Debian Bug report logs -
#601830
bind9 freezes every now and then
Reported by: Benoit Panizzon <debian.bug@exp1210.spam.woody.ch>
Date: Sat, 30 Oct 2010 07:21:04 UTC
Severity: important
Found in versions bind9/1:9.7.1.dfsg.P2-2, bind9/1:9.7.3.dfsg-1~squeeze4
Fixed in versions bind9/1:9.7.3.dfsg-1, 1:9.7.3.dfsg-1~squeeze1
Done: Florian Weimer <fw@deneb.enyo.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#601830; Package bind9.
(Sat, 30 Oct 2010 07:21:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Benoit Panizzon <debian.bug@exp1210.spam.woody.ch>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>.
(Sat, 30 Oct 2010 07:21:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: bind9
Version: 1:9.7.1.dfsg.P2-2
Severity: important
Hello
I run a fully DNSSEC, Dynamic Update, IPv6 enabled bind.
I use bind for a rbl blacklist, so there are a lot of updates and requests to a signed zone.
I did use the same setup on lenny, and no problems occured.
After upgrading to squeeze, my bind9 freezes about once or twice a week.
Proccess is still present, but does not react to queries, nor to updates nor to rndc commands.
It connot be normaly killed. A kill -9 and restart ist the only fix.
Any ideas?
-Benoit-
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (700, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages bind9 depends on:
ii adduser 3.112 add and remove users and groups
ii bind9utils 1:9.7.1.dfsg.P2-2 Utilities for BIND
ii debconf [debconf-2.0] 1.5.36 Debian configuration management sy
ii libbind9-60 1:9.7.1.dfsg.P2-2 BIND9 Shared Library used by BIND
ii libc6 2.11.2-6+squeeze1 Embedded GNU C Library: Shared lib
ii libcap2 1:2.19-3 support for getting/setting POSIX.
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libdns66 1:9.7.1.dfsg.P2-2 DNS Shared Library used by BIND
ii libgssapi-krb5-2 1.8.3+dfsg-2 MIT Kerberos runtime libraries - k
ii libisc60 1:9.7.1.dfsg.P2-2 ISC Shared Library used by BIND
ii libisccc60 1:9.7.1.dfsg.P2-2 Command Channel Library used by BI
ii libisccfg60 1:9.7.1.dfsg.P2-2 Config File Handling Library used
ii libldap-2.4-2 2.4.23-6 OpenLDAP libraries
ii liblwres60 1:9.7.1.dfsg.P2-2 Lightweight Resolver Library used
ii libssl0.9.8 0.9.8o-2 SSL shared libraries
ii libxml2 2.7.7.dfsg-4 GNOME XML library
ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip
ii net-tools 1.60-23 The NET-3 networking toolkit
ii netbase 4.42 Basic TCP/IP networking system
bind9 recommends no packages.
Versions of packages bind9 suggests:
pn bind9-doc <none> (no description available)
ii dnsutils 1:9.7.1.dfsg.P2-2 Clients provided with BIND
pn resolvconf <none> (no description available)
pn ufw <none> (no description available)
-- Configuration Files:
/etc/bind/bind.keys [Errno 2] Datei oder Verzeichnis nicht gefunden: u'/etc/bind/bind.keys'
/etc/bind/named.conf changed:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
include "/etc/bind/named.conf.local";
/etc/bind/named.conf.default-zones [Errno 2] Datei oder Verzeichnis nicht gefunden: u'/etc/bind/named.conf.default-zones'
/etc/bind/named.conf.local changed:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
logging {
channel "querylog" { file "/var/log/bind/bind9-query.log" versions 3 size 100m; print-time yes; };
category queries { querylog; };
