great, thanks for tracking that down Christian. I'm going to backport the commit that fixed that to 9.16.11, things have been a real mess with the last couple of releases. Annoyingly there have been security fixes mixed in with a stack of other changes that I am quite surprised have been made on what's meant to be a stable rather than development branch of key software like this.
On 2021/02/25 17:15, Christian Gut wrote: > > > On 24. Feb 2021, at 22:41, Stuart Henderson <s...@spacehopper.org> wrote: > > On 2021/02/24 15:29, Christian Gut wrote: > > > Hi Ports, > > I am using OpenBSD 6.8. I just updated bind from isc-bind-9.16.9v0 to > isc-bind-9.16.11v0. This was the corresponding change in CVS: > https://marc.info/?l= > openbsd-ports-cvs&m=161383675808055&w=2 > <https://marc.info/?l=openbsd-ports-cvs&m= > 161383675808055&w=2> > > After that update, bind segfaults right on startup. Here is the log > when started > interactively. It dies silently when started via /etc/rc.d/isc_bind > start. After > downgrading to ics-bind-9.16.9v0 it has no problem. > > > The amd64 -stable package of isc-bind-9.16.11v0 works for me. > > Please update to 9.16.11v0 again and "pkg_add debug-isc-bind gdb" then > run "egdb named" as root and type "run -g -t /var/named -u _bind -U 4", > I assume it will crash again and leave you at a gdb prompt, then please > do "bt full" and send the result. > > > Thanks for those instructions. It gave me this: > > Thread 2 received signal SIGSEGV, Segmentation fault. > [Switching to thread 181353] > convert_named_acl (nameobj=0xab5e2fc9000, cctx=0xab5e2fbda40, > lctx=0xab5a447f000, ctx=0x0, mctx > =0xab5a09d4e00, > nest_level=0, target=0xab59c93b2c0) at aclconf.c:128 > 128 aclconf.c: No such file or directory. > > > This lead me to nail the problem down to this configuration part (stripped > down to bare > minimum): > > acl asdf { > }; > > zone "dynamic.example.org" { > type master; > allow-transfer { secondaries; }; > allow-update { asdf; }; > file "/master/dynamic.example.org"; > }; > > With that in mind I searched the release notes and found this in the Release > Notes to 9.6.12 > (next version): > > • named failed to start when its configuration included a zone with a > non-builtin allow-updateACL attached. [GL #2413] > > Source: > https://ftp.ripe.net/mirrors/sites/ftp.isc.org/isc/bind/cur/9.16/doc/arm/html/ > notes.html#bug-fixes > See: https://gitlab.isc.org/isc-projects/bind9/-/issues/2413 > > Any chance to get 9.16.11 into -STABLE? > Can I provide further details to help? > > Kind Regards, > Christian >
