Damir R. Islamov
2021-01-22 08:10:01 UTC
Package: bind9
Version: 1:9.16.11-1
Severity: important
Dear Maintainer,
After bind9 update to 1:9.16.11-1, named daemon cannot start dou to 11/SEGV signal.
Full log is like this:
Jan 22 14:40:47 trefle systemd[1]: Started BIND Domain Name Server.
Jan 22 14:40:47 trefle named[1317468]: starting BIND 9.16.11-Debian (Stable Release) <id:9ff601b>
Jan 22 14:40:47 trefle named[1317468]: running on Linux x86_64 5.10.0-1-amd64 #1 SMP Debian 5.10.5-1 (2021-01-09)
Jan 22 14:40:47 trefle named[1317468]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-udv6N3/bind9-9.16.11=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
Jan 22 14:40:47 trefle named[1317468]: running as: named -f -u bind
Jan 22 14:40:47 trefle named[1317468]: compiled by GCC 10.2.1 20210110
Jan 22 14:40:47 trefle named[1317468]: compiled with OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:47 trefle named[1317468]: linked to OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:47 trefle named[1317468]: compiled with libxml2 version: 2.9.10
Jan 22 14:40:47 trefle named[1317468]: linked to libxml2 version: 20910
Jan 22 14:40:47 trefle named[1317468]: compiled with json-c version: 0.15
Jan 22 14:40:47 trefle named[1317468]: linked to json-c version: 0.15
Jan 22 14:40:47 trefle named[1317468]: compiled with zlib version: 1.2.11
Jan 22 14:40:47 trefle named[1317468]: linked to zlib version: 1.2.11
Jan 22 14:40:47 trefle named[1317468]: ----------------------------------------------------
Jan 22 14:40:47 trefle named[1317468]: BIND 9 is maintained by Internet Systems Consortium,
Jan 22 14:40:47 trefle named[1317468]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jan 22 14:40:47 trefle named[1317468]: corporation. Support and training for BIND 9 are
Jan 22 14:40:47 trefle named[1317468]: available at https://www.isc.org/support
Jan 22 14:40:47 trefle named[1317468]: ----------------------------------------------------
Jan 22 14:40:47 trefle named[1317468]: adjusted limit on open files from 524288 to 1048576
Jan 22 14:40:47 trefle named[1317468]: found 8 CPUs, using 8 worker threads
Jan 22 14:40:47 trefle named[1317468]: using 8 UDP listeners per interface
Jan 22 14:40:47 trefle named[1317468]: using up to 21000 sockets
Jan 22 14:40:47 trefle named[1317468]: loading configuration from '/etc/bind/named.conf'
Jan 22 14:40:47 trefle named[1317468]: reading built-in trust anchors from file '/etc/bind/bind.keys'
Jan 22 14:40:47 trefle named[1317468]: looking for GeoIP2 databases in '/usr/share/GeoIP'
Jan 22 14:40:47 trefle named[1317468]: using default UDP/IPv4 port range: [32768, 60999]
Jan 22 14:40:47 trefle named[1317468]: using default UDP/IPv6 port range: [32768, 60999]
Jan 22 14:40:47 trefle named[1317468]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 22 14:40:47 trefle named[1317468]: listening on IPv4 interface eth0, 10.250.0.1#53
Jan 22 14:40:47 trefle named[1317468]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately
Jan 22 14:40:47 trefle named[1317468]: listening on IPv6 interface lo, ::1#53
Jan 22 14:40:47 trefle named[1317468]: listening on IPv6 interface eth0, fd3a:49e:a53d:0:76d4:35ff:febc:1476#53
Jan 22 14:40:47 trefle named[1317468]: listening on IPv6 interface eth0, fe80::76d4:35ff:febc:1476%2#53
Jan 22 14:40:47 trefle named[1317468]: generating session key for dynamic DNS
Jan 22 14:40:47 trefle named[1317468]: sizing zone task pool based on 24 zones
Jan 22 14:40:47 trefle systemd[1]: named.service: Main process exited, code=killed, status=11/SEGV
Jan 22 14:40:47 trefle systemd[1]: named.service: Failed with result 'signal'.
Jan 22 14:40:47 trefle systemd[1]: named.service: Scheduled restart job, restart counter is at 3.
Jan 22 14:40:47 trefle systemd[1]: Stopped BIND Domain Name Server.
Jan 22 14:40:47 trefle systemd[1]: Started BIND Domain Name Server.
