Re: delv 9.16.0, failed to add trusted key '.': ran out of space
On Fri, 28 Feb 2020 20:07:47 + Tony Finch wrote: > Shaun via bind-users wrote: > > > > The 9.16.0 version of delv seems to have trouble reading the root trust > > anchor from the bind.keys file. > > I see this too. The bug is that dns_client_addtrustedkey() has a buffer > for parsing DNSKEY or DS records, but it's only big enough for DS. Thanks for tracking this down! I've opened an issue in GitLab and included your patch there. Shaun ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delv 9.16.0, failed to add trusted key '.': ran out of space
Shaun via bind-users wrote: > > The 9.16.0 version of delv seems to have trouble reading the root trust > anchor from the bind.keys file. I see this too. The bug is that dns_client_addtrustedkey() has a buffer for parsing DNSKEY or DS records, but it's only big enough for DS. diff --git lib/dns/client.c lib/dns/client.c index 0d8e951fa0..0c151e78e5 100644 --- lib/dns/client.c +++ lib/dns/client.c @@ -1519,7 +1519,7 @@ dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass, dns_view_t *view = NULL; dns_keytable_t *secroots = NULL; dns_name_t *name = NULL; - char dsbuf[DNS_DS_BUFFERSIZE]; + char rdatabuf[4096]; unsigned char digest[ISC_MAX_MD_SIZE]; dns_rdata_ds_t ds; dns_decompress_t dctx; @@ -1543,7 +1543,7 @@ dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass, goto cleanup; } - isc_buffer_init(, dsbuf, sizeof(dsbuf)); + isc_buffer_init(, rdatabuf, sizeof(rdatabuf)); dns_decompress_init(, -1, DNS_DECOMPRESS_NONE); dns_rdata_init(); isc_buffer_setactive(databuf, isc_buffer_usedlength(databuf)); Tony. -- f.anthony.n.finchhttp://dotat.at/ Irish Sea: South 5 to 7, veering southwest gale 8 or severe gale 9, occasionally storm 10 later. Moderate, becoming rough or very rough. Rain, then wintry showers. Moderate or poor, occasionally good later. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
delv 9.16.0, failed to add trusted key '.': ran out of space
Hi, The 9.16.0 version of delv seems to have trouble reading the root trust anchor from the bind.keys file. I'm seeing this in multiple environments, CentOS 6.10 and FreeBSD 11.3: [user@host ~]$ delv -v delv 9.16.0 [user@host ~]$ delv isc.org ;; /etc/bind.keys:31: failed to add trusted key '.': ran out of space ;; setup_dnsseckeys: failure Attempting to rule out a problem with my local bind.keys, I grabbed a fresh copy, but delv produces the same output: [user@host ~]$ wget -qO /tmp/bind.keys.916 https://gitlab.isc.org/isc-projects/bind9/raw/v9_16/bind.keys [user@host ~]$ delv -a /tmp/bind.keys.916 isc.org ;; /tmp/bind.keys.916:31: failed to add trusted key '.': ran out of space ;; setup_dnsseckeys: failure The above output is from CentOS but the behavior is identical on FreeBSD. Has anyone observed delv 9.16.0 to work in these environments? Before opening a bug I want to make sure I didn't goof something on my end. Thanks, Shaun ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind9 memory leak with TreeMemTotal, and TotalUse stat seems fictional
>From Oct 2019 to Jan 2020 our RedHat RHEL6 BIND DNS servers had a memory leak and the named process had to be restarted weekly or so. Vendor updates caused and later fixed the problem. I do not think that the BIND version changed when it got fixed, so I think it must have been some library. -- Bob Harold On Thu, Feb 27, 2020 at 3:23 PM Alistair Bayley < alistair.bay...@kordia.co.nz> wrote: > Hello, > > I didn't get any response to this. Is there some documentation that I > haven't yet found that explains what these measurements mean? Has anyone > else experienced a similar memory leak with bind9? > > Thanks, > Alistair > > This email and attachments: are confidential; may be protected by > privilege and copyright; if received in error may not be used, copied, or > kept; are not guaranteed to be virus-free; may not express the views of > Kordia(R); do not designate an information system; and do not give rise to > any liability for Kordia(R). > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users