Unbound 1.13.0rc1 pre-release

Tuomo Soini tis at foobar.fi
Thu Nov 26 10:41:19 UTC 2020 

On Wed, 25 Nov 2020 12:47:13 +0100
George Thessalonikefs via Unbound-users
<unbound-users at lists.nlnetlabs.nl> wrote:

> Hi Tuomo,
> 
> Could you check if it still happens without the auth-zone?
> Could you also share that part of the configuration file?

I'm testing one system without these auth-zones and
two systems with rootcache config. Both servers with auth-zone have
crashed.

But crash wasn't immediate, it happened after some runtime.

I found this new error, logged by 1.13.0rc1 but 1.12.0 never
gave this error, really bad error message btw, doesn't tell ip or
port where it was trying to connect.

unbound[6384]: [6384:1] error: recvfrom 44 failed: Connection refused

# Authority zones
# The data for these zones is kept locally, from a file or downloaded.
# The data can be served to downstream clients, or used instead of the
# upstream (which saves a lookup to the upstream). zonefile: reads from
# file (and writes to it if you also download it), primary: fetches with
# AXFR and IXFR, or url to zonefile.

# This is rfc7706 config
# https://www.dns.icann.org/services/axfr/
auth-zone:
        name: "."
        for-downstream: no
        for-upstream: yes
        fallback-enabled: yes
        zonefile: /var/lib/unbound/root.zone
        primary: 2620:0:2d0:202::132    # lax.xfr.dns.icann.org.
        primary: 192.0.32.132           # lax.xfr.dns.icann.org.
        primary: 2620:0:2830:202::132   # iad.xfr.dns.icann.org.
        primary: 192.0.47.132           # iad.xfr.dns.icann.org.
        primary: 2001:7fd::1            # k.root-servers.net.
        primary: 193.0.14.129           # k.root-servers.net.
        primary: 2001:500:12::d0d       # g.root-servers.net.
        primary: 192.112.36.4           # g.root-servers.net.
        primary: 2001:500:2f::f         # f.root-servers.net.
        primary: 192.5.5.241            # f.root-servers.net.
        primary: 2001:500:2d::d         # d.root-servers.net.
        primary: 199.7.91.13            # d.root-servers.net.
        primary: 2001:500:2::c          # c.root-servers.net.
        primary: 192.33.4.12            # c.root-servers.net.
        primary: 2001:500:200::b                # b.root-servers.net.
        primary: 199.9.14.201           # b.root-servers.net.

auth-zone:
        name: "root-servers.net."
        for-downstream: no
        for-upstream: yes
        fallback-enabled: yes
        zonefile: /var/lib/unbound/root-servers.net.zone
        primary: 2620:0:2d0:202::132    # lax.xfr.dns.icann.org.
        primary: 192.0.32.132           # lax.xfr.dns.icann.org.
        primary: 2620:0:2830:202::132   # iad.xfr.dns.icann.org.
        primary: 192.0.47.132           # iad.xfr.dns.icann.org.
        primary: 2001:7fd::1            # k.root-servers.net.
        primary: 193.0.14.129           # k.root-servers.net.
        primary: 2001:500:12::d0d       # g.root-servers.net.
        primary: 192.112.36.4           # g.root-servers.net.
        primary: 2001:500:2f::f         # f.root-servers.net.
        primary: 192.5.5.241            # f.root-servers.net.
        primary: 2001:500:2d::d         # d.root-servers.net.
        primary: 199.7.91.13            # d.root-servers.net.
        primary: 2001:500:2::c          # c.root-servers.net.
        primary: 192.33.4.12            # c.root-servers.net.
        primary: 2001:500:200::b        # b.root-servers.net.
        primary: 199.9.14.201           # b.root-servers.net.

auth-zone:
        name: "arpa."
        for-downstream: no
        for-upstream: yes
        fallback-enabled: yes
        zonefile: /var/lib/unbound/arpa.zone
        primary: lax.xfr.dns.icann.org.
        primary: iad.xfr.dns.icann.org.
        primary: k.root-servers.net.
        primary: g.root-servers.net.
        primary: f.root-servers.net.
        primary: d.root-servers.net.
        primary: c.root-servers.net.
        primary: b.root-servers.net.

auth-zone:
        name: "in-addr.arpa."
        for-downstream: no
        for-upstream: yes
        fallback-enabled: yes
        zonefile: /var/lib/unbound/in-addr.arpa.zone
        primary: lax.xfr.dns.icann.org.
        primary: iad.xfr.dns.icann.org.

auth-zone:
        name: "in-addr.arpa."
        for-downstream: no
        for-upstream: yes
        fallback-enabled: yes
        zonefile: /var/lib/unbound/in-addr.arpa.zone
        primary: lax.xfr.dns.icann.org.
        primary: iad.xfr.dns.icann.org.

auth-zone:
        name: "ipv4only.arpa."
        for-downstream: no
        for-upstream: yes
        fallback-enabled: yes
        zonefile: /var/lib/unbound/ipv4only.arpa.zone
        primary: lax.xfr.dns.icann.org.
        primary: iad.xfr.dns.icann.org.

auth-zone:
        name: "ip6.arpa."
        for-downstream: no
        for-upstream: yes
        fallback-enabled: yes
        zonefile: /var/lib/unbound/ip6.arpa.zone
        primary: lax.xfr.dns.icann.org.
        primary: iad.xfr.dns.icann.org.

auth-zone:
        name: "ip6-servers.arpa."
        for-downstream: no
        for-upstream: yes
        fallback-enabled: yes
        zonefile: /var/lib/unbound/ip6-servers.arpa.zone
        primary: lax.xfr.dns.icann.org.
        primary: iad.xfr.dns.icann.org.

> On 25/11/2020 12:31, Tuomo Soini via Unbound-users wrote:
> > On Tue, 24 Nov 2020 20:25:31 +0200
> > Tuomo Soini via Unbound-users <unbound-users at lists.nlnetlabs.nl>
> > wrote: 
> >> kernel: traps: unbound[18976] general protection ip:7f5fde56a471
> >> sp:7fff060abb80 error:0 in libssl.so.1.0.2k[7f5fde525000+67000]
> >>  
> > 
> > More information about system if this helps to narrow problem down:
> > Basic dns resolver with rfc7706 config local root cache. No DoT or
> > DoH. 



-- 
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>

More information about the Unbound-users mailing list