Project

General

Profile

Actions

Bug #10445

open

BIND crashed when added RPZ. rpz is not a master or slave zone.

Added by lexxai lexxai over 4 years ago. Updated over 2 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
BIND
Target version:
-
Start date:
04/07/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.4.4-p3
Affected Plus Version:
Affected Architecture:
amd64

Description

Before upgrade pfsense to version 2.4.5 i try update packages on 2.4.4p3.
After updating BIND to 9.14_3 (Package Dependencies: bind914-9.14.9), I found that bind now crash with message:

rpz 'rpz.local' is not a master or slave zone 
loading configuration: not found
exiting (due to fatal error)

rpz.local is Response Policy Zone.

When I uncheck that zone is used in a response policy, then BIND started.
I try create clear new zone for test, the same result - crash when zone promoted to 'Response Policy Zone'.

Some like me error described here:
https://forum.netgate.com/topic/152139/possible-bug-with-bind-config-generate-in-2-4-5-bind-package-9-14_3

But user can resolve problem by edit local config file, in my sitiation it not help.

Actions #2

Updated by Brandon Rock over 4 years ago

I found that the issue was occurring for me because the response-policy setting was defined in the global options section, but not all views were referencing the zones defined in that setting. Moving the response-policy setting to the individual views fixed the issue for me. I think a good fix for this would be for the UI to define the response-policy setting in the individual views, when views are in use.

I was able to work around the issue in the user interface by unchecking the Response Policy Zone checkbox in the zone, and manually adding the response-policy setting to the views. To do this, follow these instructions:

  1. In the response policy zone, uncheck the Response Policy Zone checkbox. This will prevent the response-policy setting from being added to the global options.
  2. For each view you define that needs to use a response policy zone, add a response-policy entry to the Custom Options portion of the view. For example, since my response policy zone is called rpz-default, I added the following custom options: response-policy { zone "rpz-default"; };
Actions #4

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Pull Request Review
Actions #5

Updated by Renato Botelho over 4 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #6

Updated by Viktor Gurov over 4 years ago

Actions #7

Updated by Renato Botelho over 2 years ago

  • Assignee deleted (Renato Botelho)
Actions

Also available in: Atom PDF