View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009901 | Rocky-Linux-8 | bind9.16 | public | 2025-07-03 06:41 | 2025-07-03 06:41 |
| Reporter | Fico Wang | Assigned To | |||
| Priority | high | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | Rocky8 | ||||
| Summary | 0009901: BIND9.16.23 version fired coredump when empty the BIND forwarders list and using stale cache | ||||
| Description | When empty the forwarders list (example see attached file) and using the stale cache feature in Rocky8, there will be coredump fired(which make the named process restarted). i have opened one ISC ticket(https://gitlab.isc.org/isc-projects/bind9/-/issues/5390) and at last point to issue should not be in ISC but in Rocky. Then i made further testing, result shows issue cannot be seen in BIND9.16.23 in Rokcy9, but can be reproduced in Rocky8. | ||||
| Steps To Reproduce | (1)Set config with attached conf file(set the forwarder address available at the beginning) (2)Trigger one client query, upstream server will response successfully, the cache will be saved as positive ones. (3)Then empty the forwarder list (by adding prefix // as in attached file example) and trigger dns queries again, the stale cache will take effective after positive TTL expired. (4)Then trigger several dns queries to BIND9 when stale cache in use, then core dump file will be generated(named process restarted) after stale cache serving for several queries. | ||||
| Additional Information | cat /etc/os-release NAME="Rocky Linux" VERSION="8.10 (Green Obsidian)" ID="rocky" ID_LIKE="rhel centos fedora" VERSION_ID="8.10" PLATFORM_ID="platform:el8" PRETTY_NAME="Rocky Linux 8.10 (Green Obsidian)" ANSI_COLOR="0;32" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:rocky:rocky:8:GA" HOME_URL="https://rockylinux.org/" BUG_REPORT_URL="https://bugs.rockylinux.org/" SUPPORT_END="2029-05-31" ROCKY_SUPPORT_PRODUCT="Rocky-Linux-8" ROCKY_SUPPORT_PRODUCT_VERSION="8.10" REDHAT_SUPPORT_PRODUCT="Rocky Linux" REDHAT_SUPPORT_PRODUCT_VERSION="8.10" bash-4.4# named -v BIND 9.16.23-RH (Extended Support Version) <id:fde3b1f> | ||||
| Tags | No tags attached. | ||||
| Attached Files | bind9.16.23-bind-config.txt (1,984 bytes)
options {
forward only;
forwarders {
//1.1.1.1 port 53;
};
max-cache-ttl 10;
max-ncache-ttl 10;
max-cache-size 10M;
stale-cache-enable yes;
stale-answer-enable yes;
max-stale-ttl 120;
stale-answer-ttl 90;
stale-answer-client-timeout 0;
stale-refresh-time 40;
// needed for bind9.16
dnssec-validation no;
max-udp-size 1232;
edns-udp-size 1232;
minimal-responses yes;
listen-on port 1053 { 2.2.2.2; };
listen-on-v6 port 1053 { none; };
allow-query { any; };
query-source 3.3.3.3;
dscp 0;
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "not available";
// disable all zone transfer requests
allow-transfer{"none";};
recursion yes;
statistics-file "/var/named/named.stats";
directory "/var/cache/bind";
zone-statistics yes;
resolver-retry-interval 800;
};
logging {
channel container_stderr {
stderr;
print-category yes;
print-severity yes;
print-time yes;
};
category default { container_stderr; };
category unmatched { null; };
// Add these for stale cache
category resolver { container_stderr; };
category serve-stale { container_stderr; };
};
// rdnc enabled
key "rndc-key" {
algorithm hmac-md5;
secret "testtest";
};
controls {
inet 127.0.0.1 port 1053
allow { 127.0.0.1; } keys { "rndc-key"; };
};
statistics-channels {
inet 127.0.0.1 port 1053 allow { 127.0.0.1; };
};
// test zone for internal health checker
zone "dnsproxy.health.test" in {
type master;
file "/usr/bind9_configurator/config/dnsproxy_health.rev";
allow-update { none; };
};
// disabling EDNS
server ::/0 {
edns no;
};
server 0.0.0.0/0 {
edns no;
};
server 1.1.1.1 {
query-source 3.3.3.3;
};
| ||||
