Potential bug in Bind 9.16.23
Hi Community, I recently upgraded bind to 9.16.23, and a wired error occurs: the named could not start after the configuration is loaded (and any zone mentioned in the config). However, if loaded with the example config, and after the service is successfully started, I can replace the sample config with the previous config (`mv old.conf sample.conf`), and reconfig with rndc. In which case the Bind behaves totally normal and can also answer every zone it has loaded. I thought in the beginning that there's incompatibility in the conf file between versions, but named-checkconf returns 0 as exit code. bind version info: ``` $ named -V BIND 9.16.23-RH (Extended Support Version) running on Linux aarch64 5.4.17-2136.321.4.el8uek.aarch64 #2 SMP Wed Jun 28 17:52:50 PDT 2023 built by make with '--build=aarch64-redhat-linux-gnu' '--host=aarch64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/libexec/platform-python' '--with-libtool' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--with-maxminddb' '--with-dlopen=yes' '--with-gssapi=yes' '--with-lmdb=yes' '--without-libjson' '--with-json-c' '--enable-dnstap' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=aarch64-redhat-linux-gnu' 'host_alias=aarch64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' compiled by GCC 8.5.0 20210514 (Red Hat 8.5.0-18.0.2) compiled with OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021 linked to OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021 compiled with libuv version: 1.41.1 linked to libuv version: 1.41.1 compiled with libxml2 version: 2.9.7 linked to libxml2 version: 20907 compiled with json-c version: 0.13.1 linked to json-c version: 0.13.1 compiled with zlib version: 1.2.11 linked to zlib version: 1.2.11 linked to maxminddb version: 1.2.0 compiled with protobuf-c version: 1.3.0 linked to protobuf-c version: 1.3.0 threads support is enabled default paths: named configuration: /etc/named.conf rndc configuration: /etc/rndc.conf DNSSEC root key: /etc/bind.keys nsupdate session key: /var/run/named/session.key named PID file: /var/run/named/named.pid named lock file: /var/run/named/named.lock geoip-directory: /usr/share/GeoIP ` Met vriendelijke groet / Best regards, Jiaming Zhang -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Potential bug in Bind 9.16.23
The latest BIND 9.16 release is 9.16.42. You either need to upgrade to the latest release, preferably directly to 9.18.17. Alternatively, you should contact the supplier who provided you the outdated version. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 28. 7. 2023, at 10:04, Jiaming Zhang wrote: > > > Hi Community, > > I recently upgraded bind to 9.16.23, and a wired error occurs: the named > could not start after the configuration is loaded (and any zone mentioned in > the config). However, if loaded with the example config, and after the > service is successfully started, I can replace the sample config with the > previous config (`mv old.conf sample.conf`), and reconfig with rndc. In which > case the Bind behaves totally normal and can also answer every zone it has > loaded. > > I thought in the beginning that there's incompatibility in the conf file > between versions, but named-checkconf returns 0 as exit code. > > bind version info: > ``` > $ named -V > BIND 9.16.23-RH (Extended Support Version) > running on Linux aarch64 5.4.17-2136.321.4.el8uek.aarch64 #2 SMP Wed Jun 28 > 17:52:50 PDT 2023 > built by make with '--build=aarch64-redhat-linux-gnu' > '--host=aarch64-redhat-linux-gnu' '--program-prefix=' > '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' > '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' > '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' > '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' > '--mandir=/usr/share/man' '--infodir=/usr/share/info' > '--with-python=/usr/libexec/platform-python' '--with-libtool' > '--localstatedir=/var' '--with-pic' '--disable-static' > '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' > '--with-maxminddb' '--with-dlopen=yes' '--with-gssapi=yes' '--with-lmdb=yes' > '--without-libjson' '--with-json-c' '--enable-dnstap' '--enable-fixed-rrset' > '--enable-full-report' 'build_alias=aarch64-redhat-linux-gnu' > 'host_alias=aarch64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall > -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS > -fexceptions -fstack-protector-strong -grecord-gcc-switches > -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 > -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables > -fstack-clash-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now > -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' > 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' > compiled by GCC 8.5.0 20210514 (Red Hat 8.5.0-18.0.2) > compiled with OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021 > linked to OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021 > compiled with libuv version: 1.41.1 > linked to libuv version: 1.41.1 > compiled with libxml2 version: 2.9.7 > linked to libxml2 version: 20907 > compiled with json-c version: 0.13.1 > linked to json-c version: 0.13.1 > compiled with zlib version: 1.2.11 > linked to zlib version: 1.2.11 > linked to maxminddb version: 1.2.0 > compiled with protobuf-c version: 1.3.0 > linked to protobuf-c version: 1.3.0 > threads support is enabled > > default paths: > named configuration: /etc/named.conf > rndc configuration: /etc/rndc.conf > DNSSEC root key: /etc/bind.keys > nsupdate session key: /var/run/named/session.key > named PID file: /var/run/named/named.pid > named lock file: /var/run/named/named.lock > geoip-directory: /usr/share/GeoIP > ` > > Met vriendelijke groet / Best regards, > Jiaming Zhang > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Potential bug in Bind 9.16.23
Thanks I’ll try download from the official site, it seems oracle’s repo is really slow in catching up new updates. Met vriendelijke groet / Best regards, Jiaming Zhang Van: Ondřej Surý Verzonden: Friday, July 28, 2023 10:09:08 AM Aan: Jiaming Zhang CC: bind-users@lists.isc.org Onderwerp: Re: Potential bug in Bind 9.16.23 The latest BIND 9.16 release is 9.16.42. You either need to upgrade to the latest release, preferably directly to 9.18.17. Alternatively, you should contact the supplier who provided you the outdated version. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 28. 7. 2023, at 10:04, Jiaming Zhang wrote: Hi Community, I recently upgraded bind to 9.16.23, and a wired error occurs: the named could not start after the configuration is loaded (and any zone mentioned in the config). However, if loaded with the example config, and after the service is successfully started, I can replace the sample config with the previous config (`mv old.conf sample.conf`), and reconfig with rndc. In which case the Bind behaves totally normal and can also answer every zone it has loaded. I thought in the beginning that there's incompatibility in the conf file between versions, but named-checkconf returns 0 as exit code. bind version info: ``` $ named -V BIND 9.16.23-RH (Extended Support Version) running on Linux aarch64 5.4.17-2136.321.4.el8uek.aarch64 #2 SMP Wed Jun 28 17:52:50 PDT 2023 built by make with '--build=aarch64-redhat-linux-gnu' '--host=aarch64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/libexec/platform-python' '--with-libtool' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--with-maxminddb' '--with-dlopen=yes' '--with-gssapi=yes' '--with-lmdb=yes' '--without-libjson' '--with-json-c' '--enable-dnstap' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=aarch64-redhat-linux-gnu' 'host_alias=aarch64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' compiled by GCC 8.5.0 20210514 (Red Hat 8.5.0-18.0.2) compiled with OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021 linked to OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021 compiled with libuv version: 1.41.1 linked to libuv version: 1.41.1 compiled with libxml2 version: 2.9.7 linked to libxml2 version: 20907 compiled with json-c version: 0.13.1 linked to json-c version: 0.13.1 compiled with zlib version: 1.2.11 linked to zlib version: 1.2.11 linked to maxminddb version: 1.2.0 compiled with protobuf-c version: 1.3.0 linked to protobuf-c version: 1.3.0 threads support is enabled default paths: named configuration: /etc/named.conf rndc configuration: /etc/rndc.conf DNSSEC root key: /etc/bind.keys nsupdate session key: /var/run/named/session.key named PID file: /var/run/named/named.pid named lock file: /var/run/named/named.lock geoip-directory: /usr/share/GeoIP ` Met vriendelijke groet / Best regards, Jiaming Zhang -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
