RE: BIND 9.7.3-P3 crash on multiple cashing servers
We had the same thing, affected only one of our DNS servers (behind a load-balancer). Here's the relevant log snippet: Nov 15 23:03:33 mail1 named[4601]: query.c:1781: INSIST(! dns_rdataset_isassociated(sigrdataset)) failed, back trace Nov 15 23:03:33 mail1 named[4601]: #0 0x7f1b1e97686f in ?? Nov 15 23:03:33 mail1 named[4601]: #1 0x7f1b1d346b1a in ?? Nov 15 23:03:33 mail1 named[4601]: #2 0x7f1b1e982f8a in ?? Nov 15 23:03:33 mail1 named[4601]: #3 0x7f1b1e237e93 in ?? Nov 15 23:03:33 mail1 named[4601]: #4 0x7f1b1e263e9d in ?? Nov 15 23:03:33 mail1 named[4601]: #5 0x7f1b1e97aa1e in ?? Nov 15 23:03:33 mail1 named[4601]: #6 0x7f1b1e98036d in ?? Nov 15 23:03:33 mail1 named[4601]: #7 0x7f1b1e981bb7 in ?? Nov 15 23:03:33 mail1 named[4601]: #8 0x7f1b1d365439 in ?? Nov 15 23:03:33 mail1 named[4601]: #9 0x7f1b1c74a8ba in ?? Nov 15 23:03:33 mail1 named[4601]: #10 0x7f1b1c16202d in ?? Nov 15 23:03:33 mail1 named[4601]: exiting (due to assertion failure) All times are U.S. Central Time and we're running on Debian (Linux mail1 2.6.32-5-amd64 #1 SMP Wed Jan 12 03:40:32 UTC 2011 x86_64 GNU/Linux). server:/etc/rc3.d# /usr/sbin/named -v BIND 9.7.3 server:/ Frank From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of Samer Khattab Sent: Wednesday, November 16, 2011 2:09 AM To: bind-users@lists.isc.org Subject: BIND 9.7.3-P3 crash on multiple cashing servers 8 of our cashing-only name servers crashed in a random sequence, and the crash happened in a 10 minutes time. The servers are running BIND 9.7.3-P3. The crash produced a core dump for the named process. Does anybody has a similar case recently? Is this a security issue ? Regards, Samer ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed
On Wednesday 16 November 2011 07:21:12 Will Lists wrote: Just for for my own knowledge, as I haven't had the issue (yet), what log would this error appear in? This will of course vary by OS. I haven't had it yet either, but I would expect to see (by default) a daemon.{err,crit,alert} message in syslog. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: All Bind servers crashed
On Wed, 16 Nov 2011, Bill Owens wrote: On Wed, Nov 16, 2011 at 09:57:18AM +0100, Stephane Bortzmeyer wrote: On Wed, Nov 16, 2011 at 09:47:48AM +0100, Magnus Schmidt m...@bisping.de wrote a message of 49 lines which said: Nov 16 05:30:41 xxx named[1326]: critical: query.c:1781: INSIST(! dns_rdataset_isassociated(sigrdataset)) failed, back trace This behavior makes me bet that the trigger is a name in an incoming email message, being resolved by an anti-spam filter. That appeared to trigger a site-wide resolver crash back in May, when the oversigned .gov zone was mentioned on a list (this particular list, I think). That suggests looking in the inbound mail spool to see what might have been received at the time of the crash might be productive. Regardless of how the query was started, if this theory of propagation is correct I'd suggest that posting the triggering name unobscured in an email message would be A Bad Thing, even if one is emailing it to ISC as they've suggested. Perhaps *especially* in that case, unless they've taken care to have one production recursor running Unbound ;) Bill (who is downloading Unbound right now) We had the same thing happen, across multiple, geographically-diverse servers overnight, around the exact same time as the OP. That seems a little odd to be an email, as it would have to cover a myriad of destinations all at once. While that's possible, I'm just finding it lacking as the sole reason for the conclusion. Using 9.7.3-P3 from ISC sources, here, too. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed
ISC have replied and indicated that BIND 10 was designed, with resilience to abnormal events, in mind. i'm eagerly looking forward to trying it out now. i disagree that it's easier to find and fix. many people will simply wrap it in a while(1) and ignore it because we don't have the time to sit and debug it, which puts us precisely at the same footing as simply logging an alert and continuing -- except we now have the lag during the restart period. events often occur at inopportune moments. -d On 11/16/2011 11:47 AM, Paul Wouters wrote: These however do guarantee internal state so any kind of new bug is much easier to find and fix. Openswan does the same thing for this very reason. However, openswan does have an init script that runs a while(1) loop over its daemon. This means once we encounter unexpected state, we drop all state and restart. Perhaps bind and/or distributions should also use such an init script. I would prefer that over attempting to continue with a bad internal state and seeing apparent random state/crashers later on in bind because it tried to continue after something bad. Paul ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
