Package: bind9 Version: 1:9.16.11-1 Severity: important Dear Maintainer,
After bind9 update to 1:9.16.11-1, named daemon cannot start dou to 11/SEGV signal. Full log is like this: Jan 22 14:40:47 trefle systemd[1]: Started BIND Domain Name Server. Jan 22 14:40:47 trefle named[1317468]: starting BIND 9.16.11-Debian (Stable Release) <id:9ff601b> Jan 22 14:40:47 trefle named[1317468]: running on Linux x86_64 5.10.0-1-amd64 #1 SMP Debian 5.10.5-1 (2021-01-09) Jan 22 14:40:47 trefle named[1317468]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-udv6N3/bind9-9.16.11=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' Jan 22 14:40:47 trefle named[1317468]: running as: named -f -u bind Jan 22 14:40:47 trefle named[1317468]: compiled by GCC 10.2.1 20210110 Jan 22 14:40:47 trefle named[1317468]: compiled with OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020 Jan 22 14:40:47 trefle named[1317468]: linked to OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020 Jan 22 14:40:47 trefle named[1317468]: compiled with libxml2 version: 2.9.10 Jan 22 14:40:47 trefle named[1317468]: linked to libxml2 version: 20910 Jan 22 14:40:47 trefle named[1317468]: compiled with json-c version: 0.15 Jan 22 14:40:47 trefle named[1317468]: linked to json-c version: 0.15 Jan 22 14:40:47 trefle named[1317468]: compiled with zlib version: 1.2.11 Jan 22 14:40:47 trefle named[1317468]: linked to zlib version: 1.2.11 Jan 22 14:40:47 trefle named[1317468]: ---------------------------------------------------- Jan 22 14:40:47 trefle named[1317468]: BIND 9 is maintained by Internet Systems Consortium, Jan 22 14:40:47 trefle named[1317468]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Jan 22 14:40:47 trefle named[1317468]: corporation. Support and training for BIND 9 are Jan 22 14:40:47 trefle named[1317468]: available at https://www.isc.org/support Jan 22 14:40:47 trefle named[1317468]: ---------------------------------------------------- Jan 22 14:40:47 trefle named[1317468]: adjusted limit on open files from 524288 to 1048576 Jan 22 14:40:47 trefle named[1317468]: found 8 CPUs, using 8 worker threads Jan 22 14:40:47 trefle named[1317468]: using 8 UDP listeners per interface Jan 22 14:40:47 trefle named[1317468]: using up to 21000 sockets Jan 22 14:40:47 trefle named[1317468]: loading configuration from '/etc/bind/named.conf' Jan 22 14:40:47 trefle named[1317468]: reading built-in trust anchors from file '/etc/bind/bind.keys' Jan 22 14:40:47 trefle named[1317468]: looking for GeoIP2 databases in '/usr/share/GeoIP' Jan 22 14:40:47 trefle named[1317468]: using default UDP/IPv4 port range: [32768, 60999] Jan 22 14:40:47 trefle named[1317468]: using default UDP/IPv6 port range: [32768, 60999] Jan 22 14:40:47 trefle named[1317468]: listening on IPv4 interface lo, 127.0.0.1#53 Jan 22 14:40:47 trefle named[1317468]: listening on IPv4 interface eth0, 10.250.0.1#53 Jan 22 14:40:47 trefle named[1317468]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately Jan 22 14:40:47 trefle named[1317468]: listening on IPv6 interface lo, ::1#53 Jan 22 14:40:47 trefle named[1317468]: listening on IPv6 interface eth0, fd3a:49e:a53d:0:76d4:35ff:febc:1476#53 Jan 22 14:40:47 trefle named[1317468]: listening on IPv6 interface eth0, fe80::76d4:35ff:febc:1476%2#53 Jan 22 14:40:47 trefle named[1317468]: generating session key for dynamic DNS Jan 22 14:40:47 trefle named[1317468]: sizing zone task pool based on 24 zones Jan 22 14:40:47 trefle systemd[1]: named.service: Main process exited, code=killed, status=11/SEGV Jan 22 14:40:47 trefle systemd[1]: named.service: Failed with result 'signal'. Jan 22 14:40:47 trefle systemd[1]: named.service: Scheduled restart job, restart counter is at 3. Jan 22 14:40:47 trefle systemd[1]: Stopped BIND Domain Name Server. Jan 22 14:40:47 trefle systemd[1]: Started BIND Domain Name Server. Jan 22 14:40:47 trefle named[1317495]: starting BIND 9.16.11-Debian (Stable Release) <id:9ff601b> Jan 22 14:40:47 trefle named[1317495]: running on Linux x86_64 5.10.0-1-amd64 #1 SMP Debian 5.10.5-1 (2021-01-09) Jan 22 14:40:47 trefle named[1317495]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-udv6N3/bind9-9.16.11=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' Jan 22 14:40:47 trefle named[1317495]: running as: named -f -u bind Jan 22 14:40:47 trefle named[1317495]: compiled by GCC 10.2.1 20210110 Jan 22 14:40:47 trefle named[1317495]: compiled with OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020 Jan 22 14:40:47 trefle named[1317495]: linked to OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020 Jan 22 14:40:47 trefle named[1317495]: compiled with libxml2 version: 2.9.10 Jan 22 14:40:47 trefle named[1317495]: linked to libxml2 version: 20910 Jan 22 14:40:47 trefle named[1317495]: compiled with json-c version: 0.15 Jan 22 14:40:47 trefle named[1317495]: linked to json-c version: 0.15 Jan 22 14:40:47 trefle named[1317495]: compiled with zlib version: 1.2.11 Jan 22 14:40:47 trefle named[1317495]: linked to zlib version: 1.2.11 Jan 22 14:40:47 trefle named[1317495]: ---------------------------------------------------- Jan 22 14:40:47 trefle named[1317495]: BIND 9 is maintained by Internet Systems Consortium, Jan 22 14:40:47 trefle named[1317495]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Jan 22 14:40:47 trefle named[1317495]: corporation. Support and training for BIND 9 are Jan 22 14:40:47 trefle named[1317495]: available at https://www.isc.org/support Jan 22 14:40:47 trefle named[1317495]: ---------------------------------------------------- Jan 22 14:40:47 trefle named[1317495]: adjusted limit on open files from 524288 to 1048576 Jan 22 14:40:47 trefle named[1317495]: found 8 CPUs, using 8 worker threads Jan 22 14:40:47 trefle named[1317495]: using 8 UDP listeners per interface Jan 22 14:40:47 trefle named[1317495]: using up to 21000 sockets Jan 22 14:40:47 trefle named[1317495]: loading configuration from '/etc/bind/named.conf' Jan 22 14:40:47 trefle named[1317495]: reading built-in trust anchors from file '/etc/bind/bind.keys' Jan 22 14:40:47 trefle named[1317495]: looking for GeoIP2 databases in '/usr/share/GeoIP' Jan 22 14:40:47 trefle named[1317495]: using default UDP/IPv4 port range: [32768, 60999] Jan 22 14:40:47 trefle named[1317495]: using default UDP/IPv6 port range: [32768, 60999] Jan 22 14:40:47 trefle named[1317495]: listening on IPv4 interface lo, 127.0.0.1#53 Jan 22 14:40:47 trefle named[1317495]: listening on IPv4 interface eth0, 10.250.0.1#53 Jan 22 14:40:47 trefle named[1317495]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately Jan 22 14:40:47 trefle named[1317495]: listening on IPv6 interface lo, ::1#53 Jan 22 14:40:47 trefle named[1317495]: listening on IPv6 interface eth0, fd3a:49e:a53d:0:76d4:35ff:febc:1476#53 Jan 22 14:40:47 trefle named[1317495]: listening on IPv6 interface eth0, fe80::76d4:35ff:febc:1476%2#53 Jan 22 14:40:47 trefle named[1317495]: generating session key for dynamic DNS Jan 22 14:40:47 trefle named[1317495]: sizing zone task pool based on 24 zones Jan 22 14:40:47 trefle systemd[1]: named.service: Main process exited, code=killed, status=11/SEGV Jan 22 14:40:47 trefle systemd[1]: named.service: Failed with result 'signal'. Jan 22 14:40:48 trefle systemd[1]: named.service: Scheduled restart job, restart counter is at 4. Jan 22 14:40:48 trefle systemd[1]: Stopped BIND Domain Name Server. Jan 22 14:40:48 trefle systemd[1]: Started BIND Domain Name Server. Jan 22 14:40:48 trefle named[1317522]: starting BIND 9.16.11-Debian (Stable Release) <id:9ff601b> Jan 22 14:40:48 trefle named[1317522]: running on Linux x86_64 5.10.0-1-amd64 #1 SMP Debian 5.10.5-1 (2021-01-09) Jan 22 14:40:48 trefle named[1317522]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-udv6N3/bind9-9.16.11=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' Jan 22 14:40:48 trefle named[1317522]: running as: named -f -u bind Jan 22 14:40:48 trefle named[1317522]: compiled by GCC 10.2.1 20210110 Jan 22 14:40:48 trefle named[1317522]: compiled with OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020 Jan 22 14:40:48 trefle named[1317522]: linked to OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020 