Bug#702850: bind9 failed to start if cache file has "\-ANY" (NXDOMAIN) records

Mon, 11 Mar 2013 23:27:17 -0700 

Package: bind9
Version: 1:9.9.2.dfsg.P1-2

Configuration (significant part):
/etc/bind/named.conf.options: options {
/etc/bind/named.conf.options:     cache-file "/var/cache/bind/named.cache";
/etc/bind/named.conf.options: }

File permissions and ownership are correct:
$ ls -lhd /var/cache/bind
drwxrwxr-x 2 root bind 4.0K Mar 12 09:19 /var/cache/bind
$ ls -lh /var/cache/bind/named.cache
-rw-r--r-- 1 bind bind 28K Mar 12 09:19 /var/cache/bind/named.cache

If cache has at least one NXDOMAIN entry then bind9 will fail on next
start/restart due to error.

Testing command:
$ service bind9 stop; sleep 1; : > /var/cache/bind/named.cache; sync;
service bind9 start; nslookup 1-1.sw.loc >/dev/null; nslookup 1-1.sw
>/dev/null; service bind9 restart
[....] Stopping domain name service...: bind9waiting for pid 4754 to die
. ok
[ ok ] Starting domain name service...: bind9.
[....] Stopping domain name service...: bind9waiting for pid 5134 to die
. ok
[FAIL] Starting domain name service...: bind9 failed!

syslog is attached as "syslog.txt"
/var/cache/bind/named.cache is attached as "named.cache.txt"
zone configuration is attached as "zone.txt"

---
SY,
Demin Konstantin.

