Re: Assertion failure when RPZ zone returns NS records?

Sat, 11 Jun 2016 11:11:24 -0700 

On Sat, Jun 11, 2016 at 05:19:41PM +0000, McDonald, Daniel (Dan) wrote:
> Apparently it’s not the way to do what I needed, but I created an RPZ record 
> like this:
> foo.example.com               IN              NS      ns1.example.org
>                                       IN              NS      ns2.example.org
> 
> 
> My goal was to redirect queries to a load balancer serving
> foo.example.com A records.  I should have created the glue in
> example.org and then used RPZ to create a CNAME for foo.example.com
> pointing to foo.example.org
> 
> 
> Anyway, with the NS records, I got an assertion failure:
> 10-Jun-2016 15:49:58.584 client 10.10.207.244#49952 (foo.example.com 
> <http://sts.austinenergy.com/>): query: foo.example.com 
> <http://sts.austinenergy.com/> IN A + (10.2.123.132)
> Jun 10 15:49:58 ns11 named[2248]: query.c:3908: REQUIRE(dbp != ((void *)0) && 
> *dbp != ((void *)0)) failed
> Jun 10 15:49:58 ns11 named[2248]: exiting (due to assertion failure)
> 
> I’m running the supplied version of Bind from SLES 11 SP4:
> someone@ns11:/var/lib/named/var/log> rpm -qi bind
> Name        : bind                         Relocations: (not relocatable)
> Version     : 9.9.6P1                           Vendor: SUSE LINUX Products 
> GmbH, Nuernberg, Germany
> Release     : 0.25.1                        Build Date: Wed 09 Mar 2016 
> 10:22:09 AM CST
> Install Date: Mon 21 Mar 2016 09:31:21 AM CDT      Build Host: sheep02
> Group       : Productivity/Networking/DNS/Servers   Source RPM: 
> bind-9.9.6P1-0.25.1.src.rpm
> Size        : 1187259                          License: BSD 3-Clause; X11/MIT
> Signature   : RSA/8, Wed 09 Mar 2016 10:23:01 AM CST, Key ID e3a5c360307e3d54
> Packager    : https://www.suse.com/
> URL         : http://isc.org/sw/bind/
> 
> 
> Is this a known error?

This is a crash in rpz_clean() in query.c in the 9.9 branch.

(1) Use 9.10 if you want to use RPZ feature in a public BIND
release. Only 9.10 and above's RPZ is maintained and deployable among
BIND public releases.

(2) Use the latest version of BIND for the release branch you're
using. So today, you'd use 9.10.4-P1 (the latest version of BIND in the
9.10 branch) if you want to deploy the RPZ feature.

                Mukund

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to