SoftHSM 2 + OpenSSL 3 crashes
Summary
Repeated crashes every few seconds to few minutes during opendnssec activity.
Jan 14 17:15:28 registry2.1.quietfountain.com named[182105]: zone 2.quietfountain.com/IN (signed): sending notifies (serial 1705274034)
Jan 14 17:15:28 registry2.1.quietfountain.com named[182105]: client @0x7f3a64fc72f8 10.12.112.3#51784: received notify for zone 'b.0.e.0.0.0.0.0.0.0.0.1.0.0.c.f.ip6.arpa'
Jan 14 17:15:28 registry2.1.quietfountain.com systemd[1]: Started Process Core Dump (PID 185215/UID 0).
Jan 14 17:15:30 registry2.1.quietfountain.com systemd-coredump[185216]: [🡕] Process 182105 (named) of user 25 dumped core.
Stack trace of thread 182107:
#0 0x00007f3a7eca154c __pthread_kill_implementation (libc.so.6 + 0xa154c)
#1 0x00007f3a7ec54d06 raise (libc.so.6 + 0x54d06)
#2 0x00007f3a7ec287f3 abort (libc.so.6 + 0x287f3)
#3 0x00007f3a7ec29130 __libc_message.cold (libc.so.6 + 0x29130)
#4 0x00007f3a7ecab617 malloc_printerr (libc.so.6 + 0xab617)
#5 0x00007f3a7ecaf68c __libc_malloc (libc.so.6 + 0xaf68c)
#6 0x00007f3a6b2adb0c _Znwm (libstdc++.so.6 + 0xadb0c)
#7 0x00007f3a6b7b8aca _ZN7OSToken10getObjectsERSt3setIP8OSObjectSt4lessIS2_ESaIS2_EE (libsofthsm2.so + 0xa1aca)
#8 0x00007f3a6b76606b _ZN7SoftHSM17C_FindObjectsInitEmP13_CK_ATTRIBUTEm (libsofthsm2.so + 0x4f06b)
#9 0x00007f3a6b739eb8 C_FindObjectsInit (libsofthsm2.so + 0x22eb8)
#10 0x00007f3a7ea079fc pkcs11_enumerate_keys (pkcs11.so + 0x79fc)
#11 0x00007f3a7ea0ca63 ctx_load_key (pkcs11.so + 0xca63)
#12 0x00007f3a7ea0d45d load_privkey (pkcs11.so + 0xd45d)
#13 0x00007f3a7f165735 ENGINE_load_private_key (libcrypto.so.3 + 0x165735)
#14 0x00007f3a7f7abdf8 opensslrsa_parse (libdns-9.16.23-RH.so + 0x1abdf8)
#15 0x00007f3a7f79cbc1 dst_key_fromnamedfile (libdns-9.16.23-RH.so + 0x19cbc1)
#16 0x00007f3a7f79d4d7 dst_key_fromfile (libdns-9.16.23-RH.so + 0x19d4d7)
#17 0x00007f3a7f6698f2 dns_dnssec_findzonekeys (libdns-9.16.23-RH.so + 0x698f2)
#18 0x00007f3a7f76399f dns__zone_findkeys (libdns-9.16.23-RH.so + 0x16399f)
#19 0x00007f3a7f76a6d9 zone_sign.lto_priv.0 (libdns-9.16.23-RH.so + 0x16a6d9)
#20 0x00007f3a7f778279 zone_timer.lto_priv.0 (libdns-9.16.23-RH.so + 0x178279)
#21 0x00007f3a7f9131bd isc_task_run (libisc-9.16.23-RH.so + 0x571bd)
#22 0x00007f3a7f8fe2a9 process_netievent (libisc-9.16.23-RH.so + 0x422a9)
#23 0x00007f3a7f8fe425 process_queue (libisc-9.16.23-RH.so + 0x42425)
#24 0x00007f3a7f8fec17 async_cb (libisc-9.16.23-RH.so + 0x42c17)
#25 0x00007f3a7f44eb3d uv__async_io.part.0 (libuv.so.1 + 0xab3d)
#26 0x00007f3a7f46a85e uv__io_poll.part.0 (libuv.so.1 + 0x2685e)
#27 0x00007f3a7f4545a8 uv_run (libuv.so.1 + 0x105a8)
#28 0x00007f3a7f8fe4db nm_thread (libisc-9.16.23-RH.so + 0x424db)
#29 0x00007f3a7f910f9a isc__trampoline_run (libisc-9.16.23-RH.so + 0x54f9a)
#30 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#31 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182106:
#0 0x00007f3a7ec9db7a pthread_barrier_wait@@GLIBC_2.34 (libc.so.6 + 0x9db7a)
