Package: bind9 Version: 1:9.19.17-1 Severity: normal I've got a bind configuration that's been around for many years at this point. Noticed today that named had failed to restart at some time in the past. Nothing in /var/log/bind after it had shut down, nothing visible in systemctl status, nor journalctl -xeu named.service apart from note of a bad return code. Running with named -g found it complaining about these lines in my named.conf.local:
zone "com" { type delegation-only; }; zone "net" { type delegation-only; }; I don't have a memory of why or when I added these (maybe when bad lookups suddenly were redirecting to advertising?), but https://bind9.readthedocs.io/en/v9.18.18/notes.html mentions the delegation-only option being deprecated. So, not great that it was hard to debug, but it's probably peculiar to my configuration. I thought it was worth filing a bug in any case anyone else runs across this. My fix was simply to remove those two lines since they do not appear to be relevant any more. If support for delegation-only has indeed been removed, it seems a little strange it's not in the bind release notes etc. -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-2-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages bind9 depends on: ii adduser 3.137 ii bind9-libs 1:9.19.17-1 ii bind9-utils 1:9.19.17-1 ii debconf [debconf-2.0] 1.5.82 ii dns-root-data 2023010101 ii init-system-helpers 1.65.2 ii iproute2 6.5.0-4 ii libc6 2.37-12 ii libcap2 1:2.66-4 ii libfstrm0 0.6.1-1 ii libjson-c5 0.17-1 ii liblmdb0 0.9.31-1 ii libmaxminddb0 1.7.1-1 ii libnghttp2-14 1.57.0-1 ii libprotobuf-c1 1.4.1-1+b1 ii libssl3 3.0.11-1 ii libsystemd0 254.5-1 ii libuv1 1.46.0-2 ii libxml2 2.9.14+dfsg-1.3 ii lsb-base 11.6 ii netbase 6.4 ii sysvinit-utils [lsb-base] 3.08-3 ii zlib1g 1:1.2.13.dfsg-3 bind9 recommends no packages. Versions of packages bind9 suggests: pn bind-doc <none> ii bind9-dnsutils [dnsutils] 1:9.19.17-1 ii dnsutils 1:9.19.17-1 ii resolvconf 1.91+nmu1 pn ufw <none> -- Configuration Files: /etc/apparmor.d/local/usr.sbin.named changed: /etc/opendkim/keys/** r, /var/log/bind/** rw, /var/log/bind/ rw, /run/named/ rwm, /etc/bind/named.conf changed: // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local //include "/etc/bind/named.conf.keys"; include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; /etc/bind/named.conf.local changed: // // Do any local configuration here // // $Id: named.conf.local,v 1.5 2014/03/11 15:37:22 root Exp chris $ // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; //zone "com" { type delegation-only; }; //zone "net" { type delegation-only; }; // reduce log verbosity on issues outside our control logging { channel default_file { file "/var/log/bind/named.log" versions 3 size 10m; print-time yes; print-category yes; }; // category default { default_syslog; default_debug; }; category default { default_syslog; default_debug; default_file; }; // category panic { default_syslog; default_stderr; default_file; }; // category packet { default_debug; }; // category eventlib { default_debug; }; category lame-servers { null; }; category edns-disabled { null; }; // category cname { null; }; channel querylog { file "/var/log/bind/queries.log" versions 3 size 10m; print-time yes; }; category queries { querylog; }; }; /// Masters zone "snurgle.org" { type master; file "/etc/bind/snurgle.db"; }; zone "snurgle.com" { type master; file "/etc/bind/snurglecom.db"; }; zone "chiappa.net" { type master; file "/etc/bind/chiappa.db"; }; zone "chiap.com.pa" { type master; file "/etc/bind/chiapcompa.db"; }; zone "noelie.org" { type master; file "/etc/bind/noelie.db"; }; zone "oliverhenry.net" { type master; file "/etc/bind/oliverhenry.db"; }; zone "chiappa-blanco.com" { type master; file "/etc/bind/chiappablanco.db"; }; //zone "bostoncommoners.org" { // type master; // file "/etc/bind/bcfc.db"; //}; //zone "barelyunited.org" { // type master; // file "/etc/bind/barelyunited.db"; //}; //zone "i-still-live.org" { // type master; // file "/etc/bind/istilllive.db"; //}; //zone "naan.org" { // type master; // file "/etc/bind/naan.db"; //}; zone "roboticschick.org" { type master; file "/etc/bind/robochick.db"; }; zone "laurelriek.org" { type master; file "/etc/bind/laurel.db"; }; //zone "tropnevad.org" { // type slave; // file "tropnevad.ca"; // masters { // 66.92.66.179; // }; //}; //zone "media-pipe.com" { // type master; // file "/etc/bind/mediapipe.db"; //}; //zone "waterbedband.com" { // type master; // file "/etc/bind/waterbedband.db"; //}; zone "bigw.org" { type slave; file "bigw.ca"; masters { 50.244.203.196; }; }; /etc/bind/named.conf.options changed: acl "good-guys" { 10.1/16; 127/8; localhost; // 72.93.243.58; // 72.93.243.59; // 72.93.243.60; // 71.174.62.45; // 74.104.148.229; 108.7.58.73; 71.19.149.58; // cirrus 2605:2700:0:5::4713:953a; 71.19.144.99; // stratus 2605:2700:0:2::4713:9063; }; options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; auth-nxdomain no; # conform to RFC1035 //listen-on-v6 { any; }; allow-transfer { "good-guys"; }; allow-query { any; }; allow-recursion { "good-guys"; }; dnssec-validation no; statistics-file "/var/run/named/named.stats"; }; -- debconf information: bind9/different-configuration-file: bind9/run-resolvconf: false bind9/start-as-user: bind