Bug 549284
Summary: | ISC BIND (named) crashes with "keytable.c:286: REQUIRE(nextnodep != ((void *)0) && *nextnodep == ((void *)0)) failed" | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Frantisek Hanzlik <franta> | ||||
Component: | bind | Assignee: | Adam Tkac <atkac> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 11 | CC: | amessina, antonio, atkac, chrisw, gary, mal, ovasik, pwouters, raytodd | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | bind-9.6.1-9.P3.fc11 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 554316 (view as bug list) | Environment: | |||||
Last Closed: | 2010-01-25 11:58:19 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 554316, 640730 | ||||||
Attachments: |
|
Description
Frantisek Hanzlik
2009-12-21 07:51:15 UTC
Disabling DNSSEC (I suppose comment named.conf lines // dnssec-enable yes; // dnssec-validation yes; // dnssec-lookaside . trust-anchor dlv.isc.org.; do it) does not help. I call for increase priority of this bug. For me this seems to relate to something about lots of bad lookups or doing inaddr lookups. (or at least that is when I see it) Example Dec 28 07:47:23 * named[3491]: network unreachable resolving '92.in-addr.arpa/DNSKEY/IN': 2001:660:3006:1::1:1#53 Dec 28 07:47:23 * named[3491]: network unreachable resolving '92.in-addr.arpa/DNSKEY/IN': 2001:dc0:1:0:4777::140#53 By the way we are not doing ip6, but the system regularly insists on trying to do lookups on ip6 addresses. Hope this helps. On my sites we are not doing IPv6 too (loading ipv6.ko kernel module is supressed, then no interface own IPv6 address), and bind does not ip6 lookups. But messages as: Dec 21 07:21:42 ns named[1912]: no valid KEY resolving '95.in-addr.arpa/DNSKEY/IN': 199.212.0.53#53 Dec 21 07:21:42 ns named[1912]: unexpected RCODE (SERVFAIL) resolving '95.in-addr.arpa/DNSKEY/IN': 200.3.13.11#53 Jan 1 05:20:12 ns named[23401]: not insecure resolving '228.9.60.86.in-addr.arpa/PTR/IN': 192.36.125.2#53 Jan 1 05:20:18 ns named[23401]: no valid RRSIG resolving '228.9.60.86.in-addr.arpa/PTR/IN': 193.0.0.195#53 Jan 1 05:55:14 ns named[23401]: unexpected RCODE (REFUSED) resolving 'cache.freebsd.lublin.pl/A/IN': 77.79.235.102#53 appears frequently in /var/log/messages, first one even 10x per second. *** Bug 553814 has been marked as a duplicate of this bug. *** Created attachment 382949 [details]
proposed patch
Patch has been sent to upstream for review, will be part of next update.
*** Bug 551031 has been marked as a duplicate of this bug. *** The problem continues to persist in bind-9.6.1-7.P2.fc11.x86_64 Jan 12 14:22:37 mn3 named[1840]: general: keytable.c:286: REQUIRE(nextnodep != ((void *)0) && *nextnodep == ((void *)0)) failed Jan 12 14:22:37 mn3 named[1840]: general: exiting (due to assertion failure) Can you prioritize the fix & update. The DNS server stops working 2-3 times a day because of this. I just built updated package but I'm not going to release it because I expect upstream release soon (~ 1 week). You can use it if you would like to fix this issue right now. Build is located on http://kojiweb.fedoraproject.org/koji/buildinfo?buildID=150709. I have created a crude script to monitor the daemon via a cron job for the servers I maintain. #!/bin/bash CHECK=`/sbin/service named status | grep -c "server is up"` if [ $CHECK = 0 ]; then service named restart fi exit 0 I call this file 'named-monitor' and I placed it in /root with 700 permissions and root:root ownership. I call the script from /etc/cron.d/named-monitor thus: # Cron script to run named-check every 5 minutes. */5 * * * * root /root/named-check If the named daemon is not running for any reason, it will be restarted. If it is running, the script simply exits. This should keep us going until the new packages are released. HTH :) I used the named as rpmbuild --rebuild http://kojipkgs.fedoraproject.org/packages/bind/9.6.1/8.P2.fc11/src/bind-9.6.1-8.P2.fc11.src.rpm from the link above (updated, but not released) seems to be working just fince since Wed 13 Jan 2010 08:58:47 AM EST Fixed in bind-9.6.1-9.P3.fc11. While my named daemon is not crashing, with version bind-9.6.1-16.P3.fc12.x86_64, I still have logs filled with entries like the following. I do use IPv4 and IPv6. Jan 30 14:50:45 chicago named[5908]: no valid RRSIG resolving '89.85.in-addr.arpa/DS/IN': 199.212.0.53#53 Jan 30 14:50:45 chicago named[5908]: no valid KEY resolving '85.in-addr.arpa/DNSKEY/IN': 199.212.0.53#53 Jan 30 14:50:45 chicago named[5908]: no valid KEY resolving '85.in-addr.arpa/DNSKEY/IN': 2001:660:3006:1::1:1#53 Jan 30 14:50:45 chicago named[5908]: no valid KEY resolving '85.in-addr.arpa/DNSKEY/IN': 193.0.0.195#53 Jan 30 14:50:46 chicago named[5908]: no valid KEY resolving '85.in-addr.arpa/DNSKEY/IN': 192.36.125.2#53 Jan 30 14:50:46 chicago named[5908]: no valid KEY resolving '85.in-addr.arpa/DNSKEY/IN': 202.12.28.140#53 (In reply to comment #13) > While my named daemon is not crashing, with version > bind-9.6.1-16.P3.fc12.x86_64, I still have logs filled with entries like the > following. I do use IPv4 and IPv6. > > Jan 30 14:50:45 chicago named[5908]: no valid RRSIG resolving > '89.85.in-addr.arpa/DS/IN': 199.212.0.53#53 > Jan 30 14:50:45 chicago named[5908]: no valid KEY resolving > '85.in-addr.arpa/DNSKEY/IN': 199.212.0.53#53 > Jan 30 14:50:45 chicago named[5908]: no valid KEY resolving > '85.in-addr.arpa/DNSKEY/IN': 2001:660:3006:1::1:1#53 > Jan 30 14:50:45 chicago named[5908]: no valid KEY resolving > '85.in-addr.arpa/DNSKEY/IN': 193.0.0.195#53 > Jan 30 14:50:46 chicago named[5908]: no valid KEY resolving > '85.in-addr.arpa/DNSKEY/IN': 192.36.125.2#53 > Jan 30 14:50:46 chicago named[5908]: no valid KEY resolving > '85.in-addr.arpa/DNSKEY/IN': 202.12.28.140#53 This issue is tracked as bug #556366. |