#1 0x00007f3a7f45e1fd uv_barrier_wait (libuv.so.1 + 0x1a1fd)
#2 0x00007f3a7f8f48c7 isc_nm_pause (libisc-9.16.23-RH.so + 0x388c7)
#3 0x00007f3a7f913993 isc_task_beginexclusive (libisc-9.16.23-RH.so + 0x57993)
#4 0x00007f3a78be7826 run_exclusive_enter (ldap.so + 0x14826)
#5 0x00007f3a78bec951 ldap_parse_master_zoneentry (ldap.so + 0x19951)
#6 0x00007f3a78beee3a update_zone (ldap.so + 0x1be3a)
#7 0x00007f3a7f9131bd isc_task_run (libisc-9.16.23-RH.so + 0x571bd)
#8 0x00007f3a7f8fe2a9 process_netievent (libisc-9.16.23-RH.so + 0x422a9)
#9 0x00007f3a7f8fe425 process_queue (libisc-9.16.23-RH.so + 0x42425)
#10 0x00007f3a7f8fec17 async_cb (libisc-9.16.23-RH.so + 0x42c17)
#11 0x00007f3a7f44eb3d uv__async_io.part.0 (libuv.so.1 + 0xab3d)
#12 0x00007f3a7f46a85e uv__io_poll.part.0 (libuv.so.1 + 0x2685e)
#13 0x00007f3a7f4545a8 uv_run (libuv.so.1 + 0x105a8)
#14 0x00007f3a7f8fe4db nm_thread (libisc-9.16.23-RH.so + 0x424db)
#15 0x00007f3a7f910f9a isc__trampoline_run (libisc-9.16.23-RH.so + 0x54f9a)
#16 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#17 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182115:
#0 0x00007f3a7ec9c39a __futex_abstimed_wait_common (libc.so.6 + 0x9c39a)
#1 0x00007f3a7ec9eea4 pthread_cond_timedwait@@GLIBC_2.3.2 (libc.so.6 + 0x9eea4)
#2 0x00007f3a7f922a90 isc_condition_waituntil (libisc-9.16.23-RH.so + 0x66a90)
#3 0x00007f3a78befbcb syncrepl_update (ldap.so + 0x1cbcb)
#4 0x00007f3a78bf0344 ldap_sync_search_entry (ldap.so + 0x1d344)
#5 0x00007f3a78ba7bfa ldap_sync_search_entry (libldap.so.2 + 0x45bfa)
#6 0x00007f3a78ba856b ldap_sync_poll (libldap.so.2 + 0x4656b)
#7 0x00007f3a78bf1591 ldap_sync_doit (ldap.so + 0x1e591)
#8 0x00007f3a78bf1a33 ldap_syncrepl_watcher.lto_priv.0 (ldap.so + 0x1ea33)
#9 0x00007f3a7f910f9a isc__trampoline_run (libisc-9.16.23-RH.so + 0x54f9a)
#10 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#11 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182111:
#0 0x00007f3a7ed4e84e epoll_wait (libc.so.6 + 0x14e84e)
#1 0x00007f3a7f91c48c netthread (libisc-9.16.23-RH.so + 0x6048c)
#2 0x00007f3a7f910f9a isc__trampoline_run (libisc-9.16.23-RH.so + 0x54f9a)
#3 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#4 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182112:
#0 0x00007f3a7ed4e84e epoll_wait (libc.so.6 + 0x14e84e)
#1 0x00007f3a7f91c48c netthread (libisc-9.16.23-RH.so + 0x6048c)
#2 0x00007f3a7f910f9a isc__trampoline_run (libisc-9.16.23-RH.so + 0x54f9a)
#3 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#4 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182113:
#0 0x00007f3a7ed4e84e epoll_wait (libc.so.6 + 0x14e84e)
#1 0x00007f3a7f91c48c netthread (libisc-9.16.23-RH.so + 0x6048c)
#2 0x00007f3a7f910f9a isc__trampoline_run (libisc-9.16.23-RH.so + 0x54f9a)
#3 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#4 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182114:
#0 0x00007f3a7ed4e84e epoll_wait (libc.so.6 + 0x14e84e)
#1 0x00007f3a7f91c48c netthread (libisc-9.16.23-RH.so + 0x6048c)
