Bus error (core dumped)
When knot is running as a primary with DNSSEC singing the process randomly crashes with "Bus error (core dumped)". This behaviour is not seen on secondary servers with otherwise near identical bar not singing the zone for DNSSEC.
I have core dumps but I'm hesitant to attach them here as they likely contain DNSSEC keys, I'll be happy to share them with CZ.NIC directly.
The configs are as follows;
Primary:
server:
identity: "HexDNS"
listen: 0.0.0.0@53
listen: ::@53
database:
journal-db-mode: asynchronous
log:
- target: stdout
any: info
key:
- id: secondary-xfr
algorithm: hmac-sha256
secret: (xfr-secret)
acl:
- id: secondary-xfr
action: transfer
key: secondary-xfr
remote:
- id: unbound-no-dns64
address: unbound-no-dns64@5053
- id: notify-sidecar
address: 127.0.0.1@5353
submission:
- id: zone
parent: unbound-no-dns64
check-interval: 15m
policy:
- id: zone
signing-threads: 4
algorithm: ecdsap256sha256
ksk-shared: on
dnskey-ttl: 86400
reproducible-signing: on
nsec3: on
cds-cdnskey-publish: always
zsk-lifetime: 30d
ksk-submission: zone
nsec3-iterations: 10
- id: zone-cds-disable
signing-threads: 4
algorithm: ecdsap256sha256
ksk-shared: on
dnskey-ttl: 86400
reproducible-signing: on
nsec3: on
cds-cdnskey-publish: delete-dnssec
zsk-lifetime: 30d
ksk-submission: zone
nsec3-iterations: 10
template:
- id: zone
storage: /zones
file: %s.zone
journal-content: none
dnssec-signing: on
dnssec-policy: zone
acl: secondary-xfr
notify: notify-sidecar
template:
- id: zone-cds-disable
storage: /zones
file: %s.zone
journal-content: none
dnssec-signing: on
dnssec-policy: zone-cds-disable
acl: secondary-xfr
notify: notify-sidecar
template:
- id: zone-secondary
storage: /zones
file: %s.zone
journal-content: none
dnssec-signing: off
acl: secondary-xfr
notify: notify-sidecar
zone:
- domain: catalog.dns.as207960.ltd.uk.
file: /zones/catalog.zone
catalog-role: interpret
catalog-template: [ zone, zone-cds-disable, zone-secondary ]
acl: secondary-xfr
notify: notify-sidecar
- domain: cds-always.dns.as207960.ltd.uk.
template: zone
file: /zones/cds-always.dns.as207960.ltd.uk.zone
- domain: cds-delete.dns.as207960.ltd.uk.
template: zone-cds-disable
file: /zones/cds-delete.dns.as207960.ltd.uk.zone
Secondary:
server:
identity: "HexDNS"
listen: 0.0.0.0@53
listen: ::@53
nsid: (nsid)
database:
journal-db-mode: asynchronous
log:
- target: stdout
any: info
key:
- id: secondary-xfr
algorithm: hmac-sha256
secret: (xfr-secret)
remote:
- id: primary
address: (primary-address)
key: secondary-xfr
- id: ddns-primary
address: (ddns-primary-address)
mod-updateproxy:
- id: default
remote: ddns-primary
timeout: 5000
mod-queryignoretsig:
- id: default
mod-stats:
- id: custom
flag-presence: on
reply-nodata: on
query-size: on
reply-size: on
edns-presence: on
query-type: on
acl:
- id: notify
address: 127.0.0.1
action: notify
template:
- id: default
global-module: mod-stats/custom
- id: zone
journal-content: none
master: primary
module: [ mod-updateproxy/default, mod-queryignoretsig/default ]
acl: notify
zone:
- domain: catalog.dns.as207960.ltd.uk.
master: primary
catalog-role: interpret
catalog-template: zone
acl: notify
I've attached a log of one of the crashes: log.txt