days after we configured DoH (DNS over HTTPS) functionality in BIND9. TLS offloading is done via Nginx which handle DoH and DoT services. Prior to this we were using separate software for DoH service, TLS offloading was done by Nginx as well. We didn`t ditch Nginx TLS offloading because some DoH clients (Mikrotik network devices) faced difficulties communicating directly with the BIND9 server. BIND9 DoH server is configured to listen on localhost with TLS set to 'none', avoiding double encryption. Relevant config for DoH:
http "local-doh-server" {
endpoints {
"/dns-query";
};
listener-clients 500;
streams-per-connection 300;
};
options {
listen-on port 8080 tls "none" http "local-doh-server" {
127.0.0.1;
};
};BIND version used
BIND 9.18.20 (Extended Support Version) <id:396c2b4>
running on FreeBSD amd64 12.4-RELEASE-p6 FreeBSD 12.4-RELEASE-p6 GENERIC
built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--enable-dnsrps' '--with-readline=libedit' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-querytrace' '--enable-tcp-fastopen' '--prefix=/usr/local' '--mandir=/usr/local/man' '--disable-silent-rules' '--infodir=/usr/local/share/info/' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf' 'PKG_CONFIG_LIBDIR=/wrkdirs/usr/ports/dns/bind918/work/.pkgconfig:/usr/local/libdata/pkgconfig:/usr/local/share/pkgconfig:/usr/libdata/pkgconfig' 'PYTHON=/usr/local/bin/python3.9' 'READLINE_CFLAGS=-L/usr/local/lib'
compiled by CLANG FreeBSD Clang 13.0.0 (git@github.com:llvm/llvm-project.git llvmorg-13.0.0-0-gd7b669b3a303)
compiled with OpenSSL version: OpenSSL 1.1.1q-freebsd 5 Jul 2022
linked to OpenSSL version: OpenSSL 1.1.1q-freebsd 5 Jul 2022
compiled with libuv version: 1.45.0
linked to libuv version: 1.47.0
compiled with libnghttp2 version: 1.53.0
linked to libnghttp2 version: 1.58.0
compiled with libxml2 version: 2.10.4
linked to libxml2 version: 21004
compiled with json-c version: 0.16
linked to json-c version: 0.17
compiled with zlib version: 1.2.12
linked to zlib version: 1.2.12
compiled with protobuf-c version: 1.4.1
linked to protobuf-c version: 1.4.1
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): no
default paths:
named configuration: /usr/local/etc/namedb/named.conf
rndc configuration: /usr/local/etc/namedb/rndc.conf
DNSSEC root key: /usr/local/etc/namedb/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lockSteps to reproduce
Currently we don’t have a recipe to reproduce, we are trying to find out if this is related to incoming traffic as crash happens multiple times a day on a specific anycast node then may move to another node few days later.
What is the current bug behavior?
We assume that process dies due to assertion failure while processing network packet which doest not match the specific magic or is related memory access violation.
2023-12-03T05:23:05.367151+02:00 cache-a-jelg named[37226] general: critical: netmgr/netmgr.c:3726: REQUIRE((((handle) != ((void *)0) && ((const isc__magic_t *)(handle))->magic == ((('N') << 24 | ('M') << 16 | (
'H') << 8 | ('D')))) && __c11_atomic_load(&(handle)->references, memory_order_seq_cst) > 0)) failed, back trace
2023-12-03T05:23:05.368741+02:00 cache-a-jelg named[37226] general: critical: 0x2402c8 <assertion_failed+0x88> at /usr/local/sbin/named
2023-12-03T05:23:05.368796+02:00 cache-a-jelg named[37226] general: critical: 0x80031dd7a <isc_assertion_failed+0xa> at /usr/local/lib/libisc-9.18.20.so
2023-12-03T05:23:05.368833+02:00 cache-a-jelg named[37226] general: critical: 0x80030c948 <isc_nm_socket_type+0x48> at /usr/local/lib/libisc-9.18.20.so
2023-12-03T05:23:05.368868+02:00 cache-a-jelg named[37226] general: critical: 0x80034b036 <isc__nm_http_has_encryption+0x46> at /usr/local/lib/libisc-9.18.20.so