#2 0x00007f3a7f910f9a isc__trampoline_run (libisc-9.16.23-RH.so + 0x54f9a)
#3 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#4 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182629:
#0 0x00007f3a7ec9c39a __futex_abstimed_wait_common (libc.so.6 + 0x9c39a)
#1 0x00007f3a7ec9eba0 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x9eba0)
#2 0x00007f3a7f4640ed uv_cond_wait (libuv.so.1 + 0x200ed)
#3 0x00007f3a7f457966 worker (libuv.so.1 + 0x13966)
#4 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#5 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182105:
#0 0x00007f3a7ec55aca __sigtimedwait (libc.so.6 + 0x55aca)
#1 0x00007f3a7ec5510c sigwait (libc.so.6 + 0x5510c)
#2 0x00007f3a7f8e1a33 isc_app_ctxrun (libisc-9.16.23-RH.so + 0x25a33)
#3 0x00007f3a7f8e1cfc isc_app_run (libisc-9.16.23-RH.so + 0x25cfc)
#4 0x000055747eb2645a main (named + 0x1d45a)
#5 0x00007f3a7ec3feb0 __libc_start_call_main (libc.so.6 + 0x3feb0)
#6 0x00007f3a7ec3ff60 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x3ff60)
#7 0x000055747eb26f85 _start (named + 0x1df85)
Stack trace of thread 182109:
#0 0x00007f3a7ec3ee5d syscall (libc.so.6 + 0x3ee5d)
#1 0x00007f3a7f4669cb uv__udp_sendmmsg.lto_priv.0 (libuv.so.1 + 0x229cb)
#2 0x00007f3a7f457288 uv_udp_send (libuv.so.1 + 0x13288)
#3 0x00007f3a7f8f8d56 isc__nm_async_udpsend (libisc-9.16.23-RH.so + 0x3cd56)
#4 0x00007f3a7f8f9124 isc__nm_udp_send (libisc-9.16.23-RH.so + 0x3d124)
#5 0x00007f3a7f9b6143 client_sendpkg (libns-9.16.23-RH.so + 0xf143)
#6 0x00007f3a7f9bd3ec ns_client_send (libns-9.16.23-RH.so + 0x163ec)
#7 0x00007f3a7f9bd5ab ns_notify_start (libns-9.16.23-RH.so + 0x165ab)
#8 0x00007f3a7f9c1213 ns__client_request (libns-9.16.23-RH.so + 0x1a213)
#9 0x00007f3a7f8f8731 isc__nm_async_readcb (libisc-9.16.23-RH.so + 0x3c731)
#10 0x00007f3a7f8f8879 isc__nm_readcb (libisc-9.16.23-RH.so + 0x3c879)
#11 0x00007f3a7f8fcff5 udp_recv_cb (libisc-9.16.23-RH.so + 0x40ff5)
#12 0x00007f3a7f4695ab uv__udp_io.lto_priv.0 (libuv.so.1 + 0x255ab)
#13 0x00007f3a7f46a85e uv__io_poll.part.0 (libuv.so.1 + 0x2685e)
#14 0x00007f3a7f4545a8 uv_run (libuv.so.1 + 0x105a8)
#15 0x00007f3a7f8fe4db nm_thread (libisc-9.16.23-RH.so + 0x424db)
#16 0x00007f3a7f910f9a isc__trampoline_run (libisc-9.16.23-RH.so + 0x54f9a)
#17 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#18 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182110:
#0 0x00007f3a7ec9c39a __futex_abstimed_wait_common (libc.so.6 + 0x9c39a)
#1 0x00007f3a7ec9eea4 pthread_cond_timedwait@@GLIBC_2.3.2 (libc.so.6 + 0x9eea4)
#2 0x00007f3a7f922a90 isc_condition_waituntil (libisc-9.16.23-RH.so + 0x66a90)
#3 0x00007f3a7f914cff run (libisc-9.16.23-RH.so + 0x58cff)
#4 0x00007f3a7f910f9a isc__trampoline_run (libisc-9.16.23-RH.so + 0x54f9a)
#5 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#6 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182630:
#0 0x00007f3a7ec9c39a __futex_abstimed_wait_common (libc.so.6 + 0x9c39a)