channel "dnssec_log" { file "/var/log/bind/bind9-dnssec.log" versions 3 size 20m; print-time yes; print-category yes; print-severity yes; severity debug 3; };
category dnssec { dnssec_log; };
};
// include "/etc/bind/trusted.keys";
include "/etc/bind/rndc.key";
managed-keys {
"." initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=";
};
// Trusted Networks:
acl "trusted" {
192.168.57.0/24;
157.161.57.0/27;
157.161.57.64/26;
157.161.4.0/24;
127.0.0.1;
::1/128;
2001:4060:dead:beef::/64;
2001:4060:dead:babe::/64;
2001:4060:1:4133::/64;
};
// add entries for other zones below here
// ======== WOODY ==========
//zone "128-27.194.238.80.in-addr.arpa" {
// type master;
// file "woody.ch.rev";
// allow-update {
// 80.238.194.128/27;
// ::ffff:80.238.194.128/27;
// ::1/128;
// 2001:08e0:abcd:16::/64;
// };
//};
zone "57.168.192.in-addr.arpa" {
type master;
file "57.168.192.in-addr.arpa.rev.signed";
allow-update {
157.161.57.0/27;
157.161.57.64/26;
127.0.0.1;
::ffff:157.161.57.0/27;
::1/128;
2001:4060:dead:beef::/64;
2001:4060:dead:babe::/64;
2001:4060:1:4133::/64;
};
};
zone "0-31.57.161.157.in-addr.arpa" {
type master;
file "woody.ch.rev.signed";
allow-update {
157.161.57.0/27;
157.161.57.64/26;
127.0.0.1;
::ffff:157.161.57.0/27;
::1/128;
2001:4060:dead:beef::/64;
2001:4060:dead:babe::/64;
2001:4060:1:4133::/64;
};
};
zone "64-79.57.161.157.in-addr.arpa" {
type master;
file "woody.ch.rev2.signed";
allow-update {
157.161.57.0/27;
157.161.57.64/26;
127.0.0.1;
::ffff:157.161.57.0/27;
::1/128;
2001:4060:dead:beef::/64;
2001:4060:dead:babe::/64;
2001:4060:1:4133::/64;
};
};
zone "144.161.157.in-addr.arpa" {
type master;
file "144.161.157.in-addr.arpa.rev.signed";
allow-update {
157.161.57.0/27;
157.161.57.64/26;
127.0.0.1;
::ffff:157.161.57.0/27;
::1/128;
2001:4060:dead:beef::/64;
2001:4060:dead:babe::/64;
2001:4060:1:4133::/64;
};
};
zone "d.a.e.d.0.6.0.4.1.0.0.2.ip6.arpa" {
type master;
file "d.a.e.d.0.6.0.4.1.0.0.2.ip6.arpa.signed";
allow-update { trusted; };
};
zone "woody.ch" {
type master;
file "woody.ch.hosts.signed";
allow-update {
157.161.57.0/27;
157.161.57.64/26;
::ffff:157.161.57.0/27;
::1/128;
2001:4060:dead:beef::/64;
2001:4060:dead:babe::/64;
2001:4060:1:4133::/64;
};
};
zone "FAX" {
type master;
file "FAX.hosts";
};
zone "blacklist.woody.ch" {
type master;
file "blacklist.woody.ch.hosts.signed";
allow-update {
157.161.57.0/27;
157.161.57.64/26;
::1/128;
2001:4060:dead:beef::/64;
2001:4060:dead:babe::/64;
2001:4060:1:4133::/64;
157.161.4.0/24;
};
};
zone "panizzon.ch" {
type master;
file "panizzon.ch.hosts.signed";
allow-update {
157.161.57.0/27;
157.161.57.64/26;
::1/128;
2001:4060:dead:beef::/64;
2001:4060:dead:babe::/64;
2001:4060:1:4133::/64;
157.161.4.0/24;
};
};
zone "panizzon.com" {
type master;
file "panizzon.com.hosts.signed";
allow-update {
157.161.57.0/27;
157.161.57.64/26;
::1/128;
2001:4060:dead:beef::/64;
2001:4060:dead:babe::/64;
2001:4060:1:4133::/64;
157.161.4.0/24;
};
};
// ========== RAX ===============
zone "rax.ch" {
type slave;
file "rax.ch.zone";
masters {
157.161.175.200;
157.161.6.10;
};
};
zone "kinglouis.ch" {
type slave;
file "kinglouis.ch.zone";
masters {
157.161.175.200;
};
};
// ========== SCOUTNET ==========
zone "scoutnet.org" {
type slave;
file "scoutnet.org.zone";
masters {
157.161.6.10;
};
};
zone "scoutnet.ch" {
type slave;
file "scoutnet.ch.zone";
masters {
157.161.6.10;
};
};
zone "scoutnet.fi" {
type slave;
file "scoutnet.fi.zone";
