Hi, I was “assigned” the RC bug as part of BugSprint (http://wiki.debian.org/BugSprint).
After some time debugging, i can add more information. Here is a more simple use case to reproduce the bug from a fresh install of bind9. Add the following lines to /etc/bind/named.conf.local. --8<----------------------------------- acl "plop1" { { 192.168.1.0/24; }; }; acl "plop2" { { 192.168.1.8; 192.168.1.128; }; }; zone "example.com" { type master; file "/etc/bind/db.local"; allow-update { "plop2"; "plop1"; }; }; ----------------------------------->8-- Something very weird is that the following changes make it work correctly : --8<----------------------------------- - { 192.168.1.8; 192.168.1.128; }; + { 192.168.1.8; 192.168.1.X; }; ----------------------------------->8-- with X < 128 or --8<----------------------------------- - allow-update { "plop2"; "plop1"; }; + allow-update { "plop1"; "plop2"; }; ----------------------------------->8-- The backtrace for the segv is the following : --8<----------------------------------- #0 0x00007f136e6c7839 in is_insecure (prefix=0x7f136ecf55b0, data=0x7f136ed1e6f8) at acl.c:499 #1 0x00007f136d871624 in isc_radix_process (radix=0x7f136ed17a60, func=0x7f136e6c77dd <is_insecure>) at radix.c:227 #2 0x00007f136e6c7958 in dns_acl_isinsecure (a=0x7f136ecf3ce0) at acl.c:546 #3 0x000000000045153e in ns_zone_configure (config=0x7f136ed198d0, vconfig=0x0, zconfig=0x7f136ed1bb50, ac=0x41626fe0, zone=0x13d62a0) at zoneconf.c:663 #4 0x0000000000437689 in configure_zone (config=0x7f136ed198d0, zconfig=0x7f136ed1bb50, vconfig=0x0, mctx=0x1308350, view=0x137bf20, aclconf=0x41626fe0) at server.c:2484 #5 0x00000000004331e8 in configure_view (view=0x137bf20, config=0x7f136ed198d0, vconfig=0x0, mctx=0x1308350, actx=0x41626fe0, need_hints=isc_boolean_true) at server.c:1127 #6 0x00000000004393b7 in load_configuration (filename=0x4660a1 "/etc/bind/named.conf", server=0x7f136ecfe010, first_time=isc_boolean_true) at server.c:3275 #7 0x000000000043ab5f in run_server (task=0x7f136ed07010, event=0x0) at server.c:3703 ----------------------------------->8-- I think that the problem comes from the acl struture (arg ac in ns_zone_configure ()) which is not filled correctly : 1 : configure_zone () server.c:2484 2: ns_zone_configure () (zoneconf.c, line 657) -> RETERR(configure_zone_acl(zconfig, vconfig, config, "allow-update", ac, zone, dns_zone_setupdateacl, dns_zone_clearupdateacl)); 3: configure_zone_acl() (zoneconf.c, line 93) -> result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx, actx, dns_zone_getmctx(zone), 0, &dacl); 4: cfg_acl_fromconfig() (aclconf.c, line 253) -> result = dns_iptable_addprefix(iptab, &addr, bitlen, ISC_TF(nest_level != 0 || !neg)); 5: dns_iptable_addprefix (iptable.c, line 61) -> result = isc_radix_insert(tab->radix, &node, NULL, &pfx); 6: isc_radix_insert (radix.c, line 301) -> .... The segv occurs because the node->data[] 'array' contains null value but it should not hence i think there is something goes wrong in isc_radix_insert() with this use case. It's a bit difficult to fix this bug regarding the complexity of the code, and difficult to have a fix with no side effects. I'm CCing [EMAIL PROTECTED], and hope they could take a look at these bugs and help us to fix them. Any help would be appreciated. Cheers, -- Emmanuel Bouthenot -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]