Package: bind9 Version: 1:9.9.2.dfsg.P1-2 Severity: important Dear Maintainer, using bind9 for certain queries is literally crashing my VPS.
Bind9 is setup as a name server authoritative for two zones. Querying both zones works fine from localhost and the internet over ipv4, and ipv6. The problem comes up when I try to use bind9 to resolve other domains from localhost. When resolving certain domains, the VPS literally crashes. I have to send it a boot request, and it boots up again starting with grub, to the login prompt. It doesn't matter if I use dig to query localhost by hand, or if I have nameserver::1, or nameserver 127.0.0.1 in resolv.conf. It doesn't matter if I query A records, or AAAA records (if those exist). The results are the same, bind9 resolves some domains, and crashes on others. There are no errors in logs. If I use dig by hand, type in: dig @localhost www.debian.org. and press enter, the crash happens right there and then, I have to send the VPS a boot request at that point. Here's a list of domains that work fine, and those which crash the machine. crashes: www.ietf.org. www.linux-speakup.org. ftp.us.debian.org. www.debian.org. works fine: www.yahoo.com. www.google.com. www.fsf.org. There are probably many more from both categories. In the case of a query that works, I can get a cname record, and query that until I get answers for a and aaaa records without problems. It doesn't matter if I do, or don't use forwarders. If I put my VPS provider's name servers in resolv.conf, I can query everything just fine. When using the stock wheezy kernel, the machine would sometimes crash during boot right after printing "starting bind9," before the ok that comes after. This was true especially if starting named without the -4 flag to disable ipv6. This seems to have gone away after I upgraded to linux 3.9 from wheezy-backports, and just the query crashes remain. I know someone who is with the same VPS provider and runs fedora 16 in his VPS. I have a shell account on his system, and have been able to verify for myself by using dig that it's possible to query all the domains I listed above using his local bind9 on his machine with no crashes. As far as I can tell (lspci, /proc/cpuinfo), his vps is configured exactly like mine as far as hardware, except for RAM and HD capacity. I upgraded the bind9 package to the latest one in experimental, but the query issue is still there. Looking at logs, bind9 appears to start fine with no unusual messages. The VPS is based on KVM/QEMU. According to /proc/cpuinfo on my VPS, the KVM/QEMU version is 0.9.1. The host I login to get out of band access to the VPS says it runs openbsd in the banner it displays. I don't know however if the machine I use for out of band access is the same one on which my VPS is running. I'm not sure how else to go about debugging this. I will do my best though to provide whatever additional information is necessary. Thank you. -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.9-0.bpo.1-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages bind9 depends on: ii adduser 3.113+nmu3 ii bind9utils 1:9.9.2.dfsg.P1-2 ii debconf [debconf-2.0] 1.5.49 ii libbind9-90 1:9.9.2.dfsg.P1-2 ii libc6 2.17-92 ii libcap2 1:2.22-1.2 ii libdns95 1:9.9.2.dfsg.P1-2 ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1 ii libisc92 1:9.9.2.dfsg.P1-2 ii libisccc90 1:9.9.2.dfsg.P1-2 ii libisccfg90 1:9.9.2.dfsg.P1-2 ii liblwres90 1:9.9.2.dfsg.P1-2 ii libreadline6 6.2+dfsg-0.1 ii libssl1.0.0 1.0.1e-2 ii libxml2 2.8.0+dfsg1-7+nmu1 ii lsb-base 4.1+Debian8+deb7u1 ii net-tools 1.60-24.2 ii netbase 5.0 bind9 recommends no packages. Versions of packages bind9 suggests: ii bind9-doc 1:9.8.4.dfsg.P1-6+nmu2+deb7u1 ii dnsutils 1:9.8.4.dfsg.P1-6+nmu3 pn resolvconf <none> pn ufw <none> -- Configuration Files: /etc/bind/db.root changed [not included] /etc/bind/named.conf.local changed [not included] -- debconf information: bind9/different-configuration-file: bind9/run-resolvconf: false bind9/start-as-user: bind -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