Jan 22 14:40:48 trefle named[1317522]: compiled with libxml2 version: 2.9.10 Jan 22 14:40:48 trefle named[1317522]: linked to libxml2 version: 20910 Jan 22 14:40:48 trefle named[1317522]: compiled with json-c version: 0.15 Jan 22 14:40:48 trefle named[1317522]: linked to json-c version: 0.15 Jan 22 14:40:48 trefle named[1317522]: compiled with zlib version: 1.2.11 Jan 22 14:40:48 trefle named[1317522]: linked to zlib version: 1.2.11 Jan 22 14:40:48 trefle named[1317522]: ---------------------------------------------------- Jan 22 14:40:48 trefle named[1317522]: BIND 9 is maintained by Internet Systems Consortium, Jan 22 14:40:48 trefle named[1317522]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Jan 22 14:40:48 trefle named[1317522]: corporation. Support and training for BIND 9 are Jan 22 14:40:48 trefle named[1317522]: available at https://www.isc.org/support Jan 22 14:40:48 trefle named[1317522]: ---------------------------------------------------- Jan 22 14:40:48 trefle named[1317522]: adjusted limit on open files from 524288 to 1048576 Jan 22 14:40:48 trefle named[1317522]: found 8 CPUs, using 8 worker threads Jan 22 14:40:48 trefle named[1317522]: using 8 UDP listeners per interface Jan 22 14:40:48 trefle named[1317522]: using up to 21000 sockets Jan 22 14:40:48 trefle named[1317522]: loading configuration from '/etc/bind/named.conf' Jan 22 14:40:48 trefle named[1317522]: reading built-in trust anchors from file '/etc/bind/bind.keys' Jan 22 14:40:48 trefle named[1317522]: looking for GeoIP2 databases in '/usr/share/GeoIP' Jan 22 14:40:48 trefle named[1317522]: using default UDP/IPv4 port range: [32768, 60999] Jan 22 14:40:48 trefle named[1317522]: using default UDP/IPv6 port range: [32768, 60999] Jan 22 14:40:48 trefle named[1317522]: listening on IPv4 interface lo, 127.0.0.1#53 Jan 22 14:40:48 trefle named[1317522]: listening on IPv4 interface eth0, 10.250.0.1#53 Jan 22 14:40:48 trefle named[1317522]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately Jan 22 14:40:48 trefle named[1317522]: listening on IPv6 interface lo, ::1#53 Jan 22 14:40:48 trefle named[1317522]: listening on IPv6 interface eth0, fd3a:49e:a53d:0:76d4:35ff:febc:1476#53 Jan 22 14:40:48 trefle named[1317522]: listening on IPv6 interface eth0, fe80::76d4:35ff:febc:1476%2#53 Jan 22 14:40:48 trefle named[1317522]: generating session key for dynamic DNS Jan 22 14:40:48 trefle named[1317522]: sizing zone task pool based on 24 zones Jan 22 14:40:48 trefle systemd[1]: named.service: Main process exited, code=killed, status=11/SEGV Jan 22 14:40:48 trefle systemd[1]: named.service: Failed with result 'signal'. Jan 22 14:40:48 trefle systemd[1]: named.service: Scheduled restart job, restart counter is at 5. Jan 22 14:40:48 trefle systemd[1]: Stopped BIND Domain Name Server. Jan 22 14:40:48 trefle systemd[1]: named.service: Start request repeated too quickly. Jan 22 14:40:48 trefle systemd[1]: named.service: Failed with result 'signal'. Jan 22 14:40:48 trefle systemd[1]: Failed to start BIND Domain Name Server. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-1-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages bind9 depends on: ii adduser 3.118 ii bind9-libs 1:9.16.11-1 ii bind9-utils 1:9.16.11-1 ii debconf [debconf-2.0] 1.5.74 ii dns-root-data 2019052802 ii init-system-helpers 1.60 ii iproute2 5.10.0-3 ii libc6 2.31-9 ii libcap2 1:2.44-1 ii libfstrm0 0.6.0-1+b1 ii libjson-c5 0.15-1 ii liblmdb0 0.9.24-1 ii libmaxminddb0 1.5.0-1 ii libprotobuf-c1 1.3.3-1+b2 ii libssl1.1 1.1.1i-2 ii libuv1 1.40.0-1 ii libxml2 2.9.10+dfsg-6.3+b1 ii lsb-base 11.1.0 ii netbase 6.2 ii zlib1g 1:1.2.11.dfsg-2 bind9 recommends no packages. Versions of packages bind9 suggests: pn bind-doc <none> ii bind9-dnsutils [dnsutils] 1:9.16.11-1 pn resolvconf <none> pn ufw <none> -- Configuration Files: /etc/bind/named.conf changed: // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/certbot-ddns.key"; //include "/etc/bind/named.conf.default-zones"; /etc/bind/named.conf.local changed: // // Do any local configuration here // logging { channel