Re: Bind 9.16.1 crash

2022-12-07 Thread G.W. Haywood via bind-users

Hi there,

On Thu, 8 Dec 2022, Ondřej Surý wrote:


The "we don't update upstream version" policy works well only if you
carefully pick upstream version. Instead this is snapshot of Debian
at random point ...


Somewhat OT, but this applies to more or less all software which you
might think of as "mission critical".  That includes your kernels -
after an 'upgrade' I've had a Debian kernel give, on an only slightly
unusual Intel architecture, performance which was orders of magnitude
poorer than the previously released version.  Very embarrassing if you
just spent the weekend installing it for an entire client organization.

--

73,
Ged.-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: Bind 9.16.1 crash

2022-12-07 Thread Ondřej Surý
> On 8. 12. 2022, at 7:57, Ben Bridges  wrote:
> 
> When you say “ISC packages”, are you referring to the packages in the 
> ppa:isc/bind repository on launchpad?


Yes, you can find the links here: https://www.isc.org/download/

Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org

My working hours and your working hours may be different. Please do not feel 
obligated to reply outside your normal working hours.

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


RE: Bind 9.16.1 crash

2022-12-07 Thread Ben Bridges
When you say “ISC packages”, are you referring to the packages in the 
ppa:isc/bind repository on launchpad?

Ben Bridges

From: Ondřej Surý 
Sent: Thursday, December 8, 2022 12:26 AM
To: Ben Bridges 
Cc: Emmanuel Fusté ; bind-users@lists.isc.org
Subject: Re: Bind 9.16.1 crash

In fact, it’s as far from being “fully patched” as possible. Not all bugs are 
security bugs and not all crashes are security bugs.

Ubuntu is pushing a version that has received most refactoring in the 
networking code in the recent history.

The “we don’t update upstream version” policy works well only if you carefully 
pick upstream version. Instead this is snapshot of Debian at random point int 
time and this is the unfortunate result. I’ve negotiated the exception for 
Debian to carry the latest upstream release for a good reason.

You are going to do so much better by using ISC packages. And my general 
recommendation would be to go straight to latest 9.18.

Ondrej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel 
obligated to reply outside your normal working hours.


On 8. 12. 2022, at 1:03, Ben Bridges  wrote:

According to the Ubuntu maintainers, the bind9 package on our server 
(1:9.16.1-0ubuntu2.11) is fully patched for all the BIND 9 CVE’s including the 
latest batch of 6 released on 2022-09-21 (CVE-2022-38178, CVE-2022-38177, 
CVE-2022-3080, CVE-2022-2906, CVE-2022-2881, and CVE-2022-2795).


From: Emmanuel Fusté 
Sent: Wednesday, December 7, 2022 4:22 PM
To: Ben Bridges ; bind-users@lists.isc.org
Subject: Re: Bind 9.16.1 crash

Current ESV : 9.16.35

No, your release is not patched.
Add the ISC PPA repo and install the latest ESV. ISC PPA packaged are packaged 
by the same maintainers.

Le mer. 7 déc. 2022, 23:02, Ben Bridges 
mailto:bbrid...@springnet.net>> a écrit :
Ubuntu 20.04.5 is LTS and BIND 9.16 is the current stable ESV release, so 
they’re both still fully supported (and fully patched).

Thanks,
Ben Bridges

From: bind-users 
mailto:bind-users-boun...@lists.isc.org>> On 
Behalf Of John Thurston
Sent: Wednesday, December 7, 2022 2:32 PM
To: bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
Subject: Re: Bind 9.16.1 crash


To me, the next step is to get your instance of BIND somewhat up to date.

I'm not a "gotta be on the bleeding edge" kinda guy, but running a version 
released in first quarter of 2020 is old even by my standards. Is there some 
business reason to keep running a +2 year old version of BIND?

--

Do things because you should, not just because you can.



John Thurston907-465-8591

john.thurs...@alaska.gov<mailto:john.thurs...@alaska.gov>

Department of Administration

State of Alaska
On 12/7/2022 10:32 AM, Ben Bridges wrote:
The BIND version is 9.16.1 running on a fully patched Ubuntu 20.04.5 server.


<~WRD2561.jpg>


<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.springnet.net%2F&data=05%7C01%7Cbbridges%40springnet.net%7C8cfa221dba534b913bc508dad8e51261%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060775631803256%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FSsvuOcOZbeJGvJwFC4eFc1vL4Q3NElIAgIaa1YT504%3D&reserved=0>
<~WRD2561.jpg><https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.springnet.net%2F&data=05%7C01%7Cbbridges%40springnet.net%7C8cfa221dba534b913bc508dad8e51261%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060775631803256%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FSsvuOcOZbeJGvJwFC4eFc1vL4Q3NElIAgIaa1YT504%3D&reserved=0>


Sales 417.575.7000 | Support 417.874.8000 | 
springnet.net<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.springnet.net%2F&data=05%7C01%7Cbbridges%40springnet.net%7C8cfa221dba534b913bc508dad8e51261%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060775631803256%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FSsvuOcOZbeJGvJwFC4eFc1vL4Q3NElIAgIaa1YT504%3D&reserved=0>
--
Visit 
https://lists.isc.org/mailman/listinfo/bind-users<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=05%7C01%7Cbbridges%40springnet.net%7C8cfa221dba534b913bc508dad8e51261%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060775631803256%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fY9Hu18j4I8u5bWAz9vAJRcpGFlXuo5FNwZMW5aLI18%3D&reserved=0>
 to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at 
https://www.isc.org/contact/<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F&data=05%

Re: Bind 9.16.1 crash

2022-12-07 Thread Ondřej Surý
In fact, it’s as far from being “fully patched” as possible. Not all bugs are security bugs and not all crashes are security bugs.Ubuntu is pushing a version that has received most refactoring in the networking code in the recent history.The “we don’t update upstream version” policy works well only if you carefully pick upstream version. Instead this is snapshot of Debian at random point int time and this is the unfortunate result. I’ve negotiated the exception for Debian to carry the latest upstream release for a good reason.You are going to do so much better by using ISC packages. And my general recommendation would be to go straight to latest 9.18.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.On 8. 12. 2022, at 1:03, Ben Bridges  wrote:







According to the Ubuntu maintainers, the bind9 package on our server (1:9.16.1-0ubuntu2.11) is fully patched for all the BIND 9 CVE’s including the latest batch of 6 released on 2022-09-21 (CVE-2022-38178, CVE-2022-38177, CVE-2022-3080,
 CVE-2022-2906, CVE-2022-2881, and CVE-2022-2795).
 
 

From: Emmanuel Fusté  
Sent: Wednesday, December 7, 2022 4:22 PM
To: Ben Bridges ; bind-users@lists.isc.org
Subject: Re: Bind 9.16.1 crash

 


Current ESV : 9.16.35

 


No, your release is not patched.


Add the ISC PPA repo and install the latest ESV. ISC PPA packaged are packaged by the same maintainers.


 


Le mer. 7 déc. 2022, 23:02, Ben Bridges <bbrid...@springnet.net> a écrit :




Ubuntu 20.04.5 is LTS and BIND 9.16 is the current stable ESV release, so they’re both still fully supported (and fully patched).
 
Thanks,
Ben Bridges
 


From: bind-users <bind-users-boun...@lists.isc.org>
On Behalf Of John Thurston
Sent: Wednesday, December 7, 2022 2:32 PM
To: bind-users@lists.isc.org
Subject: Re: Bind 9.16.1 crash


 
To me, the next step is to get your instance of BIND somewhat up to date. 

I'm not a "gotta be on the bleeding edge" kinda guy, but running a version released in first quarter of 2020 is old even by my standards. Is there some business reason to keep running a +2 year old version of BIND?
--
Do things because you should, not just because you can. 
 
John Thurston    907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska

On 12/7/2022 10:32 AM, Ben Bridges wrote:


The BIND version is 9.16.1 running on a fully patched Ubuntu 20.04.5 server.



<~WRD2561.jpg>

<~WRD2561.jpg>

Sales 417.575.7000 | Support 417.874.8000 |

springnet.net

-- 
Visit 
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at

https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users









Sales 417.575.7000 | Support 417.874.8000 | 
springnet.net


-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this listISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.bind-users mailing listbind-users@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: Bind 9.16.1 crash

2022-12-07 Thread stuart@registry.godaddy
As the package maintained by the Ubuntu team are “no longer” the source from 
ISC (but highly modified patches onto an old 9.16.1 source tree), I’d suggest 
following up with the Ubuntu maintainers of the package, as it’s likely their 
back-porting of security patches from much more recent releases is the cause of 
the issue.

Stuart

From: bind-users  on behalf of Ben Bridges 

Date: Thursday, 8 December 2022 at 11:04 am
To: Emmanuel Fusté , "bind-users@lists.isc.org" 

Subject: RE: Bind 9.16.1 crash

According to the Ubuntu maintainers, the bind9 package on our server 
(1:9.16.1-0ubuntu2.11) is fully patched for all the BIND 9 CVE’s including the 
latest batch of 6 released on 2022-09-21 (CVE-2022-38178, CVE-2022-38177, 
CVE-2022-3080, CVE-2022-2906, CVE-2022-2881, and CVE-2022-2795).


From: Emmanuel Fusté 
Sent: Wednesday, December 7, 2022 4:22 PM
To: Ben Bridges ; bind-users@lists.isc.org
Subject: Re: Bind 9.16.1 crash

Current ESV : 9.16.35

No, your release is not patched.
Add the ISC PPA repo and install the latest ESV. ISC PPA packaged are packaged 
by the same maintainers.

Le mer. 7 déc. 2022, 23:02, Ben Bridges 
mailto:bbrid...@springnet.net>> a écrit :
Ubuntu 20.04.5 is LTS and BIND 9.16 is the current stable ESV release, so 
they’re both still fully supported (and fully patched).
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


RE: Bind 9.16.1 crash

2022-12-07 Thread Ben Bridges
It looks like that issue was occurring in a different part of the netmgr code 
and was fixed 8 months ago.

Thanks,
Ben Bridges

From: bind-users  On Behalf Of Andrew Latham
Sent: Wednesday, December 7, 2022 2:35 PM
Cc: bind-users@lists.isc.org
Subject: Re: Bind 9.16.1 crash

I see 
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.isc.org%2Fisc-projects%2Fbind9%2F-%2Fissues%2F3020&data=05%7C01%7Cbbridges%40springnet.net%7Cecd73a07950646259c7e08dad8928a21%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060421148193611%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Fn7fvXD1Lp5Qgy3O910j%2FG3FyPLtYvBRexwPdP0C9Js%3D&reserved=0>
 and 
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5998<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.isc.org%2Fisc-projects%2Fbind9%2F-%2Fmerge_requests%2F5998&data=05%7C01%7Cbbridges%40springnet.net%7Cecd73a07950646259c7e08dad8928a21%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060421148193611%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8hkJR7%2FyIrc2dpUv%2FTYyBKqL2IiumjsZVFfw5yZ2Bog%3D&reserved=0>
 which might help

I did not see a CVE but only did a quick search


On Wed, Dec 7, 2022 at 12:33 PM Ben Bridges 
mailto:bbrid...@springnet.net>> wrote:
Greetings.

This morning one of our BIND daemons crashed.  The following messages were 
logged in named.run at the time:

07-Dec-2022 11:58:37.097 general: critical: netmgr.c:687: 
REQUIRE((__builtin_expect(!!((sock) != ((void *)0)), 1) && 
__builtin_expect(!!(((const isc__magic_t *)(sock))->magic == ((('N') << 24 | 
('M') << 16 | ('S') << 8 | ('K', 1))) failed, back trace
07-Dec-2022 11:58:37.097 general: critical: #0 0x56508c798e43 in ??
07-Dec-2022 11:58:37.097 general: critical: #1 0x7fa72e881ac0 in ??
07-Dec-2022 11:58:37.097 general: critical: #2 0x7fa72e89978a in ??
07-Dec-2022 11:58:37.097 general: critical: #3 0x7fa72e89a240 in ??
07-Dec-2022 11:58:37.097 general: critical: #4 0x7fa72e89e18b in ??
07-Dec-2022 11:58:37.097 general: critical: #5 0x7fa72eb67707 in ??
07-Dec-2022 11:58:37.097 general: critical: #6 0x7fa72eb68fe9 in ??
07-Dec-2022 11:58:37.097 general: critical: #7 0x7fa72eb779b0 in ??
07-Dec-2022 11:58:37.097 general: critical: #8 0x7fa72eb7f9a7 in ??
07-Dec-2022 11:58:37.097 general: critical: #9 0x7fa72eb8116e in ??
07-Dec-2022 11:58:37.097 general: critical: #10 0x7fa72eb816cd in ??
07-Dec-2022 11:58:37.097 general: critical: #11 0x7fa72eb823c9 in ??
07-Dec-2022 11:58:37.097 general: critical: #12 0x7fa72eb884c6 in ??
07-Dec-2022 11:58:37.097 general: critical: #13 0x7fa72e8a8fa1 in ??
07-Dec-2022 11:58:37.097 general: critical: #14 0x7fa72e370609 in ??
07-Dec-2022 11:58:37.097 general: critical: #15 0x7fa72e28f133 in ??
07-Dec-2022 11:58:37.097 general: critical: exiting (due to assertion failure)

I did some googling and was unable to find this specific "netmgr.c:687" 
message.  Is this assertion failure due to a known CVE (perhaps recently 
discovered and not yet patched)?  We've had no issues with this server up to 
this point.  The BIND version is 9.16.1 running on a fully patched Ubuntu 
20.04.5 server.  This server does nothing other than run BIND.  Any assistance 
determining what happened and how to prevent it from happening again would be 
much appreciated.  If this is not the proper forum for this posting, please 
point me in the right direction.

Thanks,
Ben Bridges






Sales 417.575.7000 | Support 417.874.8000 | 
springnet.net<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.springnet.net%2F&data=05%7C01%7Cbbridges%40springnet.net%7Cecd73a07950646259c7e08dad8928a21%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060421148193611%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zJFfISvidD%2FlkA0kDNyzzNK8lyI4deHQDoTLIHb0Qn0%3D&reserved=0>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.springnet.net%2F&data=05%7C01%7Cbbridges%40springnet.net%7Cecd73a07950646259c7e08dad8928a21%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060421148193611%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zJFfISvidD%2FlkA0kDNyzzNK8lyI4deHQDoTLIHb0Qn0%3D&reserved=0>

<https://gcc02.safelinks.protection.out

RE: Bind 9.16.1 crash

2022-12-07 Thread Ben Bridges
According to the Ubuntu maintainers, the bind9 package on our server 
(1:9.16.1-0ubuntu2.11) is fully patched for all the BIND 9 CVE's including the 
latest batch of 6 released on 2022-09-21 (CVE-2022-38178, CVE-2022-38177, 
CVE-2022-3080, CVE-2022-2906, CVE-2022-2881, and CVE-2022-2795).


From: Emmanuel Fusté 
Sent: Wednesday, December 7, 2022 4:22 PM
To: Ben Bridges ; bind-users@lists.isc.org
Subject: Re: Bind 9.16.1 crash

Current ESV : 9.16.35

No, your release is not patched.
Add the ISC PPA repo and install the latest ESV. ISC PPA packaged are packaged 
by the same maintainers.

Le mer. 7 déc. 2022, 23:02, Ben Bridges 
mailto:bbrid...@springnet.net>> a écrit :
Ubuntu 20.04.5 is LTS and BIND 9.16 is the current stable ESV release, so 
they're both still fully supported (and fully patched).

Thanks,
Ben Bridges

From: bind-users 
mailto:bind-users-boun...@lists.isc.org>> On 
Behalf Of John Thurston
Sent: Wednesday, December 7, 2022 2:32 PM
To: bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
Subject: Re: Bind 9.16.1 crash


To me, the next step is to get your instance of BIND somewhat up to date.

I'm not a "gotta be on the bleeding edge" kinda guy, but running a version 
released in first quarter of 2020 is old even by my standards. Is there some 
business reason to keep running a +2 year old version of BIND?

--

Do things because you should, not just because you can.



John Thurston907-465-8591

john.thurs...@alaska.gov<mailto:john.thurs...@alaska.gov>

Department of Administration

State of Alaska
On 12/7/2022 10:32 AM, Ben Bridges wrote:
The BIND version is 9.16.1 running on a fully patched Ubuntu 20.04.5 server.

[Image removed by sender. City Utilities]

[Image removed by sender. 
SpringNet]<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.springnet.net%2F&data=05%7C01%7Cbbridges%40springnet.net%7C76a3db8a1c814fcc43c408dad8a183e5%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060485475551174%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hkHX70hyYBXF%2F8Ygn6J8N0AozojprcfDUZJj043%2Fz%2BQ%3D&reserved=0>

Sales 417.575.7000 | Support 417.874.8000 | 
springnet.net<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.springnet.net%2F&data=05%7C01%7Cbbridges%40springnet.net%7C76a3db8a1c814fcc43c408dad8a183e5%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060485475551174%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hkHX70hyYBXF%2F8Ygn6J8N0AozojprcfDUZJj043%2Fz%2BQ%3D&reserved=0>
--
Visit 
https://lists.isc.org/mailman/listinfo/bind-users<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=05%7C01%7Cbbridges%40springnet.net%7C76a3db8a1c814fcc43c408dad8a183e5%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060485475551174%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=wqftsNprK6CtbC5gYFMpOx3A0Cwu%2BsLr2AZYiJGpv98%3D&reserved=0>
 to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at 
https://www.isc.org/contact/<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F&data=05%7C01%7Cbbridges%40springnet.net%7C76a3db8a1c814fcc43c408dad8a183e5%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060485475551174%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NBs212x2Fz8YFXEUKR4SFKOxRnTiberN8qC9Yc0fTjc%3D&reserved=0>
 for more information.


bind-users mailing list
bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=05%7C01%7Cbbridges%40springnet.net%7C76a3db8a1c814fcc43c408dad8a183e5%7Cd5c4167800674aa2b1d53a72abc6a57c%7C0%7C0%7C638060485475551174%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=wqftsNprK6CtbC5gYFMpOx3A0Cwu%2BsLr2AZYiJGpv98%3D&reserved=0>

[City Utilities]

[SpringNet]<http://www.springnet.net>

Sales 417.575.7000 | Support 417.874.8000 | 
springnet.net<http://www.springnet.net>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: Bind 9.16.1 crash

2022-12-07 Thread Emmanuel Fusté
Current ESV : 9.16.35

No, your release is not patched.
Add the ISC PPA repo and install the latest ESV. ISC PPA packaged are
packaged by the same maintainers.

Le mer. 7 déc. 2022, 23:02, Ben Bridges  a écrit :

> Ubuntu 20.04.5 is LTS and BIND 9.16 is the current stable ESV release, so
> they’re both still fully supported (and fully patched).
>
>
>
> Thanks,
>
> Ben Bridges
>
>
>
> *From:* bind-users  * On Behalf Of *John
> Thurston
> *Sent:* Wednesday, December 7, 2022 2:32 PM
> *To:* bind-users@lists.isc.org
> *Subject:* Re: Bind 9.16.1 crash
>
>
>
> To me, the next step is to get your instance of BIND somewhat up to date.
>
> I'm not a "gotta be on the bleeding edge" kinda guy, but running a version
> released in first quarter of 2020 is old even by my standards. Is there
> some business reason to keep running a +2 year old version of BIND?
>
> --
>
> Do things because you should, not just because you can.
>
>
>
> John Thurston907-465-8591
>
> john.thurs...@alaska.gov
>
> Department of Administration
>
> State of Alaska
>
> On 12/7/2022 10:32 AM, Ben Bridges wrote:
>
> The BIND version is 9.16.1 running on a fully patched Ubuntu 20.04.5
> server.
>
>
> [image: City Utilities]
>
> [image: SpringNet] <http://www.springnet.net>
>
> Sales 417.575.7000 | Support 417.874.8000 | springnet.net
> <http://www.springnet.net>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


RE: Bind 9.16.1 crash

2022-12-07 Thread Ben Bridges
Ubuntu 20.04.5 is LTS and BIND 9.16 is the current stable ESV release, so 
they’re both still fully supported (and fully patched).

Thanks,
Ben Bridges

From: bind-users  On Behalf Of John Thurston
Sent: Wednesday, December 7, 2022 2:32 PM
To: bind-users@lists.isc.org
Subject: Re: Bind 9.16.1 crash


To me, the next step is to get your instance of BIND somewhat up to date.

I'm not a "gotta be on the bleeding edge" kinda guy, but running a version 
released in first quarter of 2020 is old even by my standards. Is there some 
business reason to keep running a +2 year old version of BIND?

--

Do things because you should, not just because you can.



John Thurston907-465-8591

john.thurs...@alaska.gov<mailto:john.thurs...@alaska.gov>

Department of Administration

State of Alaska
On 12/7/2022 10:32 AM, Ben Bridges wrote:
The BIND version is 9.16.1 running on a fully patched Ubuntu 20.04.5 server.

[City Utilities]

[SpringNet]<http://www.springnet.net>

Sales 417.575.7000 | Support 417.874.8000 | 
springnet.net<http://www.springnet.net>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: Bind 9.16.1 crash

2022-12-07 Thread Andrew Latham
I see https://gitlab.isc.org/isc-projects/bind9/-/issues/3020 and
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5998 which might
help

I did not see a CVE but only did a quick search


On Wed, Dec 7, 2022 at 12:33 PM Ben Bridges  wrote:

> Greetings.
>
>
>
> This morning one of our BIND daemons crashed.  The following messages were
> logged in named.run at the time:
>
>
>
> 07-Dec-2022 11:58:37.097 general: critical: netmgr.c:687:
> REQUIRE((__builtin_expect(!!((sock) != ((void *)0)), 1) &&
> __builtin_expect(!!(((const isc__magic_t *)(sock))->magic == ((('N') << 24
> | ('M') << 16 | ('S') << 8 | ('K', 1))) failed, back trace
>
> 07-Dec-2022 11:58:37.097 general: critical: #0 0x56508c798e43 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #1 0x7fa72e881ac0 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #2 0x7fa72e89978a in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #3 0x7fa72e89a240 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #4 0x7fa72e89e18b in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #5 0x7fa72eb67707 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #6 0x7fa72eb68fe9 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #7 0x7fa72eb779b0 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #8 0x7fa72eb7f9a7 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #9 0x7fa72eb8116e in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #10 0x7fa72eb816cd in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #11 0x7fa72eb823c9 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #12 0x7fa72eb884c6 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #13 0x7fa72e8a8fa1 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #14 0x7fa72e370609 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: #15 0x7fa72e28f133 in ??
>
> 07-Dec-2022 11:58:37.097 general: critical: exiting (due to assertion
> failure)
>
>
>
> I did some googling and was unable to find this specific “netmgr.c:687”
> message.  Is this assertion failure due to a known CVE (perhaps recently
> discovered and not yet patched)?  We’ve had no issues with this server up
> to this point.  The BIND version is 9.16.1 running on a fully patched
> Ubuntu 20.04.5 server.  This server does nothing other than run BIND.  Any
> assistance determining what happened and how to prevent it from happening
> again would be much appreciated.  If this is not the proper forum for this
> posting, please point me in the right direction.
>
>
>
> Thanks,
>
> Ben Bridges
>
>
>
>
> [image: City Utilities]
>
> [image: SpringNet] 
>
> Sales 417.575.7000 | Support 417.874.8000 | springnet.net
> 
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>