2023-12-03T05:23:05.368905+02:00 cache-a-jelg named[37226] general: critical: 0x8005acab8 <ns_client_checkaclsilent+0xa8> at /usr/local/lib/libns-9.18.20.so
2023-12-03T05:23:05.368940+02:00 cache-a-jelg named[37226] general: critical: 0x8005b8429 <ns_query_start+0xe89> at /usr/local/lib/libns-9.18.20.so
2023-12-03T05:23:05.368973+02:00 cache-a-jelg named[37226] general: critical: 0x8005c14c3 <ns_query_start+0x9f23> at /usr/local/lib/libns-9.18.20.so
2023-12-03T05:23:05.369007+02:00 cache-a-jelg named[37226] general: critical: 0x8004c986c <dns_rdata_additionaldata+0x42c> at /usr/local/lib/libdns-9.18.20.so
2023-12-03T05:23:05.369041+02:00 cache-a-jelg named[37226] general: critical: 0x8004e773a <dns_rdataset_additionaldata+0xda> at /usr/local/lib/libdns-9.18.20.so
2023-12-03T05:23:05.369076+02:00 cache-a-jelg named[37226] general: critical: 0x8005c0f79 <ns_query_start+0x99d9> at /usr/local/lib/libns-9.18.20.so
2023-12-03T05:23:05.369112+02:00 cache-a-jelg named[37226] general: critical: 0x8005c650e <ns_query_start+0xef6e> at /usr/local/lib/libns-9.18.20.so
2023-12-03T05:23:05.369146+02:00 cache-a-jelg named[37226] general: critical: 0x8005c39f0 <ns_query_start+0xc450> at /usr/local/lib/libns-9.18.20.so
2023-12-03T05:23:05.369181+02:00 cache-a-jelg named[37226] general: critical: 0x8005bb380 <ns_query_start+0x3de0> at /usr/local/lib/libns-9.18.20.so
2023-12-03T05:23:05.369219+02:00 cache-a-jelg named[37226] general: critical: 0x8005b9a84 <ns_query_start+0x24e4> at /usr/local/lib/libns-9.18.20.so
2023-12-03T05:23:05.369253+02:00 cache-a-jelg named[37226] general: critical: 0x8005c9349 <ns_query_start+0x11da9> at /usr/local/lib/libns-9.18.20.so
2023-12-03T05:23:05.369286+02:00 cache-a-jelg named[37226] general: critical: 0x8005b5ebd <ns_query_recurse+0x9bd> at /usr/local/lib/libns-9.18.20.so
2023-12-03T05:23:05.369319+02:00 cache-a-jelg named[37226] general: critical: 0x80033d7e3 <isc_task_run+0x153> at /usr/local/lib/libisc-9.18.20.so
2023-12-03T05:23:05.369354+02:00 cache-a-jelg named[37226] general: critical: 0x80030d0e9 <isc__nmsocket_log_tls_session_reuse+0x3c9> at /usr/local/lib/libisc-9.18.20.so
2023-12-03T05:23:05.369389+02:00 cache-a-jelg named[37226] general: critical: 0x800307676 <isc__nm_maybe_enqueue_ievent+0xa6> at /usr/local/lib/libisc-9.18.20.so
2023-12-03T05:23:05.369426+02:00 cache-a-jelg named[37226] general: critical: 0x80030cf66 <isc__nmsocket_log_tls_session_reuse+0x246> at /usr/local/lib/libisc-9.18.20.so
2023-12-03T05:23:05.369460+02:00 cache-a-jelg named[37226] general: critical: 0x80030363d <isc__netmgr_create+0x6dd> at /usr/local/lib/libisc-9.18.20.so
2023-12-03T05:23:05.369494+02:00 cache-a-jelg named[37226] general: critical: 0x800a1b131 <uv_async_send+0x521> at /usr/local/lib/libuv.so.1
2023-12-03T05:23:05.369528+02:00 cache-a-jelg named[37226] general: critical: 0x800a2c9da <uv_cpu_info+0xcda> at /usr/local/lib/libuv.so.1
2023-12-03T05:23:05.369561+02:00 cache-a-jelg named[37226] general: critical: 0x800a1b721 <uv_run+0x1b1> at /usr/local/lib/libuv.so.1
2023-12-03T05:23:05.369596+02:00 cache-a-jelg named[37226] general: critical: 0x80030372b <isc__netmgr_create+0x7cb> at /usr/local/lib/libisc-9.18.20.so
2023-12-03T05:23:05.369630+02:00 cache-a-jelg named[37226] general: critical: 0x8003467a6 <isc__trampoline_run+0x16> at /usr/local/lib/libisc-9.18.20.so
2023-12-03T05:23:05.369665+02:00 cache-a-jelg named[37226] general: critical: exiting (due to assertion failure)
2023-12-03T05:23:05.770653+02:00 cache-a-jelg kernel: pid 37226 (named), jid 0, uid 53: exited on signal 6 (core dumped)What is the expected correct behavior?
We expect the process to continue running.
