9.16.13 overwrote master files

Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

9.16.13 overwrote master files

Bind-Users forum mailing list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I just updated from 9.16.12 to 9.16.13.

zone "naturediscovery.org" { type master;  file
"named.naturediscovery.org";  };

9.16.13 has overwritten the master file with the current zone contents,
replacing the $INCLUDE statements with the contents of the included
files.

Is there some new config item to prevent this?


-----BEGIN PGP SIGNATURE-----

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYF+vMBUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsHjeQCfRQ9MOrPma6hoUpYycgb3zbTSVhUA
n3GNG6lyTPbYZ4W2w8EVPrL7Ltra
=5yyq
-----END PGP SIGNATURE-----


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: 9.16.13 overwrote master files

Mark Andrews
What do you have in options?

> On 28 Mar 2021, at 09:18, Carl Byington via bind-users <[hidden email]> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> I just updated from 9.16.12 to 9.16.13.
>
> zone "naturediscovery.org" { type master;  file
> "named.naturediscovery.org";  };
>
> 9.16.13 has overwritten the master file with the current zone contents,
> replacing the $INCLUDE statements with the contents of the included
> files.
>
> Is there some new config item to prevent this?
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYF+vMBUcY2FybEBmaXZl
> LXRlbi1zZy5jb20ACgkQL6j7milTFsHjeQCfRQ9MOrPma6hoUpYycgb3zbTSVhUA
> n3GNG6lyTPbYZ4W2w8EVPrL7Ltra
> =5yyq
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: [hidden email]

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: 9.16.13 overwrote master files

Bind-Users forum mailing list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Mon, 2021-03-29 at 12:54 +1100, Mark Andrews wrote:
> What do you have in options?

options {
    directory "/var/named";
    allow-recursion { "friends"; };
    dnssec-enable yes;
    dnssec-validation auto;
    bindkeys-file "/etc/named.bind.keys";
    managed-keys-directory "/var/named/dynamic";
    listen-on-v6 {any;};
    ixfr-from-differences yes;
    max-journal-size 2m;
    notify yes;
    response-policy { zone "rpz.five-ten-sg.com";}
        qname-wait-recurse no;
    rate-limit {
        responses-per-second 500;
        errors-per-second    50;
        nxdomains-per-second 500;
        qps-scale            4000;
        exempt-clients { "friends"; };
    };
    max-recursion-queries 200; qname-minimization disabled;
    fetches-per-server 50;
    fetches-per-zone   50;
    server-id hostname;
};

This is on Centos 8. I will setup a VM tomorrow for more testing on
this. For now, reverted back to 9.16.12.




-----BEGIN PGP SIGNATURE-----

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYGFRRxUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsFm/wCbBpzr/W/QdtUMG0hhstYcI1wpsBcA
nRdv220ju0R0IIEgbLzfbXs8CjHX
=+zDb
-----END PGP SIGNATURE-----




_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: 9.16.13 overwrote master files

Mark Andrews
Carl,
      can you add a “#” in front of "dnssec-policy” in bin/named/config.c
and see how that goes for you.  That will comment out the default
‘dnssec-policy “none”;’.

Please let us know how that goes for you.

Mark

> On 29 Mar 2021, at 15:02, Carl Byington <[hidden email]> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Mon, 2021-03-29 at 12:54 +1100, Mark Andrews wrote:
>> What do you have in options?
>
> options {
>    directory "/var/named";
>    allow-recursion { "friends"; };
>    dnssec-enable yes;
>    dnssec-validation auto;
>    bindkeys-file "/etc/named.bind.keys";
>    managed-keys-directory "/var/named/dynamic";
>    listen-on-v6 {any;};
>    ixfr-from-differences yes;
>    max-journal-size 2m;
>    notify yes;
>    response-policy { zone "rpz.five-ten-sg.com";}
>        qname-wait-recurse no;
>    rate-limit {
>        responses-per-second 500;
>        errors-per-second    50;
>        nxdomains-per-second 500;
>        qps-scale            4000;
>        exempt-clients { "friends"; };
>    };
>    max-recursion-queries 200; qname-minimization disabled;
>    fetches-per-server 50;
>    fetches-per-zone   50;
>    server-id hostname;
> };
>
> This is on Centos 8. I will setup a VM tomorrow for more testing on
> this. For now, reverted back to 9.16.12.
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYGFRRxUcY2FybEBmaXZl
> LXRlbi1zZy5jb20ACgkQL6j7milTFsFm/wCbBpzr/W/QdtUMG0hhstYcI1wpsBcA
> nRdv220ju0R0IIEgbLzfbXs8CjHX
> =+zDb
> -----END PGP SIGNATURE-----
>
>
>
>

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: [hidden email]

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: 9.16.13 overwrote master files

Bind-Users forum mailing list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Tue, 2021-03-30 at 15:45 +1100, Mark Andrews wrote:

> can you add a "#" in front of "dnssec-policy" in bin/named/config.c
> and see how that goes for you.  That will comment out the default
> 'dnssec-policy "none";'.

I have not been able to reproduce this in a disposable centos 8 VM,
using the same /etc/named.conf and /var/named contents from the
production server. If I cannot make that work, I will try reproducing
the error on the production server tomorrow. Once I get a reproducible
scenario, I will try your above patch.


-----BEGIN PGP SIGNATURE-----

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYGOI7xUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsHU1QCgi6yeu2Yls19f/406zWLIoqo3/QMA
nA4PFkv1wnI089pW+VFch454UoLg
=hTUy
-----END PGP SIGNATURE-----


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: 9.16.13 overwrote master files

Ondřej Surý
Hi Carl,

at this point, I am going to ask you to open an issue in our GitLab instance:

https://gitlab.isc.org/isc-projects/bind9/issues

Thanks,
Ondrej
--
Ondřej Surý (He/Him)
[hidden email]

> On 30. 3. 2021, at 22:24, Carl Byington via bind-users <[hidden email]> wrote:
>
> Signed PGP part
> On Tue, 2021-03-30 at 15:45 +1100, Mark Andrews wrote:
>
> > can you add a "#" in front of "dnssec-policy" in bin/named/config.c
> > and see how that goes for you.  That will comment out the default
> > 'dnssec-policy "none";'.
>
> I have not been able to reproduce this in a disposable centos 8 VM,
> using the same /etc/named.conf and /var/named contents from the
> production server. If I cannot make that work, I will try reproducing
> the error on the production server tomorrow. Once I get a reproducible
> scenario, I will try your above patch.
>
>
>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: 9.16.13 overwrote master files

Bind-Users forum mailing list
In reply to this post by Mark Andrews
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Issue #2623 opened at gitlab. It appears to be tied to attempts to use
the old journal format:

zone local/IN/normal: retried using old journal format


-----BEGIN PGP SIGNATURE-----

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYHM0bhUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsFhLACgicNwiEmrZonfJpM70v1NfHL1BVQA
n2VuDBTqHCPKtGhZlRpMHPkUkN0H
=kr0W
-----END PGP SIGNATURE-----


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users