[nsd-users] NSD 4.2.0 intermittent segfaults @ libssl ?
A. Schulze
sca at andreasschulze.de
Tue Jun 11 17:54:30 UTC 2019
Am 11.06.19 um 18:02 schrieb PGNet Dev:
> I just bumped NSD
>
> nsd -v
> NSD version 4.2.0
>
> on a linux64 VM.
>
> On axfrs, I'm seeing segfaults in libssl
>
> Jun 11 08:53:24 ns03 nsd[12296]: axfr for example1.com. from 109.74.194.10
> Jun 11 08:53:24 ns03 kernel: [35762.840704] nsd[12296]: segfault at 560244acb618 ip 00007fefedb81406 sp 00007ffe6c552ac0 error 7 in libssl.so.1.1[7fefedb43000+86000]
> Jun 11 08:53:24 ns03 nsd[12246]: server 12296 died unexpectedly, restarting
> Jun 11 08:53:24 ns03 nsd[12225]: [2019-06-11 08:53:24.960] nsd[12246]: warning: server 12296 died unexpectedly, restarting
> Jun 11 08:53:25 ns03 nsd[12246]: process 12296 terminated with status 139
> Jun 11 08:53:25 ns03 nsd[12225]: [2019-06-11 08:53:25.030] nsd[12246]: warning: process 12296 terminated with status 139
> Jun 11 08:53:25 ns03 nsd[12297]: axfr for example2.com. from 207.192.70.10
> Jun 11 08:53:25 ns03 nsd[12225]: [2019-06-11 08:53:25.557] nsd[12297]: info: axfr for example2.com. from 207.192.70.10
> Jun 11 08:53:25 ns03 nsd[12225]: [2019-06-11 08:53:25.557] nsd[12297]: info: axfr for example3.com. from 207.192.70.10
> Jun 11 08:53:25 ns03 nsd[12297]: axfr for example3.com. from 207.192.70.10
> Jun 11 08:53:25 ns03 nsd[12297]: axfr for example4.com. from 207.192.70.10
> Jun 11 08:53:25 ns03 nsd[12225]: [2019-06-11 08:53:25.565] nsd[12297]: info: axfr for example4.com. from 207.192.70.10
> Jun 11 08:53:25 ns03 kernel: [35763.583172] nsd[12297]: segfault at 560244acb618 ip 00007fefedb81406 sp 00007ffe6c552ac0 error 7 in libssl.so.1.1[7fefedb43000+86000]
>
> Note, *NOT* on every axfr; some seem to work.
>
> Just starting to troubleshoot here ...
>
> Any obvious issues that are already known that might cause this?
Hello "PGNet Dev"
now, as you ask:
I see similar messages before I updated from 4.1.27 to 4.2.0
And now, as you mentioned that issue, I also found the segfault message :-)
>From what I see something bad must happen *after* AXFR is completed.
- I see no warning/error on the consumer side
- I don't use TLS for AXFR
- it happened also on 4.1.27
- I can't reproduce in an lab environment
- none of my users asked me that they miss something
BTW: There is a draft ¹) "Message Digest for DNS Zones" to prove a transferred zone was received complete
I've added ²) the ldns-zone-digest tool in my ldns instance and can create and verify zone files.
Unfortunately not in this particilar installation :-/
Would be helpful if nsd could check such ZONEMD if available
Andreas
¹) https://tools.ietf.org/html/draft-wessels-dns-zone-digest-06
²) https://open.nlnetlabs.nl/pipermail/ldns-users/2018-November/000934.html
More information about the nsd-users
mailing list