No response from localhost with "allow-query { any; };"

Axel Rau Axel.Rau at chaos1.de
Tue Sep 1 20:28:57 UTC 2020 

tcp queries are being answered, but udp queries receive no response.
This is independent of client location (local, remote).

A ktrace shows 8 bytes are written on fd 89, the 8 bytes read on fd 88.
The next read gets an errno 35 (see below).

clueless,
Axel


root at ns5:/var/log # uname -a
FreeBSD ns5 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC  amd64

root at ns5:/var/log # named -V
BIND 9.16.6 (Stable Release) <id:25846cf>
running on FreeBSD amd64 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC
built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
compiled by CLANG 4.2.1 Compatible FreeBSD Clang 8.0.1 (tags/RELEASE_801/final 366581)
compiled with OpenSSL version: OpenSSL 1.1.1d-freebsd  10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d-freebsd  10 Sep 2019
compiled with libuv version: 1.38.1
linked to libuv version: 1.38.1
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
compiled with protobuf-c version: 1.3.2
linked to protobuf-c version: 1.3.2
threads support is enabled

23480 isc-socket-0 STRU  struct kevent[] = { { ident=512, filter=EVFILT_READ, flags=0, fflags=0, data=0x35, udata=0x0 } }
 23480 isc-socket-0 RET   kevent 0x1
 23480 isc-socket-0 CALL  recvmsg(0x200,0x7fffdbddbb70,0)
 23480 isc-socket-0 GIO   fd 512 read 53 bytes
       0x0000 552a 0120 0001 0000 0000 0001 0377 7777  |U*. .........www|
       0x0010 0568 6569 7365 0264 6500 0001 0001 0000  |.heise.de.......|
       0x0020 2910 0000 0000 0000 0c00 0a00 0810 a161  |)..............a|
       0x0030 cea7 9c05 fa                             |.....|

 23480 isc-socket-0 STRU  struct sockaddr { AF_INET, 193.105.105.1:56885 }
 23480 isc-socket-0 RET   recvmsg 0x35
 23480 isc-socket-0 CALL  _umtx_op(0x802f38bb8,0x15,0x1,0,0)
 23480 isc-socket-0 RET   _umtx_op 0
 23480 isc-socket-0 CALL  kevent(0x5a,0x7fffdbddbec0,0x1,0,0,0)
 23480 isc-socket-0 STRU  struct kevent[] = { { ident=512, filter=EVFILT_READ, flags=0x2<EV_DELETE>, fflags=0, data=0, udata=0x0 } }
 23480 isc-socket-0 STRU  struct kevent[] = {  }
 23480 isc-socket-0 RET   kevent 0
 23480 isc-socket-0 CALL  kevent(0x5a,0,0,0x802fa7200,0x800,0)
 23480 isc-socket-0 STRU  struct kevent[] = {  }
 23480 isc-worker0000 RET   _umtx_op 0
 23480 isc-worker0000 CALL  recvmsg(0x200,0x7fffddfec9c0,0)
 23480 isc-worker0000 RET   recvmsg -1 errno 35
 23480 isc-worker0000 CALL  write(0x59,0x7fffddfecbc0,0x8)
 23480 isc-worker0000 GIO   fd 89 wrote 8 bytes
       0x0000 0002 0000 fdff ffff                      |........|

 23480 isc-worker0000 RET   write 0x8
 23480 isc-worker0000 CALL  _umtx_op(0x80178f188,0xf,0,0,0)
 23480 isc-socket-0 STRU  struct kevent[] = { { ident=88, filter=EVFILT_READ, flags=0, fflags=0, data=0x8, udata=0x0 } }
 23480 isc-socket-0 RET   kevent 0x1
 23480 isc-socket-0 CALL  read(0x58,0x7fffdbddbe40,0x8)
 23480 isc-socket-0 GIO   fd 88 read 8 bytes
       0x0000 0002 0000 fdff ffff                      |........|

 23480 isc-socket-0 RET   read 0x8
 23480 isc-socket-0 CALL  kevent(0x5a,0x7fffdbddbec0,0x1,0,0,0)
 23480 isc-socket-0 STRU  struct kevent[] = { { ident=512, filter=EVFILT_READ, flags=0x1<EV_ADD>, fflags=0, data=0, udata=0x0 } }
 23480 isc-socket-0 STRU  struct kevent[] = {  }
 23480 isc-socket-0 RET   kevent 0
 23480 isc-socket-0 CALL  read(0x58,0x7fffdbddbe40,0x8)
 23480 isc-socket-0 RET   read -1 errno 35
 23480 isc-socket-0 CALL  kevent(0x5a,0,0,0x802fa7200,0x800,0)
 23480 isc-socket-0 STRU  struct kevent[] = {  }
 23480 isc-socket-0 STRU  struct kevent[] = { { ident=512, filter=EVFILT_READ, flags=0, fflags=0, data=0x35, udata=0x0 } }
 23480 isc-socket-0 RET   kevent 0x1
 23480 isc-socket-0 CALL  recvmsg(0x200,0x7fffdbddbb70,0)
 23480 isc-socket-0 GIO   fd 512 read 53 bytes
       0x0000 552a 0120 0001 0000 0000 0001 0377 7777  |U*. .........www|
       0x0010 0568 6569 7365 0264 6500 0001 0001 0000  |.heise.de.......|
       0x0020 2910 0000 0000 0000 0c00 0a00 0810 a161  |)..............a|
       0x0030 cea7 9c05 fa                             |.....|
. . .
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200901/0c49c687/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200901/0c49c687/attachment-0001.bin>

More information about the bind-users mailing list