test
test -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: trigger point for new bug
On 11/16/11 10:55 AM, Chris Brookes cbroo...@gmail.com wrote: Any info on whether the newly announced bug can be triggered before the query ACL is applied on a recursive only server? An authoritative only server ought to be safe? Hmm, good question. Then folks with IDS/IPS hooks could potentially catch who's sending the bad queries and mitigate with ACL additions... With all due caution typically associated with such an approach. ;-) From everything I've read, authoritative servers should not be vulnerable since it equates to malformed cache entries. Of course only time will tell if this is a random find or targeted attack. If targeted (e.g. Motivated bad guy sitting in a room with BIND9 code), there may be others looming. I'm glad ISC is looking. I'm genuinely curious, but keep recalling the phrase, Never attribute to malice that which is adequately explained by stupidity. Regardless, it's a good time to be watching logs! -- By nature, men are nearly alike; by practice, they get to be wide apart. -- Confucius ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: trigger point for new bug
Any info on whether the newly announced bug can be triggered before the query ACL is applied on a recursive only server? The answer is no, to the best of our knowledge at this time, the bug cannot be triggered before the query ACL has been applied. This doesn't help, though, because the query can be a perfectly innocuous one sent by an allowed host. The problem is what was in the cache at the time. An authoritative only server ought to be safe? Yes. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Turning log on bind for troubleshooting
On 15.11.11 14:16, Eduardo Bonsi wrote: I already configured for the master and these are my first issues: 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:15: ignoring out-of-zone data (EduardoBonsi.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:16: ignoring out-of-zone data (ftp.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:17: ignoring out-of-zone data (mail.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:18: ignoring out-of-zone data (ns1.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:19: ignoring out-of-zone data (ns2.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:20: ignoring out-of-zone data (qtdss.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:21: ignoring out-of-zone data (www.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: error: zone bonsi.org/IN/external: NS 'ns1.bonsi.org' has no address records (A or ) 15-Nov-2011 13:40:58.312 general: error: zone bonsi.org/IN/external: NS 'ns2.bonsi.org' has no address records (A or ) 15-Nov-2011 13:40:58.312 general: error: zone bonsi.org/IN/external: bonsi.org/MX 'mail.bonsi.org' has no address records (A or ) you seem to have created file /var/named/bonsi.org.external.hosts defining zone bonsi.org in external view, and - put useless in-addr.arpa stuf there - have pointed the zone to nonexisting nameservers - have pointed MX for the zone to nonexistent server. I'm afraid there's much more for you to read, try searching for some DNS howto's -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The box said 'Requires Windows 95 or better', so I bought a Macintosh. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Can't compile bind 9.8.1-P1 on Solaris
I get an error compiling Bind at: make[4]: Entering directory `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal' ld -G -z text -o driver.so driver.o ld: invalid number `-z' Giving –G a number makes –z unrecognized. I'm in Solaris 10, Sparc, GCC 3.4.6 -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: trigger point for new bug
On Wed, 16 Nov 2011, Evan Hunt wrote: The answer is no, to the best of our knowledge at this time, the bug cannot be triggered before the query ACL has been applied. This doesn't help, though, because the query can be a perfectly innocuous one sent by an allowed host. The problem is what was in the cache at the time. Is disabling DNSSEC validation a workaround? I assume someone with a core file should be able to tell us now? Paul ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
