Category Archives: BIND (DNS server)

Assertion failure in BIND 9.10.4

Update 2016-05-29:

BIND 9.10.4-P1 is out and available as dns/bind910 as of r415882 in the FreeBSD ports tree.


Two of our name servers crashed in two different places within the Red-Black tree code of BIND 9.10.4:

general: rbt.c:2765: INSIST(sibling != ((void *)0)) failed, back trace
#0 0x1880b in ??
general: exiting (due to assertion failure)
general: rbt.c:2726: INSIST(sibling != ((void *)0)) failed, back trace
general: #0 0x0 in ??
general: exiting (due to assertion failure)

A new version of BIND is in the works. Stay patient, or switch back to 9.10.3-P4.

FreeBSD users can revert their ports tree back to r414265, duplicate /usr/ports/dns/bind910 as /usr/ports/dns/bind9103P4, rush the ports tree towards the present, and change the origin for BIND from dns/bind910 to dns/bind9103P4, e.g. portupgrade -fpvo dns/bind9103P4 dns/bind910. Don’t forget to restart BIND, and change the origin once more when the successor of 9.10.4 is available.

Running dns/bind910 within a chroot after r382109

dns/bind910 gained native chroot support in r382109. Those of us who used to store the BIND files in /var/named/etc/namedb and ran BIND with /var/named as the chroot environment, must do five things:

  1. Rename the /var/named directory to something else, like /var/Named. This is to avoid upsetting make -C /usr/src delete-old and still retain the meaning of the directory’s name.
  2. Rename the /var/Named/etc/namedb directory to /var/Named/usr/local/etc/namedb.
  3. Edit /var/Named/usr/local/etc/namedb/named.conf to reflect that the BIND files now resides in /usr/local/etc/namedb, as seen from within the chroot environment.
  4. Change the appropriate line in /etc/rc.conf to read named_chrootdir="/var/Named".
  5. Restart BIND using /usr/local/etc/rc.d/named restart, or start BIND using /usr/local/etc/rc.d/named start if the former fails.

Missing chroot for dns/bind9{9,10}?

The removal of BIND from base in stable/10 left us with the option of running BIND from ports either in a jail, or as an ordinary service. The old BIND in base was able to run in a chroot environment, isolated from the rest of the system.

Some of us believe a chroot is a good compromise between running BIND as an unisolated service or in a jail. I personally believe the removal of /etc/namedb and /var/named as part of make delete-old is premature, as most of us would like to continue keeping all BIND related files in /var/named/etc/namedb.

Harald Schmalzbauer has been kind enough to recreate a chroot environment for dns/bind910. I guess the same patches can be used for dns/bind99 with some minor tweaking.

Take a look at Harald’s contribution if you feel a jail is too much work for a simple service like DNS. Continue reading Missing chroot for dns/bind9{9,10}?

Having trouble starting named from dns/bind99 automatically? Here’s how I solved it!

I tried to convince named from dns/bind99, as of r333563, to start automatically at (re)boot on stable/10 and head.

My /etc/rc.conf file contains lines like these:

named_enable="YES"
named_program="/usr/local/sbin/named"
named_wait="YES"
named_wait_host="localhost"
named_auto_forward="YES"
named_auto_forward_only="YES"

Eventually, I resolved the matter using the following patch:

--- named.orig  2013-11-18 15:51:27.339844000 +0100
+++ named       2013-11-18 15:53:35.587723548 +0100
@@ -19,15 +19,15 @@
 reload_cmd="named_reload"
 stop_cmd="named_stop"

-named_enable="NO"              # Run named, the DNS server (or NO).
-named_program="/usr/local/sbin/named"  # Path to named, if you want a different one.
-named_conf="/usr/local/etc/namedb/named.conf"  # Path to the configuration file
+named_enable=${named_enable-"NO"}              # Run named, the DNS server (or NO).
+named_program=${named_program-"/usr/local/sbin/named"} # Path to named, if you want a different one.
+named_conf=${named_conf-"/usr/local/etc/namedb/named.conf"}    # Path to the configuration file
 #named_flags=""                        # Use this for flags OTHER than -u and -c
-named_uid="bind"               # User to run named as
-named_wait="NO"                        # Wait for working name service before exiting
-named_wait_host="localhost"    # Hostname to check if named_wait is enabled
-named_auto_forward="NO"                # Set up forwarders from /etc/resolv.conf
-named_auto_forward_only="NO"   # Do "forward only" instead of "forward first"
+named_uid=${named_uid-"bind"}          # User to run named as
+named_wait=${named_wait-"NO"}                  # Wait for working name service before exiting
+named_wait_host=${named_wait_host-"localhost"} # Hostname to check if named_wait is enabled
+named_auto_forward=${named_auto_forward-"NO"}          # Set up forwarders from /etc/resolv.conf
+named_auto_forward_only=${named_auto_forward_only-"NO"}        # Do "forward only" instead of "forward first"

 named_poststart() {
        if checkyesno named_wait; then

The tabs are missing, so you better apply this patch by hand. It’s not that difficult.

I have emailed the patch to the maintainer of dns/bind99, and I hope the patch hits the Subversion repos within a day or two.