#1 0x00007f3a7ec9eba0 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x9eba0)
#2 0x00007f3a7f4640ed uv_cond_wait (libuv.so.1 + 0x200ed)
#3 0x00007f3a7f457966 worker (libuv.so.1 + 0x13966)
#4 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#5 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182628:
#0 0x00007f3a7ec9c39a __futex_abstimed_wait_common (libc.so.6 + 0x9c39a)
#1 0x00007f3a7ec9eba0 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x9eba0)
#2 0x00007f3a7f4640ed uv_cond_wait (libuv.so.1 + 0x200ed)
#3 0x00007f3a7f457966 worker (libuv.so.1 + 0x13966)
#4 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#5 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182631:
#0 0x00007f3a7ec9c39a __futex_abstimed_wait_common (libc.so.6 + 0x9c39a)
#1 0x00007f3a7ec9eba0 pthread_cond_wait@@GLIBC_2.3.2 (libc.so.6 + 0x9eba0)
#2 0x00007f3a7f4640ed uv_cond_wait (libuv.so.1 + 0x200ed)
#3 0x00007f3a7f457966 worker (libuv.so.1 + 0x13966)
#4 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#5 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
Stack trace of thread 182108:
#0 0x00007f3a7ec9c319 __futex_abstimed_wait_common (libc.so.6 + 0x9c319)
#1 0x00007f3a7eca5d8f pthread_rwlock_wrlock@@GLIBC_2.34 (libc.so.6 + 0xa5d8f)
#2 0x00007f3a7f1bd95d CRYPTO_THREAD_write_lock (libcrypto.so.3 + 0x1bd95d)
#3 0x00007f3a7ea066ce ctx_login (pkcs11.so + 0x66ce)
#4 0x00007f3a7ea0cb95 ctx_load_key (pkcs11.so + 0xcb95)
#5 0x00007f3a7ea0d45d load_privkey (pkcs11.so + 0xd45d)
#6 0x00007f3a7f165735 ENGINE_load_private_key (libcrypto.so.3 + 0x165735)
#7 0x00007f3a7f7abdf8 opensslrsa_parse (libdns-9.16.23-RH.so + 0x1abdf8)
#8 0x00007f3a7f79cbc1 dst_key_fromnamedfile (libdns-9.16.23-RH.so + 0x19cbc1)
#9 0x00007f3a7f79d4d7 dst_key_fromfile (libdns-9.16.23-RH.so + 0x19d4d7)
#10 0x00007f3a7f6698f2 dns_dnssec_findzonekeys (libdns-9.16.23-RH.so + 0x698f2)
#11 0x00007f3a7f76399f dns__zone_findkeys (libdns-9.16.23-RH.so + 0x16399f)
#12 0x00007f3a7f76a6d9 zone_sign.lto_priv.0 (libdns-9.16.23-RH.so + 0x16a6d9)
#13 0x00007f3a7f778279 zone_timer.lto_priv.0 (libdns-9.16.23-RH.so + 0x178279)
#14 0x00007f3a7f9131bd isc_task_run (libisc-9.16.23-RH.so + 0x571bd)
#15 0x00007f3a7f8fe2a9 process_netievent (libisc-9.16.23-RH.so + 0x422a9)
#16 0x00007f3a7f8fe425 process_queue (libisc-9.16.23-RH.so + 0x42425)
#17 0x00007f3a7f8fec17 async_cb (libisc-9.16.23-RH.so + 0x42c17)
#18 0x00007f3a7f44eb3d uv__async_io.part.0 (libuv.so.1 + 0xab3d)
#19 0x00007f3a7f46a85e uv__io_poll.part.0 (libuv.so.1 + 0x2685e)
#20 0x00007f3a7f4545a8 uv_run (libuv.so.1 + 0x105a8)
#21 0x00007f3a7f8fe4db nm_thread (libisc-9.16.23-RH.so + 0x424db)
#22 0x00007f3a7f910f9a isc__trampoline_run (libisc-9.16.23-RH.so + 0x54f9a)
#23 0x00007f3a7ec9f802 start_thread (libc.so.6 + 0x9f802)
#24 0x00007f3a7ec3f450 __clone3 (libc.so.6 + 0x3f450)
ELF object binary architecture: AMD x86-64
Jan 14 17:15:30 registry2.1.quietfountain.com systemd[1]: systemd-coredump@7-185215-0.service: Deactivated successfully.
