"rndc status" closed with ISC_R_DUPLICATE
An interesting dnssec
system test failure happened on Windows for 9.11.14:
...
I:dnssec:check that 'rndc signing' without arguments is handled (155)
I:dnssec:check that 'rndc signing -list' without zone is handled (156)
I:dnssec:check that 'rndc signing -clear' without additional arguments is handled (157)
I:dnssec:check that 'rndc signing -clear all' without zone is handled (158)
I:dnssec:check that 'rndc signing -nsec3param' without additional arguments is handled (159)
I:dnssec:check that 'rndc signing -nsec3param none' without zone is handled (160)
I:dnssec:check that 'rndc signing -nsec3param 1' without additional arguments is handled (161)
I:dnssec:check that 'rndc signing -nsec3param 1 0' without additional arguments is handled (162)
I:dnssec:check that 'rndc signing -nsec3param 1 0 0' without additional arguments is handled (163)
I:dnssec:check that 'rndc signing -nsec3param 1 0 0 -' without zone is handled (164)
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized,
* the key signing algorithm is incorrect, or
* the key is invalid.
I:dnssec:failed
I:dnssec:check that 'rndc signing -nsec3param' works with salt (165)
I:dnssec:check that 'rndc signing -nsec3param' works without salt (166)
I:dnssec:check that 'rndc signing -nsec3param' works with 'auto' as salt (167)
I:dnssec:check that 'rndc signing -nsec3param' with 'auto' as salt again generates a different salt (168)
...
It seems to me that a TCP connection opened by an rndc status
command was immediately torn down with the following log message:
12-Dec-2019 0:07:33.960 invalid command from 10.53.0.3#54441: duplicate
Apparently this log message is produced by one of the log_invalid()
calls in bin/named/controlconf.c:control_recvmessage()
, but I was unable to quickly determine which one it may be. Any ideas? This seems to happen rather rarely.