Project

General

Profile

Bug #10445

BIND crashed when added RPZ. rpz is not a master or slave zone.

Added by lexxai lexxai 3 months ago. Updated about 17 hours ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
-
Category:
BIND
Target version:
-
Start date:
04/07/2020
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.4-p3
Affected Architecture:
amd64

Description

Before upgrade pfsense to version 2.4.5 i try update packages on 2.4.4p3.
After updating BIND to 9.14_3 (Package Dependencies: bind914-9.14.9), I found that bind now crash with message:

rpz 'rpz.local' is not a master or slave zone 
loading configuration: not found
exiting (due to fatal error)

rpz.local is Response Policy Zone.

When I uncheck that zone is used in a response policy, then BIND started.
I try create clear new zone for test, the same result - crash when zone promoted to 'Response Policy Zone'.

Some like me error described here:
https://forum.netgate.com/topic/152139/possible-bug-with-bind-config-generate-in-2-4-5-bind-package-9-14_3

But user can resolve problem by edit local config file, in my sitiation it not help.

History

#2 Updated by Brandon Rock about 2 months ago

I found that the issue was occurring for me because the response-policy setting was defined in the global options section, but not all views were referencing the zones defined in that setting. Moving the response-policy setting to the individual views fixed the issue for me. I think a good fix for this would be for the UI to define the response-policy setting in the individual views, when views are in use.

I was able to work around the issue in the user interface by unchecking the Response Policy Zone checkbox in the zone, and manually adding the response-policy setting to the views. To do this, follow these instructions:

  1. In the response policy zone, uncheck the Response Policy Zone checkbox. This will prevent the response-policy setting from being added to the global options.
  2. For each view you define that needs to use a response policy zone, add a response-policy entry to the Custom Options portion of the view. For example, since my response policy zone is called rpz-default, I added the following custom options: response-policy { zone "rpz-default"; };

#4 Updated by Jim Pingle about 17 hours ago

  • Status changed from New to Pull Request Review

Also available in: Atom PDF