Am 02.06.2018 um 16:44 schrieb Harry Schmalzbauer via Unbound-users:
Am 17.04.2018 um 15:26 schrieb W.C.A. Wijngaards via Unbound-users:
Hi Harry,
Yes, DNS NOTIFY is implemented in the current code repo version. You
can specify additional sources with allow-notify.
Great, thanks a lot!.
Found time to update some production systems, but unfortunately zone
transfer seem to work only initially, then I see these messages logged:
unbound: [14927:0] error: ./services/authzone.c at 6102 could not
pthread_mutex_lock(&xfr->lock): Resource deadlock avoided
unbound: [14927:0] error: ./services/authzone.c at 3454 could not
pthread_mutex_lock(&xfr->lock): Resource deadlock avoided
…
Increasing log level to 3 doesn't show more useful.
After the error occurs, unbound returns "error response SERVFAIL" for
all queries which match stub-zones: and all quieries matching
auth-zones: get the old records (no xfer any more).
Any idea where the problem could come from?
Will try to make all stub-zones auth-zones and see if that changes
anything....
Couldn't find out more, sorry, no config change I made had any effect.
I'm running 1.7.1 on FreeBSD inside a jail and use "allow-notify:",
since the transfer takes a different route (via tunnel) than the notify
source.
The incoming notify triggers the error(-log) and the stall for stub-zones.
I had to remove auth-zones: for now to get my setup back into working
condition.
My intention was to serve auth-zones without using a zonefile, but it
doesn't make any difference whether I use one or not.
There seems to be a locking problem when a xfer starts after a notify
was received. Unfortunately nothing I can easily track, since I'm not
used to debuggers and don't even have a system where I could install one
at firsthand.
I hope someone can take care of that issue.
The dedlock error quoted above corresponds to auth_xfer_timer() for line
6102:
…
struct auth_xfer* xfr = (struct auth_xfer*)arg;
struct module_env* env;
log_assert(xfr->task_nextprobe);
lock_basic_lock(&xfr->lock);
env = xfr->task_nextprobe->env;
if(env->outnet->want_to_quit) {
lock_basic_unlock(&xfr->lock);
return; /* stop on quit */
}
/* see if zone has expired, and if so, also set auth_zone
expired */
…
and auth_zones_notify() for line 3454:
…
/* see which zone this is */
lock_rw_rdlock(&az->lock);
xfr = auth_xfer_find(az, nm, nmlen, dclass);
if(!xfr) {
lock_rw_unlock(&az->lock);
/* no such zone, refuse the notify */
*refused = 1;
return 0;
}
lock_basic_lock(&xfr->lock);
lock_rw_unlock(&az->lock);
/* check access list for notifies */
…
But no way for me to get any further, sorry.
-harry
