Re: Server crash on receiving query

2024-11-04 Thread Borja Marcos via bind-users 


> On 25 Oct 2024, at 02:15, Mark Andrews  wrote:
> 
> Take your machine to Apple.  You have a hardware fault or a kernel security 
> bug.  A user application should not be able to make an operating system crash.

That’s interesting. I have heard of a similar problem but with a different OS 
version (Sequoia) and the same Bind version.

Any clue on what might be different between bind 9.20.3 built with Homebrew and 
9.20.2 when getting queries via 127.0.0.1? 

It’s obvious it is an OS bug, but looks quite puzzling.




Borja.



signature.asc
Description: Message signed with OpenPGP
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging with Unencrypted DNS, DoT and DoH

2024-09-19 Thread Borja Marcos via bind-users 


> On 17 Sep 2024, at 22:39, Bischof, Ralph F. (MSFC-IS64)[AEGIS] via bind-users 
>  wrote:
> 
>  Hello,
>   BIND 9.18.7
> RHEL 8.10 (Oopta)
>   I am being asked if it is possible to differentiate the percentage of 
> queries coming into a server that are unencrypted, DoT and DoH. 
> Example: For a given 24 hours, 50% were 53, 25% were 853 and 25% were 443.
> I cannot find a difference in the query logs to show how the query came into 
> the server. My only thought at the moment is to run ‘tcpdump’ on all of the 
> servers and script something.
> Is there some way that I just have not found within BIND?

You can use the awesome Dnstap for that. Much better than using pcap because it 
provides context.

For the CLIENT_QUERY and CLIENT_RESPONSE messages. the response_port field will 
give you that data per query.

Note that your mileage might vary if you use other DNS servers. As far as I 
know Bind has the most comprehensive Dnstap implementation by far.


Cheers,





Borja.

signature.asc
Description: Message signed with OpenPGP
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ask about bind9 logging function: How can I log the service port number (eg. 53, 443, 853) in my log of `queries` category

2024-12-12 Thread Borja Marcos via bind-users 


> On 26 Nov 2024, at 14:36, Petr Špaček  wrote:
> 
> On 26. 11. 24 10:08, n/a via bind-users wrote:
>> I am a new user in bind9.
>> I have setup my DNS server with port 53, port 443 (DoH), and port 853 (DoT). 
>> And now, in my logging file of `queries` category, one query example shows 
>> as below:
>> 26-Nov-2024 03:55:41.524 queries: info: client @0x7f21ba9b3000 
>> 111.11.11.109#61713 (ust.hk ): query:ust.hk > ust.hk/>IN A +E(0)TK (111.111.111.999)
>> For the|queries|​ log like this, how can I print the service port number 
>> used by the client? For example, for this|queries|​ log, what I want to get 
>> is with the service port number as below:
>> 26-Nov-2024 03:55:41.524 queries: info: client @0x7f21ba9b3000 
>> 111.11.11.109#61713 (ust.hk ): query:ust.hk > ust.hk/>IN A +E(0)TK (111.111.111.999#443)
>> 26-Nov-2024 03:55:41.524 queries: info: client @0x7f21ba9b3000 
>> 111.11.11.109#61713 (ust.hk ): query:ust.hk > ust.hk/>IN A +E(0)TK (111.111.111.999#853)
>> 26-Nov-2024 03:55:41.524 queries: info: client @0x7f21ba9b3000 
>> 111.11.11.109#61713 (ust.hk ): query:ust.hk > ust.hk/>IN A +E(0)K (111.111.111.999#53)
>> How should I set up the logging config options to log the service port 
>> number?
>> I have searched for this question on Google, and asked ChatGPT, but I only 
>> got answers to use other tools, like tcpdump. Is it possible to just config 
>> bind9 named.conf.* for this?
> 
> Currently this is not possible, but I guess it is a legit feature request.
> 
> Please log it formally at
> https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issuable_template=Feature_Request
> 
> and we will have to find out if this is an 'incompatible' change or not. I 
> don't know how many people rely on precise query log format, and if we decide 
> that it is an incompatible change we will have to put this into 9.21 branch 
> only.

You can do an ugly hack. 

I think you can define different views associated to those service port 
numbers? In that case the query log line will include the view name.





Borja.


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Just a suspicion for now: Memory leak in 9.20.4?

2025-02-14 Thread Borja Marcos via bind-users 


> On 13 Feb 2025, at 14:46, Ondřej Surý  wrote:
> 
> There’s official KB article on the topic: 
> https://kb.isc.org/docs/bind-memory-consumption-explained - you actually need 
> to use jeprof and understand the BIND 9 internals.

Thank you, I will check it out.

I just sent the message wondering whether someone had seen something similar. 
It is a bit shocking given that 9.18 achieved better memory efficiency than the
previous versions if I remember well. 

For now, what surprised me is:

Server one, highest query load, mostly clients querying the typical A records.

Server two, lower query load, pattern is different receiving lots of MX queries 
from mail servers.

Both are running FreeBSD 14.2.. Bind compiled from ports.

Server one:  9.18.32
boot time: Wed, 12 Feb 2025 14:04:42 GMT
last configured: Fri, 14 Feb 2025 07:33:09 GMT
VM size: 632 MB, RES 446MB

Second two:  9.20.5
boot time: Thu, 13 Feb 2025 09:44:04 GMT
last configured: Thu, 13 Feb 2025 10:33:47 GMT
VM size: 1079MB, RES 945 MB.


The “sizes” are those reported by top (different from the Linux version).

I will keep monitoring and let you know.






Borja.



signature.asc
Description: Message signed with OpenPGP
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Just a suspicion for now: Memory leak in 9.20.4?

2025-02-13 Thread Borja Marcos via bind-users 
Hi,

I am running 9.18.32 and 9.20.4 on FreeBSD. I have noticed that 9.20.4 is using 
much more memory 24 hours since restarting them, despite the fact that the 
9.18.32 has a higher query load.

Nothing substantial now, but I would like to confirm (or not) whether someone 
else has observed something similar.

Cheers,




Borja.




signature.asc
Description: Message signed with OpenPGP
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Just a suspicion for now: Memory leak in 9.20.4?

2025-03-06 Thread Borja Marcos via bind-users 


> On 14 Feb 2025, at 09:49, Borja Marcos via bind-users 
>  wrote:
> 
> Signed PGP part
> 
> 
>> On 13 Feb 2025, at 14:46, Ondřej Surý  wrote:
>> 
>> There’s official KB article on the topic: 
>> https://kb.isc.org/docs/bind-memory-consumption-explained - you actually 
>> need to use jeprof and understand the BIND 9 internals.
> 
> I will keep monitoring and let you know.

After launching the stone, a small update.

I think it is a FreeBSD bug. Some 9.20.x behavior might be triggering a worst 
case condition.

The bug would be this one: Note that I am running FreeBSD 14.2, but I think it 
hasn’t been fixed yet.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281471

Sorry about the confusion but well, memory growth was a bt crazy!



Borja.




signature.asc
Description: Message signed with OpenPGP
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users