Re: odd failures from 9.12.3
On 10/18/2018 11:38 PM, Evan Hunt wrote: On Thu, Oct 18, 2018 at 07:21:49PM -0400, Dennis Clarke wrote: oh .. also .. I'll look into these and see if I can clean them up : "zone.c", line 4275: warning: syntax error: empty declaration "client.c", line 2983: warning: argument #2 is incompatible with prototype: "zoneconf.c", line 242: warning: argument #2 is incompatible with prototype: Dennis ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: odd failures from 9.12.2-P2
On 10/18/2018 11:38 PM, Evan Hunt wrote: On Thu, Oct 18, 2018 at 07:21:49PM -0400, Dennis Clarke wrote: I:System test result summary: I: 7 FAIL I: 69 PASS I: 4 SKIPPED I: 12 UNTESTED I:The following system tests failed: I: autosign I: catz I: dnssec I: filter- I: legacy I: mkeys I: staticstub This is on Solaris 10 sparc and using the Oracle Studio 12.6 tools as well as OpenSSL 1.1.1 which passes all tests. Is there a way to dig out more information from these failures? Yes, the full output from all of the system tests will be in bin/tests/system/systests.output, and you can look for messages that say "I:autosign:failed" (or whatever) to find out which bits didn't work. Each of the failing system tests should also have its directory full of files that were created during the test -- they would have been deleted if it had passed but should still be there now -- which can also be used to work out what went wrong. If you want to just tar up bin/tests/system and send it to me, I'd be happy to take a look. Thank you very much and I appreciate the offer. Really I do. I'll go digging ... however I jumped onto 9.12.3 while the bits were still hot from the oven .. so ... only two tests failed : I:System test result summary: I: 2 FAIL I: 74 PASS I: 4 SKIPPED I: 12 UNTESTED I:The following system tests failed: I: dnssec I: nsupdate I will go have a look and not tie up your time. Yet :-\ Dennis Clarke ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: odd failures from 9.12.2-P2
On Thu, Oct 18, 2018 at 07:21:49PM -0400, Dennis Clarke wrote: > I see these results : > > I:System test result summary: > I: 7 FAIL > I: 69 PASS > I: 4 SKIPPED > I: 12 UNTESTED > I:The following system tests failed: > I: autosign > I: catz > I: dnssec > I: filter- > I: legacy > I: mkeys > I: staticstub > > This is on Solaris 10 sparc and using the Oracle Studio 12.6 tools as > well as OpenSSL 1.1.1 which passes all tests. > > Is there a way to dig out more information from these failures? Each of the above are sub-directories in bin/tests/system, one per system test. Within these, you'll have sub-directories named "ns" (where N is a digit). Within these, you'll typically have files with the name "named.run" which is the debug logging output of a named process that was run during the system test. Looking into these log files will reveal why the tests failed (other than the messages logged by the test script itself). It's not for the faint-of-heart and you have to be well-versed with BIND to understand and debug issues if the system tests themselves are failing for anything but trivial failures. Mukund ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: odd failures from 9.12.2-P2
On Thu, Oct 18, 2018 at 07:21:49PM -0400, Dennis Clarke wrote: > I:System test result summary: > I: 7 FAIL > I: 69 PASS > I: 4 SKIPPED > I: 12 UNTESTED > I:The following system tests failed: > I: autosign > I: catz > I: dnssec > I: filter- > I: legacy > I: mkeys > I: staticstub > > This is on Solaris 10 sparc and using the Oracle Studio 12.6 tools as > well as OpenSSL 1.1.1 which passes all tests. > > Is there a way to dig out more information from these failures? Yes, the full output from all of the system tests will be in bin/tests/system/systests.output, and you can look for messages that say "I:autosign:failed" (or whatever) to find out which bits didn't work. Each of the failing system tests should also have its directory full of files that were created during the test -- they would have been deleted if it had passed but should still be there now -- which can also be used to work out what went wrong. If you want to just tar up bin/tests/system and send it to me, I'd be happy to take a look. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
okay ... odd failures in 9.12.3
I see these results : I:System test result summary: I: 2 FAIL I: 74 PASS I: 4 SKIPPED I: 12 UNTESTED I:The following system tests failed: I: dnssec I: nsupdate This is on Solaris 10 sparc and using the Oracle Studio 12.6 tools as well as OpenSSL 1.1.1 which passes all tests. Is there a way to dig out more information from these failures? Dennis ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
odd failures from 9.12.2-P2
I see these results : I:System test result summary: I: 7 FAIL I: 69 PASS I: 4 SKIPPED I: 12 UNTESTED I:The following system tests failed: I: autosign I: catz I: dnssec I: filter- I: legacy I: mkeys I: staticstub This is on Solaris 10 sparc and using the Oracle Studio 12.6 tools as well as OpenSSL 1.1.1 which passes all tests. Is there a way to dig out more information from these failures? Dennis ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec-keymgr
I have a working test box based on: http://bind-users-forum.2342410.n4.nabble.com/Automatic-Key-Management-td4317.html https://kb.isc.org/docs/aa-00711 It appears that the dnssec-keymgr will keep track of the ZSK keys but I will need to re-sign the zone on changes or weekly. Current zsk creation script doesn't always get the timing correct Current box now uses dnssec-signzone /usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K private example.net via script to change the serial # and resign the zone . Is it a better way to use rndc |? rndc loadkeys example.net|| rndc signing -nsec3param 1 0 10 03F92714 example.net.| ||Thx CT On 10/18/18 12:05 PM, CT wrote: All. Not much on the subject other than a few posts. didn't find anything in my last ARM search either.. Thx CT ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Modifying data files while named is reloading
In article , Anne Bennett wrote: > Laurent Weislo writes: > > > After a bunch of years and under heavy load on the master, we lost almost > > 4K records because the domain file seems to have been loaded while being > > generated. > > Wouldn't the best solution be to modify your generation process > to write to temporary files, and then to move them into place > when fully built, rather than leaving significant amounts of > time during which your zone file is in a partially built state? This is definitely the right solution. As long as you're moving within the same filesystem, this is an atomic rename operation. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
dnssec-keymgr
All. Not much on the subject other than a few posts. didn't find anything in my last ARM search either.. Thx CT ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Modifying data files while named is reloading
On Thu, Oct 18, 2018 at 9:01 AM Laurent Weislo wrote: > Hi, > > We had a strange behaviour with our old master running bind version: 9.3.6 > release: 20.P1.el5. > > We modify NSC m4 data files when adding one or more A records and use the > make command to build the full environment on the master itself. At the end > of the build, an HUP signal is sent to the named process. After the signal > is sent, if a new change comes in, the process occurs again, thus modifying > the files (that are supposed to be already loaded by named). > After a bunch of years and under heavy load on the master, we lost almost > 4K records because the domain file seems to have been loaded while being > generated. > > My questions are: > - is 'rndc reload' returning when all zone files have been reloaded or is > it returning while the loading process is ongoing ? > I believe that rndc returns immediately, while the loading process is just starting. > - same question with sending a HUP signal ? does it behave like 'rndc > reload' ? > Signals like 'HUP' always return immediately, they have no way of knowing what the process will do with the signal, if anything. > - how to ensure that named has loaded the files before modifying them > again since they are at the same location ? > Good question. For sure, as Anne says, you want to build temporary files and 'move' them to the final location, so that there are never partial files in place. > > The log message reports 'loading configuration', but why not > 'configuration files loaded' ? > I believe that the process starts with: 18-Oct-2018 12:55:29.975 general: info: received control channel command 'reload' 18-Oct-2018 12:55:29.975 general: info: loading configuration from '/etc/named.conf' And ends with: 18-Oct-2018 12:55:30.358 general: notice: all zones loaded -- Bob Harold > > Below is the event timeline, I hope it is clear enough for everyone: > 1. Oct 16 17:24:18 SLAVE1 named[29671]: [ID 873579 daemon.info] transfer > of 'our.domain.com/IN' from 192.168.122.100#53: Transfer completed: 10 > messages, *14890* records, 413507 bytes, 0.249 secs (1660670 bytes/sec) > 2. (10/16/2018 17:28:57.202:1683726) : user pid=7501 uid=root > auid=unknown(65030) msg='cmd=/sbin/service named reload (terminal=? > res=success)' > 3. Oct 16 17:28:57 MASTER named[3292]: loading configuration from > '/etc/named.conf' -> 2018101639 > 4. AUTOMATION TOOL:16-10 17:28:57 newhostname 1045 Add DNS START > 5. 2018-10-16 17:29:00 +0200 (Tue, 16 Oct 2018) | 1 line IDXXX: Add DNS > entry newhostname with 10.10.10.10 | r20907 | > 6. Oct 16 17:29:02 MASTER named[3292]: zone/our.domain.com:11473: file > does not end with newline<- NSC make is running, generating new files > because newhostname is added to a m4 file. > 7. Oct 16 17:29:02 MASTER named[3292]: zone our.domain.com/IN: loaded > serial 2018101640 > 8. Oct 16 17:29:02 MASTER named[3292]: zone our.domain.com/IN: sending > notifies (serial 2018101640) > 9. Oct 16 17:29:19 SLAVE1 named[29671]: [ID 873579 daemon.info] transfer > of 'our.domain.com/IN' from 192.168.122.100#53: Transfer completed: 7 > messages, *10806* records, 302763 bytes, 0.192 secs (1576890 bytes/sec) > 10. (10/16/2018 17:34:27.798:1683828) : user pid=12079 uid=root > auid=unknown(65030) msg='cmd=/sbin/service named reload (terminal=? > res=success)' > 11. Oct 16 17:34:27 MASTER named[3292]: loading configuration from > '/etc/named.conf' -> 2018101640 > 12. AUTOMATION TOOL:16-10 17:34:28 newhostname 1045Add DNSSUCCESS > 13. Oct 16 17:34:33 MASTER named[3292]: zone our.domain.com/IN: zone > serial unchanged > 14. Oct 16 17:34:33 MASTER named[3292]: zone our.domain.com/IN: loaded > serial 2018101640 > 15. Oct 16 17:34:33 MASTER named[3292]: zone our.domain.com/IN: sending > notifies (serial 2018101640) > 16. (10/16/2018 17:39:59.934:1683878) : user pid=15753 uid=root > auid=unknown(65030) msg='cmd=/sbin/service named reload (terminal=? > res=success)' > 17. Oct 16 17:40:52 SLAVE1 named[29671]: [ID 873579 daemon.info] transfer > of 'our.domain.com/IN' from 192.168.122.100#53: Transfer completed: 10 > messages, *14893* records, 413605 bytes, 0.255 secs (1621980 bytes/sec) > > > Thank you for you help and sorry to bother you with that. > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind-9.12.2-P2 fails to compile with baffling undefined symbol issues
On 10/18/2018 04:04 AM, Michał Kępień wrote:
...
-L/usr/local/lib -latomic
Undefined first referenced
symbol in file
_TG_atomic_fetch_add../dns/libdns.a(tsig.o)
_TG_atomic_fetch_sub../dns/libdns.a(tsig.o)
_TG_atomic_load ../dns/libdns.a(tsig.o)
_TG_atomic_compare_exchange_strong ../isc/libisc.a(rwlock.o)
_TG_atomic_store../isc/libisc.a(stats.o)
ld: fatal: symbol referencing errors. No output written to resolve
...
This looks like an Oracle Developer Studio glitch related to C11 atomic
operations. To fix it, try fiddling around with the -xatomic compiler
option [1] and/or the -std compiler option and/or the CC environment
variable. To work around the problem, build BIND with --disable-atomic.
Note that atomic operations support is mandatory as of BIND 9.13.3.