Relevant configuration files
Obfuscated config file -
acl "internal" {
226.254.34.107/24;
150.72.66.51/24;
760f:daea:ec4b:820d:c80:359e:9c3:d49e::/64;
7346:80c5:8d43:e0c5:7122:1257:3ea4:e454::/64;
};
controls {
inet 127.0.0.1 port 953 allow {
36.245.57.131/32;
} keys {
"rndc-key";
};
};
http "local-doh-server" {
endpoints {
"/dns-query";
};
listener-clients 500;
streams-per-connection 300;
};
logging {
channel "default_log" {
file "/var/log/named/named.log";
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "auth_servers_log" {
file "/var/log/named/auth_servers.log";
severity warning;
print-time yes;
print-severity yes;
print-category yes;
};
channel "dnssec_log" {
file "/var/log/named/dnssec.log";
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "zone_transfers_log" {
file "/var/log/named/zone_transfers.log";
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "ddns_log" {
file "/var/log/named/ddns.log";
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "client_security_log" {
file "/var/log/named/client_security.log";
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "rate_limiting_log" {
file "/var/log/named/rate_limiting.log";
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "rpz_log" {
file "/var/log/named/rpz.log";
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "queries_log" {
file "/var/log/named/queries.log";
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "servfail_log" {
file "/var/log/named/servfail.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
channel "default_syslog" {
syslog "daemon";
severity info;
print-severity yes;
print-category yes;
};
channel "warn_syslog" {
syslog "local0";
severity warning;
print-severity yes;
print-category yes;
};
channel "cert_syslog" {
syslog "local1";
severity info;
print-severity yes;
print-category yes;
};
channel "default_debug" {
file "/var/log/named/debug.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
category "default" {
"default_log";
"warn_syslog";
};
category "config" {
"default_log";
"warn_syslog";
};
category "dispatch" {
"default_log";
"warn_syslog";
};
category "network" {
"default_log";
"warn_syslog";
};
category "general" {
"default_log";
"warn_syslog";
};
category "resolver" {
"auth_servers_log";
"warn_syslog";
};
category "cname" {
"auth_servers_log";
"warn_syslog";
};
category "delegation-only" {
"auth_servers_log";
"warn_syslog";
};
category "edns-disabled" {
"auth_servers_log";
"warn_syslog";
};
category "lame-servers" {
"null";
};
category "dnssec" {
"dnssec_log";
"warn_syslog";
};
category "notify" {
"zone_transfers_log";
"warn_syslog";
};
category "xfer-in" {
"zone_transfers_log";
"warn_syslog";
};
category "xfer-out" {
"zone_transfers_log";
"warn_syslog";
};
category "update" {
"ddns_log";
"warn_syslog";
};
category "update-security" {
"ddns_log";
};
category "client" {
"client_security_log";
"warn_syslog";
};
category "security" {
"client_security_log";
"warn_syslog";
};
category "rate-limit" {
"rate_limiting_log";
"warn_syslog";
};
category "spill" {
"rate_limiting_log";
"warn_syslog";
};
category "database" {
"rate_limiting_log";
"warn_syslog";
};
category "rpz" {
"warn_syslog";
"cert_syslog";
};
category "rpz-passthru" {
"warn_syslog";
"cert_syslog";
};
category "queries" {
"queries_log";
"warn_syslog";
};
category "query-errors" {
"servfail_log";
"warn_syslog";
};
};
options {
directory "/usr/local/etc/namedb/working";
dnstap-output unix"/var/run/named/dnstap.sock";
dump-file "/var/dump/named_dump.db";
hostname none;
interface-interval 0;
listen-on {
200.254.86.193/32;
121.225.149.133/32;
141.238.234.11/32;
200.63.184.61/32;
3.30.204.128/32;
};
listen-on port 8080 tls "none" http "local-doh-server" {
127.0.0.1;
};
listen-on-v6 {
::1/128;
8fed:b17c:2763:19ff:c9f1:a3e9:fdde:3780::4/128;
7de4:e46f:3294:7867:c10d:a31c:b8de:a8d4::/128;
};
pid-file "/var/run/named/pid";
querylog no;
recursive-clients 16384;
server-id hostname;
statistics-file "/var/stats/named.stats";
tcp-clients 2048;
tcp-listen-queue 32;
version none;
clients-per-query 16;
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
dnssec-validation auto;
dnstap {
resolver response;
};
max-cache-size 80%;
max-cache-ttl 86400;
max-clients-per-query 128;
max-ncache-ttl 3600;
minimal-responses yes;
no-case-compress {
"any";
};
query-source 19.18.13.0;
query-source-v6 af4a:e668:3f0c:a251:813e:87f6:e27f:16a5::4;
resolver-query-timeout 5;
allow-query {
"any";
};
notify-source 164.115.55.120;
notify-source-v6 9e68:c1ff:33f:10b6:a9bb:db81:e3f9:ff9c;;
transfer-source 19.18.13.0;
transfer-source-v6 386d:7fdb:fae:bed2:27ca:2cde:a513:b9ac::4;
};
view "external" {
match-clients {
key "rpz-cache-a.example.com";
!key "tsig-example-com";
!key "rpz-view";
!"internal";
"any";
};
match-destinations {
183.18.47.78/32;
13d7:9f31:8d58:7b1b:b321:b0db:560d:2033::/128;
222.236.186.106/32;
141.166.44.50/32;
ef78:5d77:62b7:b667:afbd:1bf6:5b73:9380::4/128;
99.22.99.237/32;
