BIND 9.9.8 Assertion Failure

Neil neil20 at iprimus.com.au
Mon Oct 12 10:30:13 UTC 2015 

Hi Bind Community,

Had a BIND Crash on 9.9.8.
Any ideas?

12-Oct-2015 02:09:06.457 general: error: socket.c:5407: unexpected error:
12-Oct-2015 02:09:06.458 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 02:59:08.850 general: error: socket.c:5407: unexpected error:
12-Oct-2015 02:59:08.850 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 04:55:34.944 general: error: socket.c:5407: unexpected error:
12-Oct-2015 04:55:34.944 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 06:15:35.638 general: error: socket.c:5407: unexpected error:
12-Oct-2015 06:15:35.638 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 07:55:37.894 general: error: socket.c:5407: unexpected error:
12-Oct-2015 07:55:37.894 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 08:29:12.235 security: error: client 12.168.40.21#32469: view
host_resolver_trusted: request has invalid signature: TSIG
alexlembke.members.mac.com: tsig verify failure (BADKEY)
12-Oct-2015 08:35:39.175 general: error: socket.c:5407: unexpected error:
12-Oct-2015 08:35:39.176 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 08:49:17.268 general: error: socket.c:5407: unexpected error:
12-Oct-2015 08:49:17.268 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 08:50:37.524 general: error: socket.c:5407: unexpected error:
12-Oct-2015 08:50:37.524 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 09:39:10.215 general: error: socket.c:5407: unexpected error:
12-Oct-2015 09:39:10.215 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 10:15:40.924 general: error: socket.c:5407: unexpected error:
12-Oct-2015 10:15:40.924 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 10:29:08.849 general: error: socket.c:5407: unexpected error:
12-Oct-2015 10:29:08.850 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 11:15:41.259 general: error: socket.c:5407: unexpected error:
12-Oct-2015 11:15:41.260 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 12:49:38.443 general: error: socket.c:5407: unexpected error:
12-Oct-2015 12:49:38.443 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 19:39:08.302 general: error: socket.c:5407: unexpected error:
12-Oct-2015 19:39:08.302 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 20:15:49.022 general: error: socket.c:5407: unexpected error:
12-Oct-2015 20:15:49.023 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 20:35:49.056 general: error: socket.c:5407: unexpected error:
12-Oct-2015 20:35:49.056 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 21:01:47.916 general: critical: resolver.c:1784:
INSIST(fctx->references > 1) failed
12-Oct-2015 21:01:47.916 general: critical: exiting (due to assertion
failure)

Neil
-----Original Message-----
From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of Mukund Sivaraman
Sent: Monday, 12 October 2015 7:59 PM
To: Wolfgang Riedel [CISCO] <wolfgang at cisco.com>
Cc: bind-users at lists.isc.org
Subject: Re: RPZ - override TXT records {REP=5.6}

Hi Wolfgang

On Thu, Oct 08, 2015 at 11:25:14PM +0200, Wolfgang Riedel [CISCO] wrote:
> Hi Folks,
> 
> I am currently struggling with using RPZ for inserting or overriding 
> TXT resource records.
> 
> This is my goal:
> 
>    ; do not rewrite www.cisco.com (so, PASSTHRU) and add or override
>    missing metadata
>    www.cisco.com CNAME rpz-passthru.
>    www.cisco.com TXT     "CISCO-CLS=app-name:HTTP|app-class:TD"
> 
> What work's is that I can do one or the other but not both at the same 
> time if I need to use a CNAME.
> 
> This works:
> 
>    wolfgang.dns-as.org A       193.34.28.108
>    wolfgang.dns-as.org TXT     "CISCO-CLS=app-name:RPZ|app-class:TD"
> 
> but in reality this will not work for CDN or load-balanced sites which 
> don't have fixed IP address.
> 
> Any hint's what I am doing wrong?

You aren't doing anything wrong. Yours is a corner case.

I hope I understood what you're trying to do correctly: From the zone
comment, perhaps you want the TXT query type to return the TXT RDATA you've
supplied and everything else passthru to regular processing. It can't be
done as triggers don't use the question's TYPE field.

An alternative is to include all the RRs for that QNAME in the answer (your
second example). Yours is a weird case, because you can't use the following
in the policy zone which named wouldn't allow loading (it won't allow CNAME
to coexist):

www.cisco.com                  CNAME www.cisco.com.akadns.net.
www.cisco.com                  TXT   "CISCO-CLS=app-name:HTTP|app-class:TD"

So using the A record (your second example) or adding triggers for the
target of the CNAME record chain are your best bet. As the latter varies,
perhaps the former for your region would be best.

		Mukund

More information about the bind-users mailing list