-- 
- Andrew "lathama" Latham -
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: Bind 9.16.1 crash

2022-12-07 Thread John Thurston

To me, the next step is to get your instance of BIND somewhat up to date.

I'm not a "gotta be on the bleeding edge" kinda guy, but running a 
version released in first quarter of 2020 is old even by my standards. 
Is there some business reason to keep running a +2 year old version of BIND?


--
Do things because you should, not just because you can.

John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska

On 12/7/2022 10:32 AM, Ben Bridges wrote:
The BIND version is 9.16.1 running on a fully patched Ubuntu 20.04.5 
server.-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Bind 9.16.1 crash

2022-12-07 Thread Ben Bridges
Greetings.

This morning one of our BIND daemons crashed.  The following messages were 
logged in named.run at the time:

07-Dec-2022 11:58:37.097 general: critical: netmgr.c:687: 
REQUIRE((__builtin_expect(!!((sock) != ((void *)0)), 1) && 
__builtin_expect(!!(((const isc__magic_t *)(sock))->magic == ((('N') << 24 | 
('M') << 16 | ('S') << 8 | ('K', 1))) failed, back trace
07-Dec-2022 11:58:37.097 general: critical: #0 0x56508c798e43 in ??
07-Dec-2022 11:58:37.097 general: critical: #1 0x7fa72e881ac0 in ??
07-Dec-2022 11:58:37.097 general: critical: #2 0x7fa72e89978a in ??
07-Dec-2022 11:58:37.097 general: critical: #3 0x7fa72e89a240 in ??
07-Dec-2022 11:58:37.097 general: critical: #4 0x7fa72e89e18b in ??
07-Dec-2022 11:58:37.097 general: critical: #5 0x7fa72eb67707 in ??
07-Dec-2022 11:58:37.097 general: critical: #6 0x7fa72eb68fe9 in ??
07-Dec-2022 11:58:37.097 general: critical: #7 0x7fa72eb779b0 in ??
07-Dec-2022 11:58:37.097 general: critical: #8 0x7fa72eb7f9a7 in ??
07-Dec-2022 11:58:37.097 general: critical: #9 0x7fa72eb8116e in ??
07-Dec-2022 11:58:37.097 general: critical: #10 0x7fa72eb816cd in ??
07-Dec-2022 11:58:37.097 general: critical: #11 0x7fa72eb823c9 in ??
07-Dec-2022 11:58:37.097 general: critical: #12 0x7fa72eb884c6 in ??
07-Dec-2022 11:58:37.097 general: critical: #13 0x7fa72e8a8fa1 in ??
07-Dec-2022 11:58:37.097 general: critical: #14 0x7fa72e370609 in ??
07-Dec-2022 11:58:37.097 general: critical: #15 0x7fa72e28f133 in ??
07-Dec-2022 11:58:37.097 general: critical: exiting (due to assertion failure)

I did some googling and was unable to find this specific "netmgr.c:687" 
message.  Is this assertion failure due to a known CVE (perhaps recently 
discovered and not yet patched)?  We've had no issues with this server up to 
this point.  The BIND version is 9.16.1 running on a fully patched Ubuntu 
20.04.5 server.  This server does nothing other than run BIND.  Any assistance 
determining what happened and how to prevent it from happening again would be 
much appreciated.  If this is not the proper forum for this posting, please 
point me in the right direction.

Thanks,
Ben Bridges


[City Utilities]

[SpringNet]

Sales 417.575.7000 | Support 417.874.8000 | 
springnet.net
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users