Jan 14 17:15:30 registry2.1.quietfountain.com systemd[1]: systemd-coredump@7-185215-0.service: Consumed 1.133s CPU time.
Jan 14 17:15:30 registry2.1.quietfountain.com systemd[1]: named.service: Main process exited, code=dumped, status=6/ABRT
Jan 14 17:15:30 registry2.1.quietfountain.com systemd[1]: named.service: Failed with result 'core-dump'.
Jan 14 17:15:30 registry2.1.quietfountain.com systemd[1]: named.service: Consumed 1min 56.753s CPU time.
BIND version affected
[root@registry2 coredump]# named -V
BIND 9.16.23-RH (Extended Support Version) <id:fde3b1f>
running on Linux x86_64 5.14.0-362.13.1.el9_3.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 21 07:12:43 EST 2023
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/bin/python3' '--with-libtool' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--with-maxminddb' '--with-dlopen=yes' '--with-gssapi=yes' '--with-lmdb=yes' '--without-libjson' '--with-json-c' '--enable-dnstap' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS= -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 ' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
compiled by GCC 11.4.1 20230605 (Red Hat 11.4.1-2)
compiled with OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
linked to OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
compiled with libuv version: 1.42.0
linked to libuv version: 1.42.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.14
linked to json-c version: 0.14
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
default paths:
named configuration: /etc/named.conf
rndc configuration: /etc/rndc.conf
DNSSEC root key: /etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
geoip-directory: /usr/share/GeoIP
-->
Steps to reproduce
Just run opendnssec with several secured zones. It will die within seconds to minutes.
Relevant configuration files
[root@registry2 coredump]# named-checkconf -px
acl "trusted" {
"localnets";
"localhost";
192.168.172.0/26;
fc00:1000:0:b00::/64;
192.168.184.0/26;
fc00:1000:0:e00::/64;
192.168.188.0/26;
fc00:1000:0:f00::/64;
192.168.176.0/26;
fc00:1000:0:c00::/64;
192.168.160.0/26;
fc00:1000:0:800::/64;
192.168.169.128/29;
fc00:1003:a:7::/64;
192.168.169.136/29;
fc00:1003:a:107::/64;
192.168.169.144/29;
fc00:1003:a:207::/64;
192.168.169.152/29;
fc00:1003:a:307::/64;
192.168.169.160/29;
fc00:1003:a:407::/64;
192.168.169.168/29;
fc00:1003:a:507::/64;
192.168.169.176/29;
fc00:1003:a:607::/64;
192.168.169.184/29;
fc00:1003:a:707::/64;
192.168.169.192/29;
fc00:1003:a:8::/64;
192.168.169.200/29;
fc00:1003:a:108::/64;
192.168.169.208/29;
fc00:1003:a:208::/64;
192.168.169.216/29;
fc00:1003:a:308::/64;
192.168.169.224/29;
fc00:1003:a:408::/64;
192.168.169.232/29;
fc00:1003:a:508::/64;
192.168.169.240/29;
fc00:1003:a:608::/64;
192.168.169.248/29;
fc00:1003:a:708::/64;
10.12.112.0/20;
fc00:1002:c7::/64;
172.16.199.0/28;
fc00:1001:c7::/64;
192.168.168.128/26;
fc00:1003:a:3::/64;
192.168.164.0/23;
fc00:1003:9:1::/64;
192.168.169.0/26;
fc00:1003:a:5::/64;
192.168.168.0/26;
fc00:1003:a:1::/64;
192.168.168.192/26;
fc00:1003:a:4::/64;
192.168.166.0/23;
fc00:1003:9:9::/64;
192.168.169.64/26;
fc00:1003:a:6::/64;
192.168.168.64/26;
fc00:1003:a:2::/64;
192.168.180.0/26;
fc00:1000:0:d00::/64;
192.168.170.0/29;
fc00:1003:a:9::/64;
};
logging {
channel "default_debug" {
file "data/named.run";
severity dynamic;
print-time yes;
};
channel "named" {
file "data/named.log" versions 10 size 20971520;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "security" {
