Hi all, We've got some recursive-only servers running bind 9.8.1 on CentOS 6.9 (using 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.1 from the CentOS repos)
They've unexpectedly quit a couple of times in the last month, leaving errors like this in the logs: 09-May-2017 09:12:56.747 dnssec: info: validating @0x7f37dbf852e0: ntp1.glb.nist.gov A: no valid signature found 09-May-2017 09:12:56.831 dnssec: info: validating @0x7f37d7dd3100: www.puma.com.cdn.cloudflare.net A: no valid signature found 09-May-2017 09:12:58.172 dnssec: info: validating @0x7f37dbf852e0: cdnjs.cloudflare.com AAAA: no valid signature found 09-May-2017 09:12:59.470 dnssec: info: validating @0x7f37dbf832c0: cdnjs.com A: no valid signature found 09-May-2017 09:13:02.401 general: critical: validator.c:1861: INSIST(rdataset->type == ((dns_rdatatype_t)dns_rdatatype_dnskey)) failed, back trace 09-May-2017 09:13:02.401 general: critical: #0 0x7f3831b5007f in ?? 09-May-2017 09:13:02.401 general: critical: #1 0x7f38304afa9a in ?? 09-May-2017 09:13:02.401 general: critical: #2 0x7f383145eb4c in ?? 09-May-2017 09:13:02.401 general: critical: #3 0x7f3831466620 in ?? 09-May-2017 09:13:02.401 general: critical: #4 0x7f38304ce858 in ?? 09-May-2017 09:13:02.401 general: critical: #5 0x7f382fe83aa1 in ?? 09-May-2017 09:13:02.401 general: critical: #6 0x7f382f3e3bcd in ?? 09-May-2017 09:13:02.401 general: critical: exiting (due to assertion failure) The DNSSec validation errors which precede the validator.c assertion don't appear to trigger the bug when tested against an identical resolver. What's the best way for me to get more information about what's causing bind to quit? -Paul -- ---------------------------------------------------------------------- Paul Seward, Senior Systems Administrator, University of Bristol paul.sew...@bristol.ac.uk +44 (0)117 39 41148 GPG Key ID: E24DA8A2 GPG Fingerprint: 7210 4E4A B5FC 7D9C 39F8 5C3C 6759 3937 E24D A8A2
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
