(Also sending to bind-users as bind-workers is scheduled to be shutdown.) >>> If I start named, then (without changing named.conf) do "rndc reconfig" >>> and then send named a DoT query (dig +tls or kdig +tls) named dies with >>> >>> Jan 11 13:45:53 dns named[78236]: netmgr/tlsdns.c:1517: fatal error: >>> Jan 11 13:45:53 dns named[78236]: RUNTIME_CHECK(csock->tls.tls != ((void >>> *)0)) failed >>> Jan 11 13:45:53 dns named[78236]: exiting (due to fatal error in library) >>> >>> and the following error message appears in the window where I started >>> named: >>> >>> isc_tls_create:SSL_new(0x803c3f000) -> error:140BA0E4:SSL >>> routines:SSL_new:ssl ctx has no default ssl version >>> Abort (core dumped) >> >> This smells of: >> >> https://gitlab.isc.org/isc-projects/bind9/-/issues/3053 >> >> which is fixed in the "main" branch, but not in BIND 9.17.21. Could you >> please retry with a build from the current "main" branch? > > Thank you for the speedy followup! The description / discussion from > the 3053 issue does indeed sound like my problem, *and* I can confirm > that a build from the current "main" branch solves the problem!
Followup: Unfortunately, this didn't solve the whole problem. While doing the above testing I was running named as root, in order to generate a core dump. When I'm now testing with named running as user bind (and then dropping privileges after startup), it seems to be unable to rebind to port 853 after an "rndc reconfigure". This is probably expected since 853 is a "privileged" port. The error messages I'm getting after an "rndc reconfig" are: Jan 24 12:41:25 dns named[6281]: listening on IPv4 interface lo0, 127.0.0.1#853 Jan 24 12:41:25 dns named[6281]: creating TLS socket: permission denied Jan 24 12:41:25 dns named[6281]: creating IPv4 interface lo0 failed; interface ignored Jan 24 12:41:25 dns named[6281]: no longer listening on 193.75.110.2#853 Jan 24 12:41:25 dns named[6281]: listening on IPv4 interface ixl1.15, 193.75.110.2#853 Jan 24 12:41:25 dns named[6281]: creating TLS socket: permission denied Jan 24 12:41:25 dns named[6281]: creating IPv4 interface ixl1.15 failed; interface ignored and the named process no longer listens on TCP port 853. Also tried this on 9.17.22, and the same problem occurs. Steinar Haug, Nethelp consulting, sth...@nethelp.no _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