file "data/security.log" versions 10 size 20971520;
severity info;
print-time yes;
print-severity yes;
};
channel "dnssec" {
file "data/dnssec.log" versions 10 size 20971520;
severity info;
print-time yes;
print-severity yes;
};
channel "resolver" {
file "data/resolver.log" versions 10 size 20971520;
severity info;
print-time yes;
print-severity yes;
};
channel "query_log" {
file "data/query.log" versions 10 size 83886080;
severity info;
print-time yes;
print-severity yes;
};
channel "query_error" {
file "data/query_errors.log" versions 10 size 20971520;
severity info;
print-time yes;
print-severity yes;
};
channel "lame_servers" {
file "data/lame-servers.log" versions 10 size 20971520;
severity info;
print-time yes;
print-severity yes;
};
channel "capacity" {
file "data/capacity.log" versions 10 size 20971520;
severity info;
print-time yes;
print-severity yes;
};
channel "database" {
file "data/database.log" versions 10 size 20971520;
severity info;
print-time yes;
print-severity yes;
};
channel "update" {
file "data/update.log" versions 10 size 10485760;
severity info;
print-time yes;
print-severity yes;
};
category "default" {
"default_syslog";
"named";
};
category "general" {
"default_syslog";
"named";
};
category "security" {
"security";
};
category "queries" {
"query_log";
};
category "query-errors" {
"query_error";
};
category "lame-servers" {
"lame_servers";
};
category "dnssec" {
"dnssec";
};
category "edns-disabled" {
"default_syslog";
"resolver";
};
category "config" {
"default_syslog";
"named";
};
category "resolver" {
"resolver";
};
category "cname" {
"resolver";
};
category "spill" {
"capacity";
};
category "rate-limit" {
"capacity";
};
category "database" {
"database";
};
category "client" {
"default_syslog";
"named";
};
category "network" {
"default_syslog";
"named";
};
category "unmatched" {
"named";
};
category "delegation-only" {
"named";
};
category "update" {
"default_syslog";
"update";
};
category "update-security" {
"default_syslog";
"update";
};
};
options {
directory "/var/named";
dump-file "data/cache_dump.db";
managed-keys-directory "/var/named/dynamic";
memstatistics-file "data/named_mem_stats.txt";
pid-file "/run/named/named.pid";
statistics-file "data/named_stats.txt";
tkey-gssapi-keytab "/etc/named.keytab";
allow-query-cache {
"trusted";
};
allow-recursion {
"trusted";
};
disable-algorithms "." {
"RSAMD5";
"RSASHA1";
"NSEC3RSASHA1";
"DSA";
"NSEC3DSA";
"ECCGOST";
};
disable-ds-digests "." {
"SHA-1";
"GOST";
};
rate-limit {
errors-per-second 1;
exempt-clients {
"trusted";
};
nodata-per-second 2;
qps-scale 200;
responses-per-second 5;
window 1800;
};
allow-notify {
10.12.112.2/32;
};
allow-query {
"any";
};
also-notify {
10.12.112.2;
10.12.127.253;
10.12.127.252;
};
notify explicit;
};
dyndb "ipa" "/usr/lib64/bind/ldap.so" {
uri "ldapi://%2fvar%2frun%2fslapd-1-QUIETFOUNTAIN-COM.socket";
base "cn=dns,dc=1,dc=quietfountain,dc=com";
server_id "registry2.1.quietfountain.com";
auth_method "sasl";
sasl_mech "EXTERNAL";
krb5_keytab "FILE:/etc/named.keytab";
};
trust-anchors {
"." initial-ds 20326 8 2 "E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update {
"none";
};
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update {
"none";
};
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update {
"none";
};
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update {
"none";
};
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update {
"none";
};
};
Coredump files available