Is anyone else having problems with the compile? -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 From: Hal King h...@utk.edumailto:h...@utk.edu Date: Wed, 16 Nov 2011 21:17:31 + To: Bind Users bind-users@lists.isc.orgmailto:bind-users@lists.isc.org Subject: Can't compile bind 9.8.1-P1 on Solaris I get an error compiling Bind at: make[4]: Entering directory `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal' ld -G -z text -o driver.so driver.o ld: invalid number `-z' Giving –G a number makes –z unrecognized. I'm in Solaris 10, Sparc, GCC 3.4.6 -- Hal King - h...@utk.edumailto:h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
I get an error compiling Bind at: make[4]: Entering directory `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal' ld -G -z text -o driver.so driver.o ld: invalid number `-z' Giving G a number makes z unrecognized. I'm in Solaris 10, Sparc, GCC 3.4.6 I'm not seeing any problems yet .. but I use Sun Studio 11 for the builds. If you are willing to wait a few hours I'll have packages released pretty quick. Dennis -- -- http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x1D936C72FA35B44B +-+---+ | Dennis Clarke | Solaris and Linux and Open Source | | dcla...@blastwave.org | Respect for open standards. | +-+---+ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
Is anyone else having problems with the compile? Give me 60 minutes -- -- http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x1D936C72FA35B44B +-+---+ | Dennis Clarke | Solaris and Linux and Open Source | | dcla...@blastwave.org | Respect for open standards. | +-+---+ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
Thanks! -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 On 11/16/11 4:44 PM, Dennis Clarke dcla...@blastwave.org wrote: I get an error compiling Bind at: make[4]: Entering directory `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal' ld -G -z text -o driver.so driver.o ld: invalid number `-z' Giving -G a number makes -z unrecognized. I'm in Solaris 10, Sparc, GCC 3.4.6 I'm not seeing any problems yet .. but I use Sun Studio 11 for the builds. If you are willing to wait a few hours I'll have packages released pretty quick. Dennis -- -- http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x1D936C72FA35B44B +-+---+ | Dennis Clarke | Solaris and Linux and Open Source | | dcla...@blastwave.org | Respect for open standards. | +-+---+ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Query zone expiration time
Is there a way to query a slave to determine how much time is left before its zones expire in a situation where the master has died? We had a master die and we've been meaning to move it off to a newer system. We're trying to determine how much time is left on the zones in order to see if we can do it right or if we have to quickly recover the master. -- sh ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: trigger point for new bug
On 11/16/11 1:20 PM, Michael McNally mcna...@isc.org wrote: According to our best current understanding of the issue: + Authoritative-only nameservers should be safe and only recursing servers at risk. + From the security advisory we have posted on our website: ( http://www.isc.org/software/bind/advisories/cve-2011-4313 ) An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Your server has to be servicing a query for the invalid cache data to pull the trigger on this. That comes after the query ACL is applied. Thanks for the detailed analysis. Mitigation patches have been posted to the ISC web site which can prevent the server from exiting when the invalid cache data is encountered. We strongly advise anyone running a recursing BIND 9 server to deploy them. Short time ago I grabbed the latest tarball from your download site, and generated internal packages. I could have sworn that was 9.8.1-P4 (our internal packages still have the P4, and Google finds some hits): PROD:1 mhoskins@adns1:~$ rpm -qa | grep bind bind98-utils-9.8.1-1.P4 bind98-libs-9.8.1-1.P4 bind98-chroot-9.8.1-1.P4 bind98-9.8.1-1.P4 ...which led to mass confusion on how/why P1 is newer than P4 -- or if I somehow entered a magic time warp. Were P4 packages posted for some window of time that were later removed? No worries, I will move to P1 given today's date on the tarball. :-) Thanks! -- By nature, men are nearly alike; by practice, they get to be wide apart. -- Confucius ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: trigger point for new bug
