BIND 9.9.8 Assertion Failure {REP=5.5}

Neil neil20 at iprimus.com.au
Mon Oct 12 13:06:51 UTC 2015 

Hi Wah,

 

RHEL 6.7

 

BIND 9.9.8 (Extended Support Version) <id:2d6d4ba>

built by make with '--prefix=/usr/local' '--enable-threads' '--enable-fixed-rrset' '--enable-fetchlimit' '--with-openssl=/usr' '--with-libtool' '--with-make-clean'

 

Just did another recompile as you said, What would the cause be?

 

Thinking of going back to some other version.

 

 

From: Wah Peng [mailto:wah_peng at yahoo.com.sg] 
Sent: Monday, 12 October 2015 10:37 PM
To: Neil <neil20 at iprimus.com.au>
Cc: bind-users at lists.isc.org
Subject: Re: BIND 9.9.8 Assertion Failure {REP=5.5}

 

What system and what release of BIND?

I met this similiar issue months ago and I just recompiled from the source then the problem got fixed.

regards,

Wah.

 

2015-10-12 18:30 GMT+08:00 Neil <neil20 at iprimus.com.au <mailto:neil20 at iprimus.com.au> >:

Hi Bind Community,

Had a BIND Crash on 9.9.8.
Any ideas?

12-Oct-2015 02:09:06.457 general: error: socket.c:5407: unexpected error:
12-Oct-2015 02:09:06.458 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 02:59:08.850 general: error: socket.c:5407: unexpected error:
12-Oct-2015 02:59:08.850 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 04:55:34.944 general: error: socket.c:5407: unexpected error:
12-Oct-2015 04:55:34.944 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 06:15:35.638 general: error: socket.c:5407: unexpected error:
12-Oct-2015 06:15:35.638 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 07:55:37.894 general: error: socket.c:5407: unexpected error:
12-Oct-2015 07:55:37.894 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 08:29:12.235 security: error: client 12.168.40.21#32469: view
host_resolver_trusted: request has invalid signature: TSIG
alexlembke.members.mac.com <http://alexlembke.members.mac.com> : tsig verify failure (BADKEY)
12-Oct-2015 08:35:39.175 general: error: socket.c:5407: unexpected error:
12-Oct-2015 08:35:39.176 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 08:49:17.268 general: error: socket.c:5407: unexpected error:
12-Oct-2015 08:49:17.268 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 08:50:37.524 general: error: socket.c:5407: unexpected error:
12-Oct-2015 08:50:37.524 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 09:39:10.215 general: error: socket.c:5407: unexpected error:
12-Oct-2015 09:39:10.215 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 10:15:40.924 general: error: socket.c:5407: unexpected error:
12-Oct-2015 10:15:40.924 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 10:29:08.849 general: error: socket.c:5407: unexpected error:
12-Oct-2015 10:29:08.850 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 11:15:41.259 general: error: socket.c:5407: unexpected error:
12-Oct-2015 11:15:41.260 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 12:49:38.443 general: error: socket.c:5407: unexpected error:
12-Oct-2015 12:49:38.443 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 19:39:08.302 general: error: socket.c:5407: unexpected error:
12-Oct-2015 19:39:08.302 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 20:15:49.022 general: error: socket.c:5407: unexpected error:
12-Oct-2015 20:15:49.023 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 20:35:49.056 general: error: socket.c:5407: unexpected error:
12-Oct-2015 20:35:49.056 general: error: connect(0.0.0.1#53) 22/Invalid
argument
12-Oct-2015 21:01:47.916 general: critical: resolver.c:1784:
INSIST(fctx->references > 1) failed
12-Oct-2015 21:01:47.916 general: critical: exiting (due to assertion
failure)

Neil
-----Original Message-----
From: bind-users-bounces at lists.isc.org <mailto:bind-users-bounces at lists.isc.org> 
[mailto:bind-users-bounces at lists.isc.org <mailto:bind-users-bounces at lists.isc.org> ] On Behalf Of Mukund Sivaraman
Sent: Monday, 12 October 2015 7:59 PM
To: Wolfgang Riedel [CISCO] <wolfgang at cisco.com <mailto:wolfgang at cisco.com> >
Cc: bind-users at lists.isc.org <mailto:bind-users at lists.isc.org> 
Subject: Re: RPZ - override TXT records {REP=5.6}

Hi Wolfgang

On Thu, Oct 08, 2015 at 11:25:14PM +0200, Wolfgang Riedel [CISCO] wrote:
> Hi Folks,
>
> I am currently struggling with using RPZ for inserting or overriding
> TXT resource records.
>
> This is my goal:
>
>    ; do not rewrite www.cisco.com <http://www.cisco.com>  (so, PASSTHRU) and add or override
>    missing metadata
>    www.cisco.com <http://www.cisco.com>  CNAME rpz-passthru.
>    www.cisco.com <http://www.cisco.com>  TXT     "CISCO-CLS=app-name:HTTP|app-class:TD"
>
> What work's is that I can do one or the other but not both at the same
> time if I need to use a CNAME.
>
> This works:
>
>    wolfgang.dns-as.org <http://wolfgang.dns-as.org>  A       193.34.28.108
>    wolfgang.dns-as.org <http://wolfgang.dns-as.org>  TXT     "CISCO-CLS=app-name:RPZ|app-class:TD"
>
> but in reality this will not work for CDN or load-balanced sites which
> don't have fixed IP address.
>
> Any hint's what I am doing wrong?

You aren't doing anything wrong. Yours is a corner case.

I hope I understood what you're trying to do correctly: From the zone
comment, perhaps you want the TXT query type to return the TXT RDATA you've
supplied and everything else passthru to regular processing. It can't be
done as triggers don't use the question's TYPE field.

An alternative is to include all the RRs for that QNAME in the answer (your
second example). Yours is a weird case, because you can't use the following
in the policy zone which named wouldn't allow loading (it won't allow CNAME
to coexist):

www.cisco.com <http://www.cisco.com>                   CNAME www.cisco.com.akadns.net <http://www.cisco.com.akadns.net> .
www.cisco.com <http://www.cisco.com>                   TXT   "CISCO-CLS=app-name:HTTP|app-class:TD"

So using the A record (your second example) or adding triggers for the
target of the CNAME record chain are your best bet. As the latter varies,
perhaps the former for your region would be best.

                Mukund

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org <mailto:bind-users at lists.isc.org> 
https://lists.isc.org/mailman/listinfo/bind-users

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20151013/6888c6bb/attachment.html>

More information about the bind-users mailing list