View Issue Details

IDProjectCategoryView StatusLast Update
0009901Rocky-Linux-8bind9.16public2025-07-03 06:41
ReporterFico Wang Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
PlatformRocky8 
Summary0009901: BIND9.16.23 version fired coredump when empty the BIND forwarders list and using stale cache
DescriptionWhen empty the forwarders list (example see attached file) and using the stale cache feature in Rocky8, there will be coredump fired(which make the named process restarted).
i have opened one ISC ticket(https://gitlab.isc.org/isc-projects/bind9/-/issues/5390) and at last point to issue should not be in ISC but in Rocky.
Then i made further testing, result shows issue cannot be seen in BIND9.16.23 in Rokcy9, but can be reproduced in Rocky8.

Steps To Reproduce(1)Set config with attached conf file(set the forwarder address available at the beginning)
(2)Trigger one client query, upstream server will response successfully, the cache will be saved as positive ones.
(3)Then empty the forwarder list (by adding prefix // as in attached file example) and trigger dns queries again, the stale cache will take effective after positive TTL expired.
(4)Then trigger several dns queries to BIND9 when stale cache in use, then core dump file will be generated(named process restarted) after stale cache serving for several queries.
Additional Informationcat /etc/os-release
NAME="Rocky Linux"
VERSION="8.10 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.10 (Green Obsidian)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2029-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-8"
ROCKY_SUPPORT_PRODUCT_VERSION="8.10"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.10"

bash-4.4# named -v
BIND 9.16.23-RH (Extended Support Version) <id:fde3b1f>

TagsNo tags attached.
Attached Files
bind9.16.23-bind-config.txt (1,984 bytes)   
options {
    forward only;

    forwarders {
        //1.1.1.1 port 53;
    };

    max-cache-ttl 10;
    max-ncache-ttl 10;
    max-cache-size 10M;

    stale-cache-enable yes;
    stale-answer-enable yes;
    max-stale-ttl 120;
    stale-answer-ttl 90;
    stale-answer-client-timeout 0;
    stale-refresh-time 40;

    // needed for bind9.16
    dnssec-validation no;

    max-udp-size 1232;
    edns-udp-size 1232;

    minimal-responses yes;

    listen-on port 1053 { 2.2.2.2; };
    listen-on-v6 port 1053 { none; };

    allow-query { any; };

    query-source 3.3.3.3;

    dscp 0;

    // version statement - inhibited for security
    // (avoids hacking any known weaknesses)
    version "not available";

    // disable all zone transfer requests
    allow-transfer{"none";};

    recursion yes;

    statistics-file "/var/named/named.stats";
    directory "/var/cache/bind";
    zone-statistics yes;
    resolver-retry-interval 800;
};

logging {
    channel container_stderr {
        stderr;
        print-category yes;
        print-severity yes;
        print-time yes;
    };
    category default { container_stderr; };
    category unmatched { null; };
    // Add these for stale cache
    category resolver { container_stderr; };
    category serve-stale { container_stderr; };
};

// rdnc enabled
key "rndc-key" {
        algorithm hmac-md5;
        secret "testtest";
};

controls {
        inet 127.0.0.1 port 1053
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

statistics-channels {
    inet 127.0.0.1 port 1053 allow { 127.0.0.1; };
};

// test zone for internal health checker
zone "dnsproxy.health.test" in {
    type master;
    file "/usr/bind9_configurator/config/dnsproxy_health.rev";
    allow-update { none; };
};

// disabling EDNS
server ::/0 {
    edns no;
};
server 0.0.0.0/0 {
    edns no;
};

server 1.1.1.1 {
    query-source 3.3.3.3;
};
bind9.16.23-bind-config.txt (1,984 bytes)   

Activities

Issue History

Date Modified Username Field Change
2025-07-03 06:41 Fico Wang New Issue
2025-07-03 06:41 Fico Wang File Added: bind9.16.23-bind-config.txt