Hi Jeroen, In the case that triggered this crash for us, someone typo-ed nsd.conf by adding the zone "bar.foo.com" (which didn't exist). They meant to add a different zone name.
Chris ________________________________ From: Jeroen Koekkoek <jer...@nlnetlabs.nl> Sent: Wednesday, October 16, 2024 3:18 AM To: Chris LaVallee <claval...@edg.io>; nsd-users@lists.nlnetlabs.nl <nsd-users@lists.nlnetlabs.nl> Subject: Re: [nsd-users] SIGSEGV in rbtree_find_less_equal Hi Chris, I've properly started looking into this yesterday. NSD definitely shouldn't crash, still working on that. However, the provided zone is invalid too(?) I'm not the foremost expert on NSEC3 (or even DNSSEC), but is seems an NSEC3 is missing for bar.foo.com. Empty non-terminals should still have an NSEC3 RR. (Of course, the delegation point should be at bar.foo.com. too and a.bar.foo.com. is an occluded name and this situation is purely hypothetical). I used the attached zone file along with the following commands to generate a zone file to The input I used to generate: ldns-keygen -a 13 -k foo.com dnssec-signzone -3 AA61D5A398769C09 -H 0 -S -A -z -o foo.com. foo.com.zone Kfoo.com.+013+58636 Doesn't get me the exact the same thing, but good enough to get the same segfault. - Jeroen On Wed, 2024-10-09 at 13:53 +0200, Jeroen Koekkoek via nsd-users wrote: > Hi Chris, > > I can reproduce with your zone. Thanks! > > Best, > Jeroen > > > On Tue, 2024-10-08 at 14:07 +0000, Chris LaVallee wrote: > > > > Hi Jeroen, > > > > > > Attached is the zone I used. Did you add the record for a.bar ? > > > > > > Ex: > > > > > > a.bar 300 IN NS ns.somewhere.net. > > > > > > Chris > > > > > > > > > > > > > > > > > > > > > > > > > > From: Jeroen Koekkoek <jer...@nlnetlabs.nl> > > Sent: Tuesday, October 8, 2024 5:33 AM > > To: Chris LaVallee <claval...@edg.io>; nsd-users@lists.nlnetlabs.nl > > <nsd-users@lists.nlnetlabs.nl> > > Subject: Re: [nsd-users] SIGSEGV in rbtree_find_less_equal > > > > > > > > > > Hi Chris, > > > > I'm having trouble trying to reproduce the issue locally. > > > > Like you I configure two zones. > > > > zone: > > name: example.com. > > zonefile: example.com.zone.signed > > > > zone: > > name: bar.example.com. > > zonefile: bar.example.com.zone > > > > The file bar.example.com.zone does not exist. After touching and > > reloading the signed zone, no segfault occurs. I've tried with and > > without the "--disable-radix-tree" configure option (as the error > > occurs in the rbtree). I've also tried with example.com. being an > > NSEC > > and NSEC3 zone. > > > > Can you provide some more details? > > > > Best regards, > > Jeroen > > > > > > > > > > On Wed, 2024-10-02 at 14:57 +0000, Chris LaVallee via nsd-users > > wrote: > > > > > > Hi, > > > > > > > > > I found a reproducible seg fault with a DNSSEC signed zone and > > > overlapping config. I'm running NSD 4.10.1. Here's how to > > > reproduce. > > > > > > > > > 2 zones in nsd.conf: > > > > > > > > > zone: > > > name: "foo.com." > > > zonefile: "/zones/foo.com.zone.signed" > > > > > > > > > zone: > > > name: "bar.foo.com." > > > zonefile: "/zones/bar.foo.com.zone" > > > > > > > > > > > > > > > Zone files: > > > > > > > > > foo.com.zone.signed is DNSSEC signed with a record for a.bar (A > > > record or anything) > > > bar.foo.com.zone doesn't exist (but it's in nsd.conf shown > > > above) > > > > > > > > > > > > > > > Steps: > > > 1) Startup NSD > > > 2) touch foo.com.zone.signed > > > 3) reload NSD > > > > > > > > > > > > > > > nsd.log will say: > > > [2024-10-02 07:19:58.691] nsd[962739]: info: control cmd: reload > > > [2024-10-02 07:19:58.845] nsd[962752]: error: handle_reload_cmd: > > > reload closed cmd channel > > > [2024-10-02 07:19:58.845] nsd[962752]: warning: Reload process > > > 962740 > > > failed, continuing with old database > > > > > > > > > core dump says SIGSEGV in rbtree_find_less_equal > > > > > > > > > > > > > > > Chris LaVallee > > > Edgio (formally EdgeCast Networks) > > > > > > > > > > > > > > > _______________________________________________ > > > nsd-users mailing list > > > nsd-users@lists.nlnetlabs.nl > > > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users > > > > _______________________________________________ > nsd-users mailing list > nsd-users@lists.nlnetlabs.nl > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
_______________________________________________ nsd-users mailing list nsd-users@lists.nlnetlabs.nl https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
