[RPZ] 9.9.3-rpz2+rl.150.20 fails to launch "due to assertion failure"

Vernon Schryver vjs at rhyolite.com
Fri May 31 05:22:35 UTC 2013

> From: darx+dnsrpz at sent.com

> I package my builds with checkinstall.  They're installed as rpms.

That's a lot of machinery and so room for odd things to happening.

I build BIND on FreeBSD 9 with:
   ./configure ...
There are generally only 2 BIND programs that must be installed,
bin/named/named and bin/check/named-checkconf, which can be handled
by manual cp to wherever the old a.out's are.

> Nonehteless, this config has been working for me for ages.  It works now
> with 9.9.2-P2.

Are you sure there's nothing odd happening? Recall the message:

    -->     2013-05-30T17:32:34.487118-07:00 core named[16118]:
    parser.c:2432: REQUIRE(prev > 0) failed

Line 2432 in lib/isccfg/parser.c in 9.9.2-rpz2+rl.131.14-P2 
(previous version of the 9.9.2 rpz2+rl patch) is
        isc_refcount_decrement(&obj->references, &refs);
The isc_refcount_decrement() macro contains "REQUIRE(prev > 0)" and
so makes sense of the line number in that assertion botch message,
while line 2432 in parser.c in 9.9.3-rpz2+rl.150.20 is at least
very surprising.

I saw 
        2013-05-30T17:32:34.466169-07:00 core named[16118]: starting
        BIND 9.9.3-rpz2+rl.150.20 -t /var/chroot/named -n 4 -S 1024 -u
so I'm wondering about a chimera of parser.s from 9.9.2-P2 and
the version file from 9.9.3.

> My named.conf DOES also include:
>   rate-limit {
>     responses-per-second 5;
>     window 5;
>   };

still no crash for me

And that's getting close to what I'm currently using with

    % dig +short ch version.bind txt

Vernon Schryver    vjs at rhyolite.com

More information about the DNSfirewalls mailing list