On 11/16/11 1:22 PM, michoski wrote: Short time ago I grabbed the latest tarball from your download site, and generated internal packages. I could have sworn that was 9.8.1-P4 (our internal packages still have the P4, and Google finds some hits): Perhaps it was 9.8.0-P4? Many of our version names bear a very close resemblance to one another. PROD:1 mhoskins@adns1:~$ rpm -qa | grep bind bind98-utils-9.8.1-1.P4 bind98-libs-9.8.1-1.P4 bind98-chroot-9.8.1-1.P4 bind98-9.8.1-1.P4 ...which led to mass confusion on how/why P1 is newer than P4 -- or if I somehow entered a magic time warp. Were P4 packages posted for some window of time that were later removed? No. You can see all versions of ISC BIND 9 that we have released, going back to 9.0.0 in 2004, at ftp://ftp.isc.org/isc/bind9/ There has never (yet) been a 9.8.1-P4 released by ISC. However, the rpm names you are seeing are assigned by another entity, probably the maintainer of whatever repository you are using (e.g. RedHat.) Repository maintainers have been known to use version numbers similar, but not identical, to those assigned by ISC. No worries, I will move to P1 given today's date on the tarball. :-) That's our recommendation. Michael McNally ISC Support ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Turning log on bind for troubleshooting
Thanks! It was not my original intent, it got paste there somehow. Anyway, that has been corrected yesterday! I'm afraid there's much more for you to read, try searching for some DNS howto's On 11/16/11 1:03 PM, Matus UHLAR - fantomas wrote: On 15.11.11 14:16, Eduardo Bonsi wrote: I already configured for the master and these are my first issues: 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:15: ignoring out-of-zone data (EduardoBonsi.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:16: ignoring out-of-zone data (ftp.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:17: ignoring out-of-zone data (mail.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:18: ignoring out-of-zone data (ns1.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:19: ignoring out-of-zone data (ns2.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:20: ignoring out-of-zone data (qtdss.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: warning: /var/named/bonsi.org.external.hosts:21: ignoring out-of-zone data (www.45.200.63.in-addr.arpa) 15-Nov-2011 13:40:58.312 general: error: zone bonsi.org/IN/external: NS 'ns1.bonsi.org' has no address records (A or ) 15-Nov-2011 13:40:58.312 general: error: zone bonsi.org/IN/external: NS 'ns2.bonsi.org' has no address records (A or ) 15-Nov-2011 13:40:58.312 general: error: zone bonsi.org/IN/external: bonsi.org/MX 'mail.bonsi.org' has no address records (A or ) you seem to have created file /var/named/bonsi.org.external.hosts defining zone bonsi.org in external view, and - put useless in-addr.arpa stuf there - have pointed the zone to nonexisting nameservers - have pointed MX for the zone to nonexistent server. I'm afraid there's much more for you to read, try searching for some DNS howto's -- BEARTCOMMUNICATIONS Eduardo Bonsi System - Network Admin beart...@pacbell.net webmas...@beart.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: trigger point for new bug
On 11/16/11 12:31 PM, Paul Wouters wrote: Is disabling DNSSEC validation a workaround? We do not believe it would be effective. Michael McNally ISC Support ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
I get an error compiling Bind at: make[4]: Entering directory `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal' ld -G -z text -o driver.so driver.o ld: invalid number `-z' Giving ?G a number makes ?z unrecognized. I'm in Solaris 10, Sparc, GCC 3.4.6 Thanks for the report. We didn't touch that code in the security patch, so this bug must have also been in 9.8.1; we'll try to address it in 9.8.2. That isn't critical code; it's just one of the system tests. Just touch bin/tests/system/dlzexternal/driver.o and then run make again. The dlzexternal system test will fail when you run make check, but otherwise your server will be fine. In general, issues like this are best sent to the bind9-b...@isc.com alias, which opens a ticket in our bug database. I'll do so now. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
