Am 11.06.19 um 18:02 schrieb PGNet Dev:
> I just bumped NSD
> 
>       nsd -v
>               NSD version 4.2.0
> 
> on a linux64 VM.
> 
> On axfrs, I'm seeing segfaults in libssl
> 
>       Jun 11 08:53:24 ns03 nsd[12296]: axfr for example1.com. from 
> 109.74.194.10
>       Jun 11 08:53:24 ns03 kernel: [35762.840704] nsd[12296]: segfault at 
> 560244acb618 ip 00007fefedb81406 sp 00007ffe6c552ac0 error 7 in 
> libssl.so.1.1[7fefedb43000+86000]
>       Jun 11 08:53:24 ns03 nsd[12246]: server 12296 died unexpectedly, 
> restarting
>       Jun 11 08:53:24 ns03 nsd[12225]: [2019-06-11 08:53:24.960] nsd[12246]: 
> warning: server 12296 died unexpectedly, restarting
>       Jun 11 08:53:25 ns03 nsd[12246]: process 12296 terminated with status 
> 139
>       Jun 11 08:53:25 ns03 nsd[12225]: [2019-06-11 08:53:25.030] nsd[12246]: 
> warning: process 12296 terminated with status 139
>       Jun 11 08:53:25 ns03 nsd[12297]: axfr for example2.com. from 
> 207.192.70.10
>       Jun 11 08:53:25 ns03 nsd[12225]: [2019-06-11 08:53:25.557] nsd[12297]: 
> info: axfr for example2.com. from 207.192.70.10
>       Jun 11 08:53:25 ns03 nsd[12225]: [2019-06-11 08:53:25.557] nsd[12297]: 
> info: axfr for example3.com. from 207.192.70.10
>       Jun 11 08:53:25 ns03 nsd[12297]: axfr for example3.com. from 
> 207.192.70.10
>       Jun 11 08:53:25 ns03 nsd[12297]: axfr for example4.com. from 
> 207.192.70.10
>       Jun 11 08:53:25 ns03 nsd[12225]: [2019-06-11 08:53:25.565] nsd[12297]: 
> info: axfr for example4.com. from 207.192.70.10
>       Jun 11 08:53:25 ns03 kernel: [35763.583172] nsd[12297]: segfault at 
> 560244acb618 ip 00007fefedb81406 sp 00007ffe6c552ac0 error 7 in 
> libssl.so.1.1[7fefedb43000+86000]
> 
> Note, *NOT* on every axfr; some seem to work.
> 
> Just starting to troubleshoot here ...
> 
> Any obvious issues that are already known that might cause this?

Hello "PGNet Dev"

now, as you ask:

I see similar messages before I updated from 4.1.27 to 4.2.0
And now, as you mentioned that issue, I also found the segfault message :-)

From what I see something bad must happen *after* AXFR is completed.

 - I see no warning/error on the consumer side
 - I don't use TLS for AXFR
 - it happened also on 4.1.27
 - I can't reproduce in an lab environment
 - none of my users asked me that they miss something

BTW: There is a draft ¹) "Message Digest for DNS Zones" to prove a transferred 
zone was received complete

I've added ²) the ldns-zone-digest tool in my ldns instance and can create and 
verify zone files.
Unfortunately not in this particilar installation :-/
Would be helpful if nsd could check such ZONEMD if available

Andreas


¹) https://tools.ietf.org/html/draft-wessels-dns-zone-digest-06
²) https://open.nlnetlabs.nl/pipermail/ldns-users/2018-November/000934.html
_______________________________________________
nsd-users mailing list
nsd-users@NLnetLabs.nl
https://open.nlnetlabs.nl/mailman/listinfo/nsd-users

Reply via email to