masters {
194.29.198.200;
};
};
zone "partiolaiset.com" {
type slave;
file "partiolaiset.com.zone";
masters {
194.29.198.200;
};
};
// ========== SCOUTLINK =========
zone "scoutlink.ch" {
type slave;
file "scoutlink.ch.zone";
masters {
157.161.6.10;
};
};
/*
zone "scoutlink.be" {
type slave;
file "scoutlink.be.zone";
masters {
94.75.211.134;
157.161.6.250;
};
};
*/
zone "scoutlink.net" {
type slave;
file "scoutlink.net.zone";
masters {
94.75.211.134;
89.238.76.88;
};
};
zone "scoutlink.org" {
type slave;
file "scoutlink.org.zone";
masters {
94.75.211.134;
89.238.76.88;
};
};
// ============ MOWGLI ============
zone "mowgli.ch" {
type slave;
file "mowgli.ch.zone";
notify no;
allow-transfer {"none";};
masters {
85.10.201.50;
};
};
zone "ethgen.de" {
type slave;
file "ethgen.de.zone";
notify no;
allow-transfer {"none";};
masters {
85.10.201.50;
};
};
/etc/bind/named.conf.options changed:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { 2001:4060:dead:beef::1; };
query-source-v6 2001:4060:dead:beef::1;
notify-source-v6 2001:4060:dead:beef::1;
allow-recursion { trusted; };
dnssec-enable yes;
dnssec-validation yes;
// dnssec-lookaside . trust-anchor dlv.isc.org.;
dnssec-lookaside auto;
key-directory "/etc/bind/keys";
};
-- debconf information:
bind9/different-configuration-file:
bind9/run-resolvconf: true
bind9/start-as-user: bind
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#601830; Package bind9.
(Fri, 25 Feb 2011 09:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Benoit Panizzon <panizzon@woody.ch>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Fri, 25 Feb 2011 09:33:03 GMT) (full text, mbox, link).
Message #10 received at 601830@bugs.debian.org (full text, mbox, reply):
https://www.isc.org/software/bind/advisories/cve-2011-0414
This looks exactly like what I'm experiencing.
I got a multi proccessor system, run DDNS blacklists, so I get a lot of DDNS
Updates per Minute and IXFR them to my secondaries.
I'll try the -n1 switch described as work-around to limmit bind to one thread.
Kind regards
-Benoit Panizzon-
--
SPAM SPAM SPAM SPAM / Hormel's new miracle meat in a can
Tastes fine, saves time. / If you want something grand, / Ask for SPAM!
- Hormel's 1937 jingle for SPAM
Hippopotomonstrosesquippedaliophobia sh: http://en.wikipedia.org/wiki/-phobia
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#601830; Package bind9.
(Fri, 04 Mar 2011 12:45:03 GMT) (full text, mbox, link).
Acknowledgement sent
to John Winters <john.winters@abingdon.org.uk>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Fri, 04 Mar 2011 12:45:03 GMT) (full text, mbox, link).
Message #15 received at 601830@bugs.debian.org (full text, mbox, reply):
I'm getting the same problem with a completely default bind9
installation. It's acting purely as a recursive resolver for local
processes on a lightly loaded machine.
The machine is a dual CPU PowerPC G5 and it locks up about once a day.
Stopping it by normal methods doesn't work and a "kill -9" is needed.
John
--
Abingdon School: A company limited by guarantee Registered in England
and Wales Company No. 3625063.
Registered Office: Stratton House Bath Street Abingdon OX14 3LA
Registered Charity No. 1071298.
All information in this message and attachments is confidential and may
be legally privileged.
Only intended recipients are authorised to use it.
