[Samba] bind9 failure when using dlz_bind

Michael Tokarev mjt at tls.msk.ru
Fri Jun 28 04:54:30 UTC 2024 

On 6/27/24 23:53, samba via samba wrote:
> Using latest samba 4.20.2 from Debian Trixie repositories, the latest bind9 upgrade to version 9.19.24 fails to start on DC's using dlz_bind. 
> Reverting back to bind9 9.19.21 restores full functionality.  On standalone systems running the same samba version with the latest bind9, named starts 
> with no issues.
> 
> The most recent dlz_bind version available is dlz_bind9_18.so. Since the kernel is mentioned in the error, that version is linux-image-6.8.12-amd64.
> 
> The syslog error message is shown below.  Has anyone else experienced this?
> 
> Dale
> 
> 024-06-27T15:09:06.107527-05:00 dc1 named[241471]: generating session key for dynamic DNS
> 2024-06-27T15:09:06.108437-05:00 dc1 named[241471]: Loading 'AD DNS Zone' using driver dlopen
> 2024-06-27T15:09:06.194010-05:00 dc1 kernel: named[241471]: segfault at 8 ip 00007f8684019340 sp 00007ffc10f80760 error 4 in 
> libc.so.6[7f8683fa8000+157000] likely on CPU 2 (core 2, socket 0)
> 
> 2024-06-27T15:09:06.195998-05:00 dc1 systemd[1]: named.service: Main process exited, code=killed, status=11/SEGV
> 2024-06-27T15:09:06.196199-05:00 dc1 systemd[1]: named.service: Failed with result 'signal'.
> 2024-06-27T15:09:06.196534-05:00 dc1 systemd[1]: Failed to start named.service - BIND Domain Name Server.

https://bugs.debian.org/1074378 is another bugreport, fwiw.

We had bind segfaulting before already.  It was a bug in samba, - samba used a symbol name
dns_domain_equal(), which is an obvious name of a function but it's obvious for both named
and samba internal dns, and so both named and samba had it, the prob was when the two tried
to load into the same address space (where symbol names are unique), so a wrong symbol were
used by one of the components.  We renamed this function in samba to fix the issue.

It is  https://bugzilla.samba.org/show_bug.cgi?id=14030

Please try to get a backtrace from named, - it might show if we've another similar issue here.

Thanks,

/mjt

-- 
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

More information about the samba mailing list