security_file { file "/var/log/named/security.log" versions 3 size 30m; severity dynamic; print-time yes; }; category security { security_file; }; }; // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; acl nsnicru { 91.217.20.0/26; 91.217.21.0/26; 194.226.96.192/28; 31.177.66.192/28; 195.253.54.22; 195.253.51.22; }; acl nstriflenet { 195.24.128.164; }; acl trefleru { 80.89.203.170; 83.234.135.17; }; view "internal" { // This should match our internal networks. match-clients { !key certbot-ddns-key; localnets; trefleru;}; // Provide recursive service to internal clients only. recursion yes; // Enable all empty zones. empty-zones-enable yes; // Provide a complete view of the example.com zone // including addresses of internal hosts. include "/etc/bind/named.conf.default-zones"; // Local zones on Trefle zone "trefle.ru." { type master; file "m/db.trefle.ru-local"; allow-query { localnets; }; allow-transfer { localnets; }; allow-update { trefleru; }; }; zone "0.250.10.in-addr.arpa." { type master; file "m/db.10.250.0"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; }; zone "0.251.10.in-addr.arpa." { type master; file "m/db.10.251.0"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; }; zone "0.252.10.in-addr.arpa." { type master; file "m/db.10.252.0"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; }; zone "b.a.e.8.0.d.0.0.1.0.a.2.ip6.arpa." { type master; file "m/db.2a01.d0.ffff.eab"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; }; zone "belka.trefle.ru." { type master; file "m/db.belka.trefle.ru-local"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; allow-update { trefleru; }; }; zone "gofman.biz." { type master; file "m/db.gofman.biz-local"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; }; zone "gofman.su." { type master; file "m/db.gofman.su-local"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; }; zone "secretlaboratory.ru." { type master; file "m/db.secretlaboratory.ru-local"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; }; // Zones from Academ.org zone "academ.local." { type forward; forwarders { 85.118.224.121; 89.31.118.1; }; }; zone "academ.info." { type forward; forwarders { 85.118.224.121; 89.31.118.1; }; }; }; view "external" { // Enable all empty zones. empty-zones-enable yes; // Match all clients not matched by the previous view. match-clients { key certbot-ddns-key; any; }; // Refuse recursive service to external clients. allow-recursion { trefleru; }; // Provide a restricted view of the example.com zone // containing only publicly accessible hosts. zone "trefle.ru." { type master; file "m/db.trefle.ru"; //file "m/db.trefle.ru.signed"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; trefleru; }; notify yes; also-notify { 195.253.54.22; 195.253.51.22; }; update-policy { grant certbot-ddns-key zonesub ANY; }; }; zone "170/32.203.89.80.in-addr.arpa." { type master; file "m/db.80.89.203.170"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; trefleru; }; }; zone "0.252.10.in-addr.arpa." { type master; file "m/db.10.252.0"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; }; zone "b.a.e.8.0.d.0.0.1.0.a.2.ip6.arpa." { type master; file "m/db.2a01.d0.ffff.eab"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; }; zone "belka.trefle.ru." { type master; file "m/db.belka.trefle.ru"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; trefleru; }; notify yes; also-notify { 195.253.54.22; 195.253.51.22; }; }; zone "gofman.biz." { type master; file "m/db.gofman.biz"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; update-policy { grant certbot-ddns-key zonesub ANY; }; }; zone "gofman.su." { type master; file "m/db.gofman.su"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; }; zone "secretlaboratory.ru." { type master; file "m/db.secretlaboratory.ru"; allow-query { any; }; allow-transfer { nsnicru; nstriflenet; }; notify yes; also-notify { 195.253.54.22; 195.253.51.22; }; update-policy { grant certbot-ddns-key zonesub ANY; }; }; }; -- debconf information: bind9/run-resolvconf: true bind9/start-as-user: bind bind9/different-configuration-file:
