Dear list,
When recently trying to upgrade some secondary-only authoritative
servers running on Windows machines, I found that Bind 9.16.25 (x86_64)
binaries from isc.org failed to completely startup, causing Windows to
report that "1067 The process terminated unexpectedly.", with 0 process
exit code. Attempting to up the debug level all the way to "-d 100"
failed to log a reason, but downgrading to the 9.16.21 binaries resumed
operation.
Is there a known issue and workaround for this, or is there any
additional information to extract?
The bind binaries are installed in C:\Program Files\ISC BIND 9\bin
The config files are in C:\Program Files\ISC BIND 9\etc
Commenting out all the configured secondary zones did not fix the issues.
The zone primaries are identified by IP address in the zone config entries.
One of the last (but not always the actual last) debug messages logged
before failure was this:
resolver: debug 1: fetch: ./NS
This may or may not point to incomplete disabling of useless root server
access attempts.
Current config file:
options {
directory "C:\Program Files\ISC BIND 9\etc";
automatic-interface-scan no;
listen-on { 172.31.41.230; 127.0.0.1; };
listen-on-v6 { any; };
// Authoritative only
allow-query-cache { none; };
// Do not provide recursive service
recursion no;
// This is the default
allow-query { any; };
// This is not
allow-transfer { none; };
// Other useful settings
minimal-responses yes;
multi-master yes;
notify master-only;
version none;
server-id hostname;
max-zone-ttl 2764800;
// Prevent queries that would case troubles
blackhole { 0.0.0.0/8;
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
169.254.0.0/16; };
};
logging {
channel bind.log {
file "C:\Windows\logs\bind\bind.log" versions 10 size 20m;
// severity information;
print-category yes;
print-severity yes;
print-time yes;
};
category client { bind.log; };
category cname { bind.log; };
category config { bind.log; };
category database { bind.log; };
category default { bind.log; };
category delegation-only { bind.log; };
category dispatch { bind.log; };
category dnssec { bind.log; };
category dnstap { bind.log; };
category edns-disabled { bind.log; };
category general { bind.log; };
category lame-servers { bind.log; };
category network { bind.log; };
category notify { bind.log; };
category nsid { bind.log; };
category queries { bind.log; };
category query-errors { bind.log; };
category rate-limit { bind.log; };
category resolver { bind.log; };
category rpz { bind.log; };
category security { bind.log; };
category serve-stale { bind.log; };
category spill { bind.log; };
category trust-anchor-telemetry { bind.log; };
category unmatched { bind.log; };
category update { bind.log; };
category update-security { bind.log; };
category xfer-in { bind.log; };
category xfer-out { bind.log; };
category zoneload { bind.log; };
};
include "zones.bind.conf";
include "rndc.key";
controls {
inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; };
};
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