E-mail transmissions are not guaranteed to be secure or error free and
the sender does not accept liability for such errors or omissions.
The company will not accept any liability in respect of such
communication that violates our e-mail policy.
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#601830; Package bind9.
(Tue, 08 Mar 2011 11:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to John Winters <john.winters@abingdon.org.uk>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Tue, 08 Mar 2011 11:15:03 GMT) (full text, mbox, link).
Message #20 received at 601830@bugs.debian.org (full text, mbox, reply):
After 4 days without lockups, it appears that the -n1 workaround is
effective.
Cheers,
John
--
Abingdon School: A company limited by guarantee Registered in England
and Wales Company No. 3625063.
Registered Office: Stratton House Bath Street Abingdon OX14 3LA
Registered Charity No. 1071298.
All information in this message and attachments is confidential and may
be legally privileged.
Only intended recipients are authorised to use it.
E-mail transmissions are not guaranteed to be secure or error free and
the sender does not accept liability for such errors or omissions.
The company will not accept any liability in respect of such
communication that violates our e-mail policy.
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#601830; Package bind9.
(Thu, 31 Mar 2011 07:39:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Benoit Panizzon <panizzon@woody.ch>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Thu, 31 Mar 2011 07:39:08 GMT) (full text, mbox, link).
Message #25 received at 601830@bugs.debian.org (full text, mbox, reply):
Same here
-n1 and not more lockups.
A security fix has just been released by debian.
DSA 2208-1
-Benoit-
--
SPAM SPAM SPAM SPAM / Hormel's new miracle meat in a can
Tastes fine, saves time. / If you want something grand, / Ask for SPAM!
- Hormel's 1937 jingle for SPAM
Hippopotomonstrosesquippedaliophobia sh: http://en.wikipedia.org/wiki/-phobia
Reply sent
to Florian Weimer <fw@deneb.enyo.de>:
You have taken responsibility.
(Thu, 31 Mar 2011 20:12:10 GMT) (full text, mbox, link).
Notification sent
to Benoit Panizzon <debian.bug@exp1210.spam.woody.ch>:
Bug acknowledged by developer.
(Thu, 31 Mar 2011 20:12:10 GMT) (full text, mbox, link).
Message #30 received at 601830-close@bugs.debian.org (full text, mbox, reply):
Version: 1:9.7.3.dfsg-1~squeeze1
* Benoit Panizzon:
> Hi Florian
>
> Finally :-)
>
> Please close bug: 601830
Thanks for the notice. Closing the bug.
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#601830; Package bind9.
(Fri, 10 Feb 2012 12:40:13 GMT) (full text, mbox, link).
Acknowledgement sent
to Thomas Kempf <tkempf@hueper.de>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Fri, 10 Feb 2012 12:40:19 GMT) (full text, mbox, link).
Message #35 received at 601830@bugs.debian.org (full text, mbox, reply):
Hi,
I'm running the 1:9.7.3.dfsg-1~squeeze4 with DDNS-Updates as described
above on a PowerPC G5 SMP machine and experience the same error as
described by Benoit.
The -n1 workaround cured the symptoms for the last week.
Kind regards
Tom
--
Thomas Kempf
fon + 49 7321 969845
fax + 49 7321 969890
tkempf@hueper.de
http://www.hueper.de
Werbeagentur Hüper GmbH
Im Brühl 1
89520 Heidenheim an der Brenz
Registergericht Amtsgericht Heidenheim an der Brenz
HRB 720441
Geschäftsführer
Peter Hüper
Bernd Weser
Marked as fixed in versions bind9/1:9.7.3.dfsg-1.
Request was from Andreas Beckmann <anbe@debian.org>
to control@bugs.debian.org.
(Mon, 04 Nov 2013 00:10:36 GMT) (full text, mbox, link).
Marked as found in versions bind9/1:9.7.3.dfsg-1~squeeze4.
Request was from Andreas Beckmann <anbe@debian.org>
to control@bugs.debian.org.
(Mon, 04 Nov 2013 00:10:37 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 02 Dec 2013 07:34:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:03:17 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon