DiG 9.3.6-P1 segfaults on CentOS

Fri Dec 10 00:10:18 UTC 2010

On Dec 9, 2010, at 1:16 PM, Brian Keefer wrote:

> This issue was initially reported to me by a customer running CentOS 5.5 x86_64.  I was able to duplicate it on CentOS 5.5 i386 with dig version:
> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
> 
> When doing a dig +trace to a DNSBL for a TXT record they're getting a segfault after making the final query (prior to displaying the answer).  I did a tcpdump of this behavior and saw two identical queries from the same source port with the same transaction ID 0.000074 seconds apart.  The responses were received 0.000745 seconds apart, from the same IP with the same transaction ID.
> 
> When I repeat the test through an intermediary resolver it only sends one query datagram and gets a single response (and doesn't crash).
> 
> Any ideas?
> 
> --
> bk

Downloading the tarball for bind-9.7.2-P1 from ftp.isc.org and building it from source fixed the segfault issue.

I'm still seeing a (possibly related) issue where if I do dig +trace txt <dnsbl record> it takes 6-10 seconds (measured by time(1)) to complete, all after printing the authoritative server for DNSBL (prior to printing answer).

If I do dig @<dnsbl.hostname> txt <dnsbl record> I get the same pause. If I do dig @<dnsbl IP> txt <dnsbl record> there is no pause.  There is also no pause if I do dig <dnsbl.hostname>.  It doesn't look like there's any issue resolving the A RR, so why the long pause with dig +trace or dig @hostname vs. dig @IP?

I'm only getting this behavior with this particular DNSBL, so far as I know.  The DNSBL runs a modified (only the back-end, SFAIK) version of rbldnsd.

--
bk