Potential bug in Bind 9.16.23

Jiaming Zhang J.Zhang at yiximeta.com
Fri Jul 28 08:04:21 UTC 2023 

Hi Community,

I recently upgraded bind​ to 9.16.23, and a wired error occurs: the named could not start after the configuration is loaded (and any zone mentioned in the config). However, if loaded with the example config, and after the service is successfully started, I can replace the sample config with the previous config (`mv old.conf sample.conf`), and reconfig with rndc. In which case the Bind behaves totally normal and can also answer every zone it has loaded.

I thought in the beginning that there's incompatibility in the conf file between versions, but named-checkconf returns 0 as exit code.

bind version info:
```
$ named -V
BIND 9.16.23-RH (Extended Support Version) <id:fde3b1f>
running on Linux aarch64 5.4.17-2136.321.4.el8uek.aarch64 #2 SMP Wed Jun 28 17:52:50 PDT 2023
built by make with '--build=aarch64-redhat-linux-gnu' '--host=aarch64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/libexec/platform-python' '--with-libtool' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--with-maxminddb' '--with-dlopen=yes' '--with-gssapi=yes' '--with-lmdb=yes' '--without-libjson' '--with-json-c' '--enable-dnstap' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=aarch64-redhat-linux-gnu' 'host_alias=aarch64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
compiled by GCC 8.5.0 20210514 (Red Hat 8.5.0-18.0.2)
compiled with OpenSSL version: OpenSSL 1.1.1k  FIPS 25 Mar 2021
linked to OpenSSL version: OpenSSL 1.1.1k  FIPS 25 Mar 2021
compiled with libuv version: 1.41.1
linked to libuv version: 1.41.1
compiled with libxml2 version: 2.9.7
linked to libxml2 version: 20907
compiled with json-c version: 0.13.1
linked to json-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.2.0
compiled with protobuf-c version: 1.3.0
linked to protobuf-c version: 1.3.0
threads support is enabled

default paths:
  named configuration:  /etc/named.conf
  rndc configuration:   /etc/rndc.conf
  DNSSEC root key:      /etc/bind.keys
  nsupdate session key: /var/run/named/session.key
  named PID file:       /var/run/named/named.pid
  named lock file:      /var/run/named/named.lock
  geoip-directory:      /usr/share/GeoIP
`

Met vriendelijke groet / Best regards,
Jiaming Zhang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230728/587bc89d/attachment-0001.htm>

More information about the bind-users mailing list