I get an error compiling Bind at: make[4]: Entering directory `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal' ld -G -z text -o driver.so driver.o ld: invalid number `-z' Giving ?G a number makes ?z unrecognized. I'm in Solaris 10, Sparc, GCC 3.4.6 Thanks for the report. We didn't touch that code in the security patch, so this bug must have also been in 9.8.1; we'll try to address it in 9.8.2. That isn't critical code; it's just one of the system tests. Just touch bin/tests/system/dlzexternal/driver.o and then run make again. The dlzexternal system test will fail when you run make check, but otherwise your server will be fine. In general, issues like this are best sent to the bind9-b...@isc.com alias, which opens a ticket in our bug database. I'll do so now. 9.8.1 and 9.8.1-P1 build fine for me. No really. :-) # ldd bin/dig liblwres.so.80 =/opt/csw/lib/sparcv8/liblwres.so.80 libdns.so.81 = /opt/csw/lib/sparcv8/libdns.so.81 libbind9.so.80 =/opt/csw/lib/sparcv8/libbind9.so.80 libisccfg.so.82 = /opt/csw/lib/sparcv8/libisccfg.so.82 libcrypto.so.0.9.8 =/opt/csw/lib/sparcv8/libcrypto.so.0.9.8 libisccc.so.80 =/opt/csw/lib/sparcv8/libisccc.so.80 libisc.so.83 = /opt/csw/lib/sparcv8/libisc.so.83 libxml2.so.2 = /opt/csw/lib/sparcv8/libxml2.so.2 libdl.so.1 =/usr/lib/libdl.so.1 libz.so = /opt/csw/lib/sparcv8/libz.so libpthread.so.1 = /usr/lib/libpthread.so.1 libiconv.so.2 = /opt/csw/lib/sparcv8/libiconv.so.2 libm.so.1 = /usr/lib/libm.so.1 libsocket.so.1 =/usr/lib/libsocket.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libthread.so.1 =/usr/lib/libthread.so.1 libc.so.1 = /usr/lib/libc.so.1 libgcc_s.so.1 = /opt/csw/lib/sparcv8/libgcc_s.so.1 libmp.so.2 =/usr/lib/libmp.so.2 /usr/platform/SUNW,UltraAX-i2/lib/libc_psr.so.1 # elfdump -d bin/dig Dynamic Section: .dynamic index tag value [0] NEEDED 0x2d4fliblwres.so.80 [1] NEEDED 0x2d5elibdns.so.81 [2] NEEDED 0x2d6blibbind9.so.80 [3] NEEDED 0x2d7alibisccfg.so.82 [4] NEEDED 0x2d8alibcrypto.so.0.9.8 [5] NEEDED 0x2d9dlibisccc.so.80 [6] NEEDED 0x2daclibisc.so.83 [7] NEEDED 0x2db9libxml2.so.2 [8] NEEDED 0x2dc6libdl.so.1 [9] NEEDED 0x2dd1libz.so [10] NEEDED 0x2d13libpthread.so.1 [11] NEEDED 0x2dd9libiconv.so.2 [12] NEEDED 0x2de7libm.so.1 [13] NEEDED 0x2df1libsocket.so.1 [14] NEEDED 0x2e00libnsl.so.1 [15] NEEDED 0x2e0clibthread.so.1 [16] NEEDED 0x2d2clibc.so.1 [17] INIT 0x33560 [18] FINI 0x33570 [19] RUNPATH 0x2e1b /opt/csw/lib/$ISALIST:/opt/csw/lib:/opt/csw/lib:/opt/csw/lib/sparcv8 [20] RPATH0x2e1b /opt/csw/lib/$ISALIST:/opt/csw/lib:/opt/csw/lib:/opt/csw/lib/sparcv8 [21] HASH 0x100e8 [22] STRTAB 0x13514 [23] STRSZ0x2e60 [24] SYMTAB 0x11254 [25] SYMENT 0x10 [26] CHECKSUM 0x7b54 [27] VERNEED 0x16374 [28] VERNEEDNUM 0x2 [29] PLTRELSZ 0xb28 [30] PLTREL 0x7 [31] JMPREL 0x16448 [32] RELA 0x163c4 [33] RELASZ 0xbac [34] RELAENT 0xc [35] DEBUG0 [36] FEATURE_10x1 [ PARINIT ] [37] FLAGS0 0 [38] FLAGS_1 0 0 [39] PLTGOT 0x49120 # # Everything here is working great on Solaris and I expect to have all my Solaris name servers updated before morning. The Debian folks have already release update patches. Life is good. Dennis -- -- http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x1D936C72FA35B44B +-+---+ | Dennis Clarke | Solaris and Linux and Open Source | | dcla...@blastwave.org | Respect for open standards. | +-+---+ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't compile bind 9.8.1-P1 on Solaris
I compiled 9.8.1 on the same server with the same setup. So it is not in 9.8.1. -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Systems: Business Information Systems The University of Tennessee 135D Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 On 11/16/11 8:30 PM, Evan Hunt e...@isc.org wrote: I get an error compiling Bind at: make[4]: Entering directory `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal' ld -G -z text -o driver.so driver.o ld: invalid number `-z' Giving ?G a number makes ?z unrecognized. I'm in Solaris 10, Sparc, GCC 3.4.6 Thanks for the report. We didn't touch that code in the security patch, so this bug must have also been in 9.8.1; we'll try to address it in 9.8.2. That isn't critical code; it's just one of the system tests. Just touch bin/tests/system/dlzexternal/driver.o and then run make again. The dlzexternal system test will fail when you run make check, but otherwise your server will be fine. In general, issues like this are best sent to the bind9-b...@isc.com alias, which opens a ticket in our bug database. I'll do so now. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users