cd15:9e6b:4711:eba4:43d5:24c6:2228:f96e::/128;
62.13.136.234/32;
1108:4267:da46:3a81:77e4:d12b:50fd:a548::4/128;
104.156.168.166/32;
f57e:b838:f93d:bb27:9e8:514e:94ad:1e14::197/128;
131.28.45.175/32;
::1/128;
};
server 62.184.164.101/32 {
keys "rpz-cache-a.example.com";
};
zone "rpz1" {
type slave;
file "/usr/local/etc/namedb/slave/rpz1";
masters {
91.240.246.27 key "rpz-cache-a.example.com";
};
allow-query {
23.232.7.7/32;
};
allow-transfer {
key "rpz-cache-a.example.com";
};
also-notify {
19.19.15.20 key "rpz-view";
};
notify explicit;
notify-source 213.253.73.178;;
};
zone "rpz2" {
type slave;
file "/usr/local/etc/namedb/slave/rpz2";
masters {
91.240.246.27 key "rpz-cache-a.example.com";
};
allow-query {
13.147.178.148/32;
};
allow-transfer {
key "rpz-cache-a.example.com";
};
also-notify {
19.19.15.20 key "rpz-view";
};
notify explicit;
notify-source 211.5.163.170;;
};
zone "rpz3" {
type slave;
file "/usr/local/etc/namedb/slave/rpz3";
masters {
91.240.246.27 key "rpz-cache-a.example.com";
};
allow-query {
142.96.249.98/32;
};
allow-transfer {
key "rpz-cache-a.example.com";
};
also-notify {
19.19.15.20 key "rpz-view";
};
notify explicit;
notify-source 210.153.127.62;;
};
zone "rpz4" {
type slave;
file "/usr/local/etc/namedb/slave/rpz4";
masters {
91.240.246.27 key "rpz-cache-a.example.com";
};
allow-query {
6.43.66.238/32;
};
allow-transfer {
key "rpz-cache-a.example.com";
};
also-notify {
19.19.15.20 key "rpz-view";
};
notify explicit;
notify-source 62.229.219.157;;
};
zone "rpz5" {
type slave;
file "/usr/local/etc/namedb/slave/rpz5";
masters {
91.240.246.27 key "rpz-cache-a.example.com";
};
allow-query {
50.210.78.138/32;
};
allow-transfer {
key "rpz-cache-a.example.com";
};
also-notify {
19.19.15.20 key "rpz-view";
};
notify explicit;
notify-source 237.48.119.236;;
};
zone "rpz6" {
type slave;
file "/usr/local/etc/namedb/slave/rpz6";
masters {
91.240.246.27 key "rpz-cache-a.example.com";
};
allow-query {
109.218.17.134/32;
};
allow-transfer {
key "rpz-cache-a.example.com";
};
also-notify {
19.19.15.20 key "rpz-view";
};
notify explicit;
notify-source 96.171.92.11;;
};
zone "rpz7" {
type slave;
file "/usr/local/etc/namedb/slave/rpz7";
masters {
91.240.246.27 key "rpz-cache-a.example.com";
};
allow-query {
218.129.17.26/32;
};
allow-transfer {
key "rpz-cache-a.example.com";
};
also-notify {
19.19.15.20 key "rpz-view";
};
notify explicit;
notify-source 27.29.217.168;;
};
zone "rpz8" {
type slave;
file "/usr/local/etc/namedb/slave/rpz8";
masters {
91.240.246.27 key "rpz-cache-a.example.com";
};
allow-query {
83.199.254.17/32;
};
allow-transfer {
key "rpz-cache-a.example.com";
};
also-notify {
19.19.15.20 key "rpz-view";
};
notify explicit;
notify-source 154.94.36.42;;
};
zone "rpz9" {
type slave;
file "/usr/local/etc/namedb/slave/rpz9";
masters {
91.240.246.27 key "rpz-cache-a.example.com";
};
allow-query {
178.87.155.219/32;
};
allow-transfer {
key "rpz-cache-a.example.com";
};
also-notify {
19.19.15.20 key "rpz-view";
};
notify explicit;
notify-source 230.77.222.187;;
};
zone "." {
type slave;
file "/usr/local/etc/namedb/slave/root.slave";
masters {
19.0.2.13;
79ab:dd06:605b:561:762b:e160:1385:47e1::132;
19.0.47.13;
8260:de47:2d4b:9ab2:7542:6eb6:b50d:9ad9::132;
199.9.14.201;
192.33.4.12;
199.7.91.13;
192.5.5.241;
192.112.36.4;
193.0.14.129;
89cd:ba53:d074:fedf:29e4:9ce6:4eba:5a22::b;
5275:a2f1:e812:de11:8956:2285:95db:d61e::c;
242e:384d:eb15:18a0:54bb:158b:799a:3819::d;
cb63:f837:409a:a02f:dbe7:6021:71ab:b372::f;
b1f:4de1:1baa:7d5:f4d6:b73:ea1b:d86d::d0d;
2001:7fd::1;
};
notify no;
};
zone "arpa" {
type slave;
file "/usr/local/etc/namedb/slave/arpa.slave";
masters {
19.0.2.13;
7df6:2bab:443f:c5fb:c68:9a40:cef5:5188::132;
19.0.47.13;
e974:4389:5f9b:ead1:8bc4:369c:2681:171c::132;
};
notify no;
};
zone "in-addr.arpa" {
type slave;
file "/usr/local/etc/namedb/slave/in-addr.arpa.slave";
masters {
19.0.2.13;
80b3:a3ee:e2a4:8cca:889b:11c8:689f:4cc3::132;
19.0.47.13;
2c43:f632:a634:96e1:fad8:5bef:9d0:9a61::132;
};
notify no;
};
zone "ip6.arpa" {
type slave;
file "/usr/local/etc/namedb/slave/ip6.arpa.slave";
masters {
19.0.2.13;
7776:df13:e779:f65b:f783:2b41:16af:ca8b::132;
19.0.47.13;
cfc4:3b71:563d:a39:a850:86b:59f3:53::132;
};
notify no;
};
allow-recursion {
"any";
};
recursion yes;
resolver-query-timeout 3;
response-policy {
zone "rpz1";
zone "rpz2";
zone "rpz3";
zone "rpz4";
zone "rpz5";
zone "rpz6";
zone "rpz7";
zone "rpz8";
zone "rpz9";
} add-soa no;
allow-transfer {
"none";
};
};
view "internal" {
match-clients {
!key "rpz-cache-a.example.com";
key "tsig-example-com";
key "rpz-view";
"internal";
};
match-destinations {
40.23.47.168/32;
6dc9:679d:e391:3399:1e93:5657:ce85:7707::/128;
151.114.80.216/32;
146.182.176.45/32;
1143:e01c:12e4:52d3:36b8:3eb6:e90e:42e::4/128;
17.5.199.14/32;
eacd:7e10:eb85:fcf4:17e3:7d0b:b8be:bdb9::/128;
108.225.78.188/32;
bf76:bc65:c29d:b008:65b6:627a:f71e:529f::4/128;
85.105.141.119/32;
bad1:54c1:860f:dfb9:a6dd:eb41:d44:285b::197/128;
112.31.114.129/32;
::1/128;
};
zone "mm.example.com" IN {
type master;
file "/usr/local/etc/namedb/master/mm.example.com.zone";
allow-query {
!231.74.203.172/32;
!f2da:1f67:405:3c9d:2d89:5279:6b5e:4fec::/128;
!41.188.124.243/32;
!16.103.148.30/32;
!b9d8:96d0:3d8f:b9a4:2fd6:f47c:5522:5b6b::4/128;
!203.71.152.116/32;
!2750:cfe9:d198:53d2:abbb:1291:bb7e:4fdd::197/128;
!207.65.17.217/32;
!43f3:2756:14a2:cc2f:7f1a:88ca:7f36:8a13::5/128;
!131.13.240.72/32;
!a2bd:962:6c6d:6a4e:139:ff6c:af6:bbb4::5/128;
"any";
};
allow-transfer {
key "tsig-example-com";
};
also-notify {
92.240.64.1 key "tsig-example-com";
};
};
zone "rpz1" {
type slave;
file "/usr/local/etc/namedb/slave/view-rpz1";
masters {
19.19.15.20 key "rpz-cache-a.example.com";
};
allow-query {
"none";
};
allow-transfer {
"none";
};
transfer-source 19.19.15.20;
};
zone "rpz2" {
type slave;
file "/usr/local/etc/namedb/slave/view-rpz2";
masters {
19.19.15.20 key "rpz-cache-a.example.com";
};
allow-query {
"none";
};
allow-transfer {
"none";
};
transfer-source 19.19.15.20;
};
zone "rpz3" {
type slave;
file "/usr/local/etc/namedb/slave/view-rpz3";
masters {
19.19.15.20 key "rpz-cache-a.example.com";
};
allow-query {
"none";
};
allow-transfer {
"none";
};
transfer-source 19.19.15.20;
};
zone "rpz4" {
type slave;
file "/usr/local/etc/namedb/slave/view-rpz4";
masters {
19.19.15.20 key "rpz-cache-a.example.com";
};
allow-query {
"none";
};
allow-transfer {
"none";
};
transfer-source 19.19.15.20;
};
zone "rpz5" {
type slave;
file "/usr/local/etc/namedb/slave/view-rpz5";
masters {
19.19.15.20 key "rpz-cache-a.example.com";
};
allow-query {
"none";
};
allow-transfer {
"none";
};
transfer-source 19.19.15.20;
};
zone "rpz6" {
type slave;
file "/usr/local/etc/namedb/slave/view-rpz6";
masters {
19.19.15.20 key "rpz-cache-a.example.com";
};
allow-query {
"none";
};
allow-transfer {
"none";
};
transfer-source 19.19.15.20;
};
zone "rpz7" {
type slave;
file "/usr/local/etc/namedb/slave/view-rpz7";
masters {
19.19.15.20 key "rpz-cache-a.example.com";
};
allow-query {
"none";
};
allow-transfer {
"none";
};
transfer-source 19.19.15.20;
};
zone "rpz8" {
type slave;
file "/usr/local/etc/namedb/slave/view-rpz8";
masters {
19.19.15.20 key "rpz-cache-a.example.com";
};
allow-query {
"none";
};
allow-transfer {
"none";
};
transfer-source 19.19.15.20;
};
zone "rpz9" {
type slave;
file "/usr/local/etc/namedb/slave/view-rpz9";
masters {
19.19.15.20 key "rpz-cache-a.example.com";
};
allow-query {
"none";
};
allow-transfer {
"none";
};
transfer-source 19.19.15.20;
};
zone "." {
in-view "external";
};
zone "arpa" {
in-view "external";
};
zone "in-addr.arpa" {
in-view "external";
};
zone "ip6.arpa" {
in-view "external";
};
zone "localhost" {
type master;
file "/usr/local/etc/namedb/master/localhost-forward.db";
};
zone "127.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/master/localhost-reverse.db";
};
zone "255.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/master/empty.db";
};
zone "0.ip6.arpa" {
type master;
file "/usr/local/etc/namedb/master/localhost-reverse.db";
};
zone "0.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/master/empty.db";
};
zone "10.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/master/empty.db";
};
zone "16.172.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/master/empty.db";
};
zone "17.172.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/master/empty.db";
};
zone "18.172.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/master/empty.db";
};
zone "19.172.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/master/empty.db";
};
allow-recursion {
"internal";
};
attach-cache "external";
recursion yes;
response-policy {
zone "rpz1";
zone "rpz2";
zone "rpz3";
zone "rpz4";
zone "rpz5";
zone "rpz6";
zone "rpz7";
zone "rpz8";
zone "rpz9";
} add-soa no;
allow-transfer {
97.78.151.101/32;
};
};
view "nsz.example.com (nsz.ll.example.com), e164.example.com" {
match-destinations {
27.202.154.36/32;
};
zone "e164.example.com" {
type master;
file "/usr/local/etc/namedb/nsz.example.com/e164.example.com";
};
allow-recursion {
"none";
};
recursion no;
allow-transfer {
"none";
};
};
key "rndc-key" {
algorithm "hmac-md5";
secret "????????????????????????";
};
key "rpz-cache-a.example.com" {
algorithm "HMAC-SHA512";
secret "????????????????????????????????????????????????????????????????????????????????????????";
};
key "rpz-view" {
algorithm "hmac-sha512";
secret "????????????????????????????????????????????????????????????????????????????????????????";
};
key "tsig-example-com" {
algorithm "hmac-sha256";
secret "????????????????????????????????????????????";
};
server 165.127.201.72/32 {
keys "rpz-view";
};Relevant logs and/or screenshots
# gdb /usr/local/sbin/named named.core-2023-12-03
GNU gdb (GDB) 13.2 [GDB v13.2 for FreeBSD]
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.4".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/sbin/named...
[New LWP 101576]
[New LWP 101305]
[New LWP 101568]
[New LWP 101577]
[New LWP 101578]
[New LWP 101581]
[New LWP 101585]
[New LWP 101586]
[New LWP 101588]
[New LWP 101589]
[New LWP 101591]
Core was generated by `/usr/local/sbin/named -u bind -c /usr/local/etc/namedb/named.conf'.
Program terminated with signal SIGABRT, Aborted.
Sent by thr_kill() from pid 37226 and user 53.
#0 0x0000000800dfdbca in thr_kill () from /lib/libc.so.7
[Current thread is 1 (LWP 101576)]
(gdb) bt
#0 0x0000000800dfdbca in thr_kill () from /lib/libc.so.7
#1 0x0000000800dfbf94 in raise () from /lib/libc.so.7
#2 0x0000000800d74489 in abort () from /lib/libc.so.7
#3 0x00000000002402b0 in assertion_failed ()
#4 0x000000080031dd7a in isc_assertion_failed () from /usr/local/lib/libisc-9.18.20.so
#5 0x000000080030c948 in isc_nm_socket_type () from /usr/local/lib/libisc-9.18.20.so
#6 0x000000080034b036 in isc.nm_http_has_encryption () from /usr/local/lib/libisc-9.18.20.so
#7 0x00000008005acab8 in ns_client_checkaclsilent () from /usr/local/lib/libns-9.18.20.so
#8 0x00000008005b8429 in query_checkcacheaccess () from /usr/local/lib/libns-9.18.20.so
#9 0x00000008005c14c3 in query_additional_cb () from /usr/local/lib/libns-9.18.20.so
#10 0x00000008004c986c in additionaldata_ns () from /usr/local/lib/libdns-9.18.20.so
#11 0x00000008004e773a in dns_rdataset_additionaldata () from /usr/local/lib/libdns-9.18.20.so
#12 0x00000008005c0f79 in query_addrrset () from /usr/local/lib/libns-9.18.20.so
#13 0x00000008005c650e in query_addanswer () from /usr/local/lib/libns-9.18.20.so
#14 0x00000008005c39f0 in query_respond () from /usr/local/lib/libns-9.18.20.so
#15 0x00000008005bb380 in query_prepresponse () from /usr/local/lib/libns-9.18.20.so
#16 0x00000008005b9a84 in query_gotanswer () from /usr/local/lib/libns-9.18.20.so
#17 0x00000008005c9349 in query_resume () from /usr/local/lib/libns-9.18.20.so
#18 0x00000008005b5ebd in fetch_callback () from /usr/local/lib/libns-9.18.20.so
#19 0x000000080033d7e3 in isc_task_run () from /usr/local/lib/libisc-9.18.20.so
#20 0x000000080030d0e9 in isc.nm_async_task () from /usr/local/lib/libisc-9.18.20.so
#21 0x0000000800307676 in process_netievent () from /usr/local/lib/libisc-9.18.20.so
#22 0x000000080030cf66 in process_queue () from /usr/local/lib/libisc-9.18.20.so
#23 0x000000080030363d in async_cb () from /usr/local/lib/libisc-9.18.20.so
#24 0x0000000800a1b131 in ?? () from /usr/local/lib/libuv.so.1
#25 0x0000000800a2c9da in ?? () from /usr/local/lib/libuv.so.1
#26 0x0000000800a1b721 in uv_run () from /usr/local/lib/libuv.so.1
#27 0x000000080030372b in nm_thread () from /usr/local/lib/libisc-9.18.20.so
#28 0x00000008003467a6 in isc.trampoline_run () from /usr/local/lib/libisc-9.18.20.so
#29 0x0000000800c29fd6 in ?? () from /lib/libthr.so.3
#30 0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdfdfd000
(gdb) thread apply all bt full
Thread 11 (LWP 101591):
#0 0x0000000800c3927c in ?? () from /lib/libthr.so.3
No symbol table info available.
#1 0x0000000800c2bfc0 in ?? () from /lib/libthr.so.3
No symbol table info available.
#2 0x0000000800c3689f in ?? () from /lib/libthr.so.3
No symbol table info available.
#3 0x0000000800a28b69 in uv_cond_wait () from /usr/local/lib/libuv.so.1
No symbol table info available.
#4 0x0000000800a178f6 in ?? () from /usr/local/lib/libuv.so.1
No symbol table info available.
#5 0x0000000800c29fd6 in ?? () from /lib/libthr.so.3
No symbol table info available.
#6 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffddbf5000
Thread 10 (LWP 101589):
#0 0x0000000800c3927c in ?? () from /lib/libthr.so.3
No symbol table info available.
#1 0x0000000800c2bfc0 in ?? () from /lib/libthr.so.3
No symbol table info available.
#2 0x0000000800c3689f in ?? () from /lib/libthr.so.3
No symbol table info available.
#3 0x0000000800a28b69 in uv_cond_wait () from /usr/local/lib/libuv.so.1
No symbol table info available.
#4 0x0000000800a178f6 in ?? () from /usr/local/lib/libuv.so.1
No symbol table info available.
#5 0x0000000800c29fd6 in ?? () from /lib/libthr.so.3
No symbol table info available.
#6 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffde3f6000
Thread 9 (LWP 101588):
#0 0x0000000800c3927c in ?? () from /lib/libthr.so.3
No symbol table info available.
#1 0x0000000800c2bfc0 in ?? () from /lib/libthr.so.3
No symbol table info available.
#2 0x0000000800c3689f in ?? () from /lib/libthr.so.3
No symbol table info available.
#3 0x0000000800a28b69 in uv_cond_wait () from /usr/local/lib/libuv.so.1
No symbol table info available.
#4 0x0000000800a178f6 in ?? () from /usr/local/lib/libuv.so.1
No symbol table info available.
#5 0x0000000800c29fd6 in ?? () from /lib/libthr.so.3
No symbol table info available.
#6 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffdebf7000
Thread 8 (LWP 101586):
#0 0x0000000800c3927c in ?? () from /lib/libthr.so.3
No symbol table info available.
#1 0x0000000800c2bfc0 in ?? () from /lib/libthr.so.3
No symbol table info available.
#2 0x0000000800c3689f in ?? () from /lib/libthr.so.3
--Type <RET> for more, q to quit, c to continue without paging--c
No symbol table info available.
#3 0x0000000800a28b69 in uv_cond_wait () from /usr/local/lib/libuv.so.1
No symbol table info available.
#4 0x0000000800a178f6 in ?? () from /usr/local/lib/libuv.so.1
No symbol table info available.
#5 0x0000000800c29fd6 in ?? () from /lib/libthr.so.3
No symbol table info available.
#6 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffdf3f8000
Thread 7 (LWP 101585):
#0 0x0000000800c3927c in ?? () from /lib/libthr.so.3
No symbol table info available.
#1 0x0000000800c2bfc0 in ?? () from /lib/libthr.so.3
No symbol table info available.
#2 0x0000000800c3689f in ?? () from /lib/libthr.so.3
No symbol table info available.
#3 0x00000008009f0830 in ?? () from /usr/local/lib/libfstrm.so.0
No symbol table info available.
#4 0x0000000800c29fd6 in ?? () from /lib/libthr.so.3
No symbol table info available.
#5 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffdf5f9000
Thread 6 (LWP 101581 "isc-timer"):
#0 0x0000000800c3927c in ?? () from /lib/libthr.so.3
No symbol table info available.
#1 0x0000000800c2bfc0 in ?? () from /lib/libthr.so.3
No symbol table info available.
#2 0x0000000800c3689f in ?? () from /lib/libthr.so.3
No symbol table info available.
#3 0x000000080032090e in isc_condition_waituntil () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#4 0x00000008003422a3 in run () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#5 0x00000008003467a6 in isc.trampoline_run () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#6 0x0000000800c29fd6 in ?? () from /lib/libthr.so.3
No symbol table info available.
#7 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffdf7fa000
Thread 5 (LWP 101578 "isc-net-0003"):
#0 0x0000000800de8fba in _kevent () from /lib/libc.so.7
No symbol table info available.
#1 0x0000000800c2d0e3 in ?? () from /lib/libthr.so.3
No symbol table info available.
#2 0x0000000800a2c588 in ?? () from /usr/local/lib/libuv.so.1
No symbol table info available.
#3 0x0000000800a1b721 in uv_run () from /usr/local/lib/libuv.so.1
No symbol table info available.
#4 0x000000080030372b in nm_thread () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#5 0x00000008003467a6 in isc.trampoline_run () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#6 0x0000000800c29fd6 in ?? () from /lib/libthr.so.3
No symbol table info available.
#7 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffdf9fb000
Thread 4 (LWP 101577 "isc-net-0002"):
#0 0x0000000800de8fba in _kevent () from /lib/libc.so.7
No symbol table info available.
#1 0x0000000800c2d0e3 in ?? () from /lib/libthr.so.3
No symbol table info available.
#2 0x0000000800a2c588 in ?? () from /usr/local/lib/libuv.so.1
No symbol table info available.
#3 0x0000000800a1b721 in uv_run () from /usr/local/lib/libuv.so.1
No symbol table info available.
#4 0x000000080030372b in nm_thread () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#5 0x00000008003467a6 in isc.trampoline_run () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#6 0x0000000800c29fd6 in ?? () from /lib/libthr.so.3
No symbol table info available.
#7 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffdfbfc000
Thread 3 (LWP 101568 "isc-net-0000"):
#0 0x0000000800de8fba in _kevent () from /lib/libc.so.7
No symbol table info available.
#1 0x0000000800c2d0e3 in ?? () from /lib/libthr.so.3
No symbol table info available.
