Hi Carlos On Thu, Apr 20, 2017 at 12:54:47AM -0300, Carlos Pizarro wrote: > Today the bind9 service crashed and this were the last few log lines when > it happened: > > Apr 19 20:46:23 host named[32115]: error (unexpected RCODE REFUSED) > resolving 'heroditus.touchtype-systems.com/A/IN': > 2400:cb00:2049:1::c629:defe#53 > Apr 19 20:46:23 host named[32115]: error (unexpected RCODE REFUSED) > resolving 'heroditus.touchtype-systems.com/A/IN': 64.68.192.10#53 > Apr 19 20:46:23 host named[32115]: error (unexpected RCODE REFUSED) > resolving 'heroditus.touchtype-systems.com/A/IN': 198.41.222.254#53 > Apr 19 20:46:23 host named[32115]: error (unexpected RCODE REFUSED) > resolving 'heroditus.touchtype-systems.com/A/IN': 64.68.196.10#53 > Apr 19 20:46:24 host named[32115]: error (unexpected RCODE REFUSED) > resolving 'heroditus.touchtype-systems.com/A/IN': > 2400:cb00:2049:1::a29f:1835#53 > Apr 19 20:46:24 host named[32115]: error (unexpected RCODE REFUSED) > resolving 'heroditus.touchtype-systems.com/A/IN': > 2400:cb00:2049:1::c629:defe#53 > Apr 19 20:46:24 host named[32115]: error (unexpected RCODE REFUSED) > resolving 'heroditus.touchtype-systems.com/A/IN': 198.41.222.254#53 > Apr 19 20:46:24 host named[32115]: resolver.c:4350: INSIST(fctx->type == > ((dns_rdatatype_t)dns_rdatatype_any) || fctx->type == > ((dns_rdatatype_t)dns_rdatatype_rrsig) || fctx->type == > ((dns_rdatatype_t)dns_rdatatype_sig)) failed, back trace > Apr 19 20:46:24 host named[32115]: #0 0x7f4aebd27a00 in ?? > Apr 19 20:46:24 host named[32115]: #1 0x7f4ae9f038ea in ?? > Apr 19 20:46:24 host named[32115]: #2 0x7f4aeb5e914e in ?? > Apr 19 20:46:24 host named[32115]: #3 0x7f4ae9f25d5b in ?? > Apr 19 20:46:24 host named[32115]: #4 0x7f4ae98d6064 in ?? > Apr 19 20:46:24 host named[32115]: #5 0x7f4ae92a462d in ?? > Apr 19 20:46:24 host named[32115]: exiting (due to assertion failure) > > ( Same log on Pastebin https://pastebin.com/a1K0L3wJ ) > > > Looking at the code line where it crashed I thought that it was related > to CVE-2016-9131 but it was patched already on this Debian build: > > http://metadata.ftp-master.debian.org/changelogs/main/b/bind9/bind9_9.9.5.dfsg-9+deb8u10_changelog > > > Does anyone has any insight on what may be happening? I'm trying to avoid > backporting the newest BIND from Stretch but I would if this won't happen > on that version but I'm unsure as changelog seems to be quite similar to > the changelog of my version: > > http://metadata.ftp-master.debian.org/changelogs/main/b/bind9/bind9_9.10.3.dfsg.P4-12.1_changelog
This should be covered by the fix for CVE-2017-3137. See the following link: https://security-tracker.debian.org/tracker/CVE-2017-3137 Mukund
signature.asc
Description: PGP signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