Mar 12 09:30:38 server named[4625]: starting BIND 9.9.2-P1 -u bind
Mar 12 09:30:38 server named[4625]: built with '--prefix=/usr' 
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' 
'--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' 
'--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' 
'--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
Mar 12 09:30:38 server named[4625]: 
----------------------------------------------------
Mar 12 09:30:38 server named[4625]: BIND 9 is maintained by Internet Systems 
Consortium,
Mar 12 09:30:38 server named[4625]: Inc. (ISC), a non-profit 501(c)(3) 
public-benefit 
Mar 12 09:30:38 server named[4625]: corporation.  Support and training for BIND 
9 are 
Mar 12 09:30:38 server named[4625]: available at https://www.isc.org/support
Mar 12 09:30:38 server named[4625]: 
----------------------------------------------------
Mar 12 09:30:38 server named[4625]: adjusted limit on open files from 4096 to 
1048576
Mar 12 09:30:38 server named[4625]: found 4 CPUs, using 4 worker threads
Mar 12 09:30:38 server named[4625]: using 4 UDP listeners per interface
Mar 12 09:30:38 server named[4625]: using up to 4096 sockets
Mar 12 09:30:38 server named[4625]: loading configuration from 
'/etc/bind/named.conf'
Mar 12 09:30:38 server named[4625]: reading built-in trusted keys from file 
'/etc/bind/bind.keys'
Mar 12 09:30:38 server named[4625]: using default UDP/IPv4 port range: [1024, 
65535]
Mar 12 09:30:38 server named[4625]: using default UDP/IPv6 port range: [1024, 
65535]
Mar 12 09:30:38 server named[4625]: no IPv6 interfaces found
Mar 12 09:30:38 server named[4625]: listening on IPv4 interface lo, 127.0.0.1#53
Mar 12 09:30:38 server named[4625]: generating session key for dynamic DNS
Mar 12 09:30:38 server named[4625]: sizing zone task pool based on 56 zones
Mar 12 09:30:38 server named[4625]: set up managed keys zone for view _default, 
file 'managed-keys.bind'
Mar 12 09:30:38 server named[4625]: automatic empty zone: 10.IN-ADDR.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: 168.192.IN-ADDR.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: 254.169.IN-ADDR.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: 
100.51.198.IN-ADDR.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: 
255.255.255.255.IN-ADDR.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: 
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: D.F.IP6.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: 8.E.F.IP6.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: 9.E.F.IP6.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: A.E.F.IP6.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: B.E.F.IP6.ARPA
Mar 12 09:30:38 server named[4625]: automatic empty zone: 
8.B.D.0.1.0.0.2.IP6.ARPA
Mar 12 09:30:38 server named[4625]: command channel listening on 127.0.0.1#953
Mar 12 09:30:38 server named[4625]: managed-keys-zone: loaded serial 3
Mar 12 09:30:38 server named[4625]: zone 17.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 0.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 22.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 127.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 20.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 19.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 18.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 30.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 24.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 21.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 16.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 23.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 27.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 29.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 31.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 25.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 26.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 255.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone 28.172.in-addr.arpa/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone ups.loc/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone localhost/IN: loaded serial 2
Mar 12 09:30:38 server named[4625]: zone sw.loc/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: zone loc/IN: loaded serial 1
Mar 12 09:30:38 server named[4625]: all zones loaded
Mar 12 09:30:38 server named[4625]: running
Mar 12 09:30:38 server named[4625]: error (host unreachable) resolving 
'1-1.sw/A/IN': 8.8.8.8#53
Mar 12 09:30:38 server named[4625]: error (host unreachable) resolving 
'1-1.sw/A/IN': 8.8.4.4#53
Mar 12 09:30:38 server named[4625]: error (host unreachable) resolving 
'./NS/IN': 8.8.8.8#53
Mar 12 09:30:38 server named[4625]: error (host unreachable) resolving 
'1-1.sw/A/IN': 192.203.230.10#53
Mar 12 09:30:38 server named[4625]: error (host unreachable) resolving 
'1-1.sw/A/IN': 192.228.79.201#53
Mar 12 09:30:38 server named[4625]: error (host unreachable) resolving 
'1-1.sw/A/IN': 198.41.0.4#53
Mar 12 09:30:38 server named[4625]: error (host unreachable) resolving 
'1-1.sw/A/IN': 199.7.83.42#53
Mar 12 09:30:38 server named[4625]: error (host unreachable) resolving 
'1-1.sw/A/IN': 192.112.36.4#53
Mar 12 09:30:38 server named[4625]: received control channel command 'stop -p'
Mar 12 09:30:38 server named[4625]: shutting down: flushing changes
Mar 12 09:30:38 server named[4625]: stopping command channel on 127.0.0.1#953
Mar 12 09:30:38 server named[4625]: no longer listening on 127.0.0.1#53
Mar 12 09:30:38 server named[4625]: exiting
Mar 12 09:30:39 server named[4712]: starting BIND 9.9.2-P1 -u bind
Mar 12 09:30:39 server named[4712]: built with '--prefix=/usr' 
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' 
'--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' 
'--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' 
'--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
Mar 12 09:30:39 server named[4712]: 
----------------------------------------------------
Mar 12 09:30:39 server named[4712]: BIND 9 is maintained by Internet Systems 
Consortium,
Mar 12 09:30:39 server named[4712]: Inc. (ISC), a non-profit 501(c)(3) 
public-benefit 
Mar 12 09:30:39 server named[4712]: corporation.  Support and training for BIND 
9 are 
Mar 12 09:30:39 server named[4712]: available at https://www.isc.org/support
Mar 12 09:30:39 server named[4712]: 
----------------------------------------------------
Mar 12 09:30:39 server named[4712]: adjusted limit on open files from 4096 to 
1048576
Mar 12 09:30:39 server named[4712]: found 4 CPUs, using 4 worker threads
Mar 12 09:30:39 server named[4712]: using 4 UDP listeners per interface
Mar 12 09:30:39 server named[4712]: using up to 4096 sockets
Mar 12 09:30:39 server named[4712]: loading configuration from 
'/etc/bind/named.conf'
Mar 12 09:30:39 server named[4712]: reading built-in trusted keys from file 
'/etc/bind/bind.keys'
Mar 12 09:30:39 server named[4712]: using default UDP/IPv4 port range: [1024, 
65535]
Mar 12 09:30:39 server named[4712]: using default UDP/IPv6 port range: [1024, 
65535]
Mar 12 09:30:39 server named[4712]: no IPv6 interfaces found
Mar 12 09:30:39 server named[4712]: listening on IPv4 interface lo, 127.0.0.1#53
Mar 12 09:30:39 server named[4712]: generating session key for dynamic DNS
Mar 12 09:30:39 server named[4712]: sizing zone task pool based on 56 zones
Mar 12 09:30:39 server named[4712]: /var/cache/bind/named.cache:3: unknown RR 
type '\-ANY'
Mar 12 09:30:39 server named[4712]: loading configuration: unknown class/type
Mar 12 09:30:39 server named[4712]: exiting (due to fatal error)
$DATE 20130312060353
; answer
1-1.sw.                 1800    IN \-ANY ;-$NXDOMAIN
; . SOA a.root-servers.net. nstld.verisign-grs.com. 2013031200 1800 900 604800 
86400
; . RRSIG SOA ...
; . RRSIG NSEC ...
; . NSEC ac. NS SOA RRSIG NSEC DNSKEY
; sv. RRSIG NSEC ...
; sv. NSEC sx. NS RRSIG NSEC
/etc/bind/named.conf.local: zone "sw.loc" {
/etc/bind/named.conf.local:     type master;
/etc/bind/named.conf.local:     file "/etc/bind/db.loc.sw";
/etc/bind/named.conf.local: };

/etc/bind/db.loc.sw: $TTL 604800
/etc/bind/db.loc.sw: sw.loc. IN SOA server.loc. root.server.loc ( 1 3600 900 
604800 3600 )
/etc/bind/db.loc.sw: NS server.loc.
/etc/bind/db.loc.sw: $ORIGIN sw.loc.
/etc/bind/db.loc.sw: 1-1 IN A 10.0.0.1

Reply via email to