After talking with experts in the field I have learned that :
in Studio 12.6, stdatomic.h lives in
lib/compilers/include/cc/stdatomic.h and uses
those _TG_atomic_* intrinsics
Thus if one compiles a trivial test with -std=c11 we see :
#include
int
main (void)
{
_Atomic int i;
atomic_store (&i, 0);
return 0;
}
No issues at all with -xatomic=studio -std=c11 however this is
impossible with c99.
So what is the minimum spec for ISC Bind? If the ISO/IEC 9899:2011
standard is minimum then perhaps there could be a notation somewhere
on the isc site for that.
Dennis Clarke
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: bind-9.12.2-P2 fails to compile with baffling undefined symbol issues
On 10/18/2018 04:04 AM, Michał Kępień wrote: This looks like an Oracle Developer Studio glitch related to C11 atomic operations. To fix it, try fiddling around with the -xatomic compiler option [1] and/or the -std compiler option and/or the CC environment variable. To work around the problem, build BIND with --disable-atomic. Note that atomic operations support is mandatory as of BIND 9.13.3. [1]https://docs.oracle.com/cd/E60778_01/html/E60745/gqico.html -- Best regards, Michał Kępień Thank you for the hint. I had not ever seen this before with a build of anything from isc however I had also recently switched build machines. I had an older system which used a well patched Oracle Studio 12.4 release as that thing supported old sparc units. When all the old sparc units went away then so did the Oracle Studio 12.4 and here we are with 12.6 which seems to do ... odd things. Could switch over whole hog to gcc of course. I'll look into this "atomics" thingy. Thank you. Dennis ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Modifying data files while named is reloading
Laurent Weislo writes: > After a bunch of years and under heavy load on the master, we lost almost > 4K records because the domain file seems to have been loaded while being > generated. Wouldn't the best solution be to modify your generation process to write to temporary files, and then to move them into place when fully built, rather than leaving significant amounts of time during which your zone file is in a partially built state? Anne. -- Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 a...@encs.concordia.ca+1 514 848-2424 x2285 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Modifying data files while named is reloading
Hi, We had a strange behaviour with our old master running bind version: 9.3.6 release: 20.P1.el5. We modify NSC m4 data files when adding one or more A records and use the make command to build the full environment on the master itself. At the end of the build, an HUP signal is sent to the named process. After the signal is sent, if a new change comes in, the process occurs again, thus modifying the files (that are supposed to be already loaded by named). After a bunch of years and under heavy load on the master, we lost almost 4K records because the domain file seems to have been loaded while being generated. My questions are: - is 'rndc reload' returning when all zone files have been reloaded or is it returning while the loading process is ongoing ? - same question with sending a HUP signal ? does it behave like 'rndc reload' ? - how to ensure that named has loaded the files before modifying them again since they are at the same location ? The log message reports 'loading configuration', but why not 'configuration files loaded' ? Below is the event timeline, I hope it is clear enough for everyone: 1. Oct 16 17:24:18 SLAVE1 named[29671]: [ID 873579 daemon.info] transfer of 'our.domain.com/IN' from 192.168.122.100#53: Transfer completed: 10 messages, *14890* records, 413507 bytes, 0.249 secs (1660670 bytes/sec) 2. (10/16/2018 17:28:57.202:1683726) : user pid=7501 uid=root auid=unknown(65030) msg='cmd=/sbin/service named reload (terminal=? res=success)' 3. Oct 16 17:28:57 MASTER named[3292]: loading configuration from '/etc/named.conf' -> 2018101639 4. AUTOMATION TOOL:16-10 17:28:57 newhostname 1045 Add DNS START 5. 2018-10-16 17:29:00 +0200 (Tue, 16 Oct 2018) | 1 line IDXXX: Add DNS entry newhostname with 10.10.10.10 | r20907 | 6. Oct 16 17:29:02 MASTER named[3292]: zone/our.domain.com:11473: file does not end with newline<- NSC make is running, generating new files because newhostname is added to a m4 file. 7. Oct 16 17:29:02 MASTER named[3292]: zone our.domain.com/IN: loaded serial 2018101640 8. Oct 16 17:29:02 MASTER named[3292]: zone our.domain.com/IN: sending notifies (serial 2018101640) 9. Oct 16 17:29:19 SLAVE1 named[29671]: [ID 873579 daemon.info] transfer of 'our.domain.com/IN' from 192.168.122.100#53: Transfer completed: 7 messages, *10806* records, 302763 bytes, 0.192 secs (1576890 bytes/sec) 10. (10/16/2018 17:34:27.798:1683828) : user pid=12079 uid=root auid=unknown(65030) msg='cmd=/sbin/service named reload (terminal=? res=success)' 11. Oct 16 17:34:27 MASTER named[3292]: loading configuration from '/etc/named.conf' -> 2018101640 12. AUTOMATION TOOL:16-10 17:34:28 newhostname 1045Add DNSSUCCESS 13. Oct 16 17:34:33 MASTER named[3292]: zone our.domain.com/IN: zone serial unchanged 14. Oct 16 17:34:33 MASTER named[3292]: zone our.domain.com/IN: loaded serial 2018101640 15. Oct 16 17:34:33 MASTER named[3292]: zone our.domain.com/IN: sending notifies (serial 2018101640) 16. (10/16/2018 17:39:59.934:1683878) : user pid=15753 uid=root auid=unknown(65030) msg='cmd=/sbin/service named reload (terminal=? res=success)' 17. Oct 16 17:40:52 SLAVE1 named[29671]: [ID 873579 daemon.info] transfer of 'our.domain.com/IN' from 192.168.122.100#53: Transfer completed: 10 messages, *14893* records, 413605 bytes, 0.255 secs (1621980 bytes/sec) Thank you for you help and sorry to bother you with that. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind-9.12.2-P2 fails to compile with baffling undefined symbol issues
> /opt/developerstudio12.6/bin/c99 -mt -errfmt=error -erroff=%none > -errshort=full -xstrconst -xildoff -m64 -xmemalign=8s -xnolibmil -Xc > -xcode=pic32 -xregs=no%appl -xlibmieee -mc -ftrap=%none -xbuiltin=%none > -xdebugformat=dwarf -xunroll=1 -xarch=sparc -I/usr/include/libxml2 -I > /usr/local/include -KPIC -o resolve \ > resolve.o ../irs/libirs.a ../dns/libdns.a -lgss -lkrb5 > ../isccfg/libisccfg.a ../isc/libisc.a -L/usr/local/lib -R/usr/local/lib > -R/usr/local/lib -lcrypto -ldl -lnsl -lsocket -lscf -lrt -lpthread > -L/usr/lib -R/usr/lib -lxml2 -lz -lpthread -lm -lsocket -lnsl > -L/usr/local/lib -latomic > Undefined first referenced > symbol in file > _TG_atomic_fetch_add../dns/libdns.a(tsig.o) > _TG_atomic_fetch_sub../dns/libdns.a(tsig.o) > _TG_atomic_load ../dns/libdns.a(tsig.o) > _TG_atomic_compare_exchange_strong ../isc/libisc.a(rwlock.o) > _TG_atomic_store../isc/libisc.a(stats.o) > ld: fatal: symbol referencing errors. No output written to resolve > gmake[2]: *** [Makefile:464: resolve] Error 2 > gmake[2]: Leaving directory > '/usr/local/build/bind-9.12.2-P2_SunOS5.10_sparc64vii+.001/lib/samples' > gmake[1]: *** [Makefile:82: subdirs] Error 1 > gmake[1]: Leaving directory > '/usr/local/build/bind-9.12.2-P2_SunOS5.10_sparc64vii+.001/lib' > gmake: *** [Makefile:88: subdirs] Error 1 This looks like an Oracle Developer Studio glitch related to C11 atomic operations. To fix it, try fiddling around with the -xatomic compiler option [1] and/or the -std compiler option and/or the CC environment variable. To work around the problem, build BIND with --disable-atomic. Note that atomic operations support is mandatory as of BIND 9.13.3. [1] https://docs.oracle.com/cd/E60778_01/html/E60745/gqico.html -- Best regards, Michał Kępień ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
