[nsd-users] vague error causing nsd-3 to fail to start

[W.C.A. Wijngaards]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

On 09/23/2015 08:31 AM, W.C.A. Wijngaards wrote:
> Hi Paul,
> 
> On 09/22/2015 10:49 PM, Paul Wouters wrote:
> 
>> I am seeing on a secondary server:
> 
>> Sep 22 23:27:21 inter nsd: nsd: nsec3.c:626: prehash_zone: 
>> Assertion `walk != zone->apex' failed.
> 
> That is from the NSEC3 code.  If you still have the nsd.db and
> ixfr.db files (and config file), the bug may be replicatable?

Never mind sending me the zones.

Found the source of the bug.  One of the zones must have had a
spurious DS record at the apex.  Code fix that ignores that DS record:

Index: nsec3.c
===================================================================
- --- nsec3.c	(revision 4505)
+++ nsec3.c	(working copy)
@@ -619,11 +619,10 @@
 			region_free_all(temp_region);
 		}
 		/* prehash the DS (parent zone) */
- -		if(domain_find_rrset(walk, zone, TYPE_DS) ||
- -			(domain_find_rrset(walk, zone, TYPE_NS) &&
- -			 walk != zone->apex))
+		if((domain_find_rrset(walk, zone, TYPE_DS) ||
+			domain_find_rrset(walk, zone, TYPE_NS)) &&
+			walk != zone->apex)
 		{
- -			assert(walk != zone->apex /* DS must be above zone cut */);
 			prehash_ds(db, zone, walk, temp_region);
 			region_free_all(temp_region);
 		}

Thanks for the report.

Best regards, Wouter

> 
> Best regards, Wouter
> 
> 
>> This caused the nsd daemon to fail to start (more than just 
>> rejecting one bad zone!)
> 
>> Unfortunately, it does not tell me which zone is the problem.
> 
>> I ran nsd-checkzone on the primary server for all zones and all 
>> zones pass with "ok"
> 
>> This was on nsd 3.2.18. Upgrading to 3.2.19 did not help.
> 
>> Removing all zone files and the nsd db did help.
> 
>> Paul _______________________________________________ nsd-users 
>> mailing list nsd-users at NLnetLabs.nl 
>> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 
> _______________________________________________ nsd-users mailing
> list nsd-users at NLnetLabs.nl 
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWAk7OAAoJEJ9vHC1+BF+NIwUP/2MPu/umd+HzR9efShlnBIDD
06aMiEDU5W8vAaZG8ypK1r+qbHJbAHkc8xCcRDZpn2o7cJOHtDudWg33xOT2fr/X
xXYHpKRBLo7cT/zXZbRO2LKloucOUmCBOAv3jh6CuTAZge+9L6whgeU6UR1TWs6X
D09zoaWbwQo3nyO/ENW3QmDrWfiHN92Y78NL9OPhB9KA5mxSlviHYXfzl1yT3n5y
BC/LIfyvKppfcQZsyjqF0B/VxpTjrUG7x9UZvtHdW+3A6TZwOrfuqJiy01lSD+Ys
YaG4Ml4tZgkE4kqh/iW+/ITFNLSHcQ+SsD5y6AHLXy8kW/DZKCvcY6MpZ221dMLj
UavUoa+prYMVwWc/SKlcAXDEhuQGi9XawbswF4IuObdjUbO3ZByLk5wWUWH7xiC7
ys3trpyrTBE2ChgL+kX5N1/jdJiT6NkdTTOcs5hUf2z7E0iYIO/DUYQ1MMhvhV1Y
ej9wHM56OA57XYb6q1KpSstc2ulqsOe4mhMMkc2/Pon9s87VXdTi3qocRyc7VjZt
mxzAlxcO5lad8OTkI6OZdnR8wY8i6GfTmMfdtx4QBh3s+XQb0w5oBxzDhDRQDDTq
4d2Tprc/lx7AqHe+v1wJYbt1n9rhUnYtnUZsvP9EUBYITYPTIAbwbnYVmuGW99IJ
HrwdczFczQD7uy1P78ab
=t80z
-----END PGP SIGNATURE-----