#2 0x0000000800a2c588 in ?? () from /usr/local/lib/libuv.so.1
No symbol table info available.
#3 0x0000000800a1b721 in uv_run () from /usr/local/lib/libuv.so.1
No symbol table info available.
#4 0x000000080030372b in nm_thread () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#5 0x00000008003467a6 in isc.trampoline_run () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#6 0x0000000800c29fd6 in ?? () from /lib/libthr.so.3
No symbol table info available.
#7 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffdfffe000
Thread 2 (LWP 101305):
#0 0x0000000800d94268 in _sigwait () from /lib/libc.so.7
No symbol table info available.
#1 0x0000000800c2f9ab in ?? () from /lib/libthr.so.3
No symbol table info available.
#2 0x000000080031d3ae in isc_app_ctxrun () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#3 0x000000080031d5fe in isc_app_run () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#4 0x000000000023fbf5 in main ()
No symbol table info available.
Thread 1 (LWP 101576 "isc-net-0001"):
#0 0x0000000800dfdbca in thr_kill () from /lib/libc.so.7
No symbol table info available.
#1 0x0000000800dfbf94 in raise () from /lib/libc.so.7
No symbol table info available.
#2 0x0000000800d74489 in abort () from /lib/libc.so.7
No symbol table info available.
#3 0x00000000002402b0 in assertion_failed ()
No symbol table info available.
#4 0x000000080031dd7a in isc_assertion_failed () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#5 0x000000080030c948 in isc_nm_socket_type () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#6 0x000000080034b036 in isc.nm_http_has_encryption () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#7 0x00000008005acab8 in ns_client_checkaclsilent () from /usr/local/lib/libns-9.18.20.so
No symbol table info available.
#8 0x00000008005b8429 in query_checkcacheaccess () from /usr/local/lib/libns-9.18.20.so
No symbol table info available.
#9 0x00000008005c14c3 in query_additional_cb () from /usr/local/lib/libns-9.18.20.so
No symbol table info available.
#10 0x00000008004c986c in additionaldata_ns () from /usr/local/lib/libdns-9.18.20.so
No symbol table info available.
#11 0x00000008004e773a in dns_rdataset_additionaldata () from /usr/local/lib/libdns-9.18.20.so
No symbol table info available.
#12 0x00000008005c0f79 in query_addrrset () from /usr/local/lib/libns-9.18.20.so
No symbol table info available.
#13 0x00000008005c650e in query_addanswer () from /usr/local/lib/libns-9.18.20.so
No symbol table info available.
#14 0x00000008005c39f0 in query_respond () from /usr/local/lib/libns-9.18.20.so
No symbol table info available.
#15 0x00000008005bb380 in query_prepresponse () from /usr/local/lib/libns-9.18.20.so
No symbol table info available.
#16 0x00000008005b9a84 in query_gotanswer () from /usr/local/lib/libns-9.18.20.so
No symbol table info available.
#17 0x00000008005c9349 in query_resume () from /usr/local/lib/libns-9.18.20.so
No symbol table info available.
#18 0x00000008005b5ebd in fetch_callback () from /usr/local/lib/libns-9.18.20.so
No symbol table info available.
#19 0x000000080033d7e3 in isc_task_run () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#20 0x000000080030d0e9 in isc.nm_async_task () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#21 0x0000000800307676 in process_netievent () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#22 0x000000080030cf66 in process_queue () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#23 0x000000080030363d in async_cb () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#24 0x0000000800a1b131 in ?? () from /usr/local/lib/libuv.so.1
No symbol table info available.
#25 0x0000000800a2c9da in ?? () from /usr/local/lib/libuv.so.1
No symbol table info available.
#26 0x0000000800a1b721 in uv_run () from /usr/local/lib/libuv.so.1
No symbol table info available.
#27 0x000000080030372b in nm_thread () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#28 0x00000008003467a6 in isc.trampoline_run () from /usr/local/lib/libisc-9.18.20.so
No symbol table info available.
#29 0x0000000800c29fd6 in ?? () from /lib/libthr.so.3
No symbol table info available.
#30 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x7fffdfdfd000(gdb) info threads
Id Target Id Frame
* 1 LWP 101576 "isc-net-0001" 0x0000000800dfdbca in thr_kill () from /lib/libc.so.7
2 LWP 101305 0x0000000800d94268 in _sigwait () from /lib/libc.so.7
3 LWP 101568 "isc-net-0000" 0x0000000800de8fba in _kevent () from /lib/libc.so.7
4 LWP 101577 "isc-net-0002" 0x0000000800de8fba in _kevent () from /lib/libc.so.7
5 LWP 101578 "isc-net-0003" 0x0000000800de8fba in _kevent () from /lib/libc.so.7
6 LWP 101581 "isc-timer" 0x0000000800c3927c in ?? () from /lib/libthr.so.3
7 LWP 101585 0x0000000800c3927c in ?? () from /lib/libthr.so.3
8 LWP 101586 0x0000000800c3927c in ?? () from /lib/libthr.so.3
9 LWP 101588 0x0000000800c3927c in ?? () from /lib/libthr.so.3
10 LWP 101589 0x0000000800c3927c in ?? () from /lib/libthr.so.3
11 LWP 101591 0x0000000800c3927c in ?? () from /lib/libthr.so.3