Jan 22 14:40:47 trefle named[1317495]: starting BIND 9.16.11-Debian (Stable Release) <id:9ff601b>
Jan 22 14:40:47 trefle named[1317495]: running on Linux x86_64 5.10.0-1-amd64 #1 SMP Debian 5.10.5-1 (2021-01-09)
Jan 22 14:40:47 trefle named[1317495]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-udv6N3/bind9-9.16.11=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
Jan 22 14:40:47 trefle named[1317495]: running as: named -f -u bind
Jan 22 14:40:47 trefle named[1317495]: compiled by GCC 10.2.1 20210110
Jan 22 14:40:47 trefle named[1317495]: compiled with OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:47 trefle named[1317495]: linked to OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:47 trefle named[1317495]: compiled with libxml2 version: 2.9.10
Jan 22 14:40:47 trefle named[1317495]: linked to libxml2 version: 20910
Jan 22 14:40:47 trefle named[1317495]: compiled with json-c version: 0.15
Jan 22 14:40:47 trefle named[1317495]: linked to json-c version: 0.15
Jan 22 14:40:47 trefle named[1317495]: compiled with zlib version: 1.2.11
Jan 22 14:40:47 trefle named[1317495]: linked to zlib version: 1.2.11
Jan 22 14:40:47 trefle named[1317495]: ----------------------------------------------------
Jan 22 14:40:47 trefle named[1317495]: BIND 9 is maintained by Internet Systems Consortium,
Jan 22 14:40:47 trefle named[1317495]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jan 22 14:40:47 trefle named[1317495]: corporation. Support and training for BIND 9 are
Jan 22 14:40:47 trefle named[1317495]: available at https://www.isc.org/support
Jan 22 14:40:47 trefle named[1317495]: ----------------------------------------------------
Jan 22 14:40:47 trefle named[1317495]: adjusted limit on open files from 524288 to 1048576
Jan 22 14:40:47 trefle named[1317495]: found 8 CPUs, using 8 worker threads
Jan 22 14:40:47 trefle named[1317495]: using 8 UDP listeners per interface
Jan 22 14:40:47 trefle named[1317495]: using up to 21000 sockets
Jan 22 14:40:47 trefle named[1317495]: loading configuration from '/etc/bind/named.conf'
Jan 22 14:40:47 trefle named[1317495]: reading built-in trust anchors from file '/etc/bind/bind.keys'
Jan 22 14:40:47 trefle named[1317495]: looking for GeoIP2 databases in '/usr/share/GeoIP'
Jan 22 14:40:47 trefle named[1317495]: using default UDP/IPv4 port range: [32768, 60999]
Jan 22 14:40:47 trefle named[1317495]: using default UDP/IPv6 port range: [32768, 60999]
Jan 22 14:40:47 trefle named[1317495]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 22 14:40:47 trefle named[1317495]: listening on IPv4 interface eth0, 10.250.0.1#53
Jan 22 14:40:47 trefle named[1317495]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately
Jan 22 14:40:47 trefle named[1317495]: listening on IPv6 interface lo, ::1#53
Jan 22 14:40:47 trefle named[1317495]: listening on IPv6 interface eth0, fd3a:49e:a53d:0:76d4:35ff:febc:1476#53
Jan 22 14:40:47 trefle named[1317495]: listening on IPv6 interface eth0, fe80::76d4:35ff:febc:1476%2#53
Jan 22 14:40:47 trefle named[1317495]: generating session key for dynamic DNS
Jan 22 14:40:47 trefle named[1317495]: sizing zone task pool based on 24 zones
Jan 22 14:40:47 trefle systemd[1]: named.service: Main process exited, code=killed, status=11/SEGV
Jan 22 14:40:47 trefle systemd[1]: named.service: Failed with result 'signal'.
Jan 22 14:40:48 trefle systemd[1]: named.service: Scheduled restart job, restart counter is at 4.
Jan 22 14:40:48 trefle systemd[1]: Stopped BIND Domain Name Server.
Jan 22 14:40:48 trefle systemd[1]: Started BIND Domain Name Server.
Jan 22 14:40:48 trefle named[1317522]: starting BIND 9.16.11-Debian (Stable Release) <id:9ff601b>
Jan 22 14:40:48 trefle named[1317522]: running on Linux x86_64 5.10.0-1-amd64 #1 SMP Debian 5.10.5-1 (2021-01-09)
Jan 22 14:40:48 trefle named[1317522]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-udv6N3/bind9-9.16.11=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
Jan 22 14:40:48 trefle named[1317522]: running as: named -f -u bind
Jan 22 14:40:48 trefle named[1317522]: compiled by GCC 10.2.1 20210110
Jan 22 14:40:48 trefle named[1317522]: compiled with OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:48 trefle named[1317522]: linked to OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:48 trefle named[1317522]: compiled with libxml2 version: 2.9.10
Jan 22 14:40:48 trefle named[1317522]: linked to libxml2 version: 20910
Jan 22 14:40:48 trefle named[1317522]: compiled with json-c version: 0.15
Jan 22 14:40:48 trefle named[1317522]: linked to json-c version: 0.15
Jan 22 14:40:48 trefle named[1317522]: compiled with zlib version: 1.2.11
Jan 22 14:40:48 trefle named[1317522]: linked to zlib version: 1.2.11
Jan 22 14:40:48 trefle named[1317522]: ----------------------------------------------------
Jan 22 14:40:48 trefle named[1317522]: BIND 9 is maintained by Internet Systems Consortium,
Jan 22 14:40:48 trefle named[1317522]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jan 22 14:40:48 trefle named[1317522]: corporation. Support and training for BIND 9 are
Jan 22 14:40:48 trefle named[1317522]: available at https://www.isc.org/support
Jan 22 14:40:48 trefle named[1317522]: ----------------------------------------------------
Jan 22 14:40:48 trefle named[1317522]: adjusted limit on open files from 524288 to 1048576
Jan 22 14:40:48 trefle named[1317522]: found 8 CPUs, using 8 worker threads
Jan 22 14:40:48 trefle named[1317522]: using 8 UDP listeners per interface
Jan 22 14:40:48 trefle named[1317522]: using up to 21000 sockets
Jan 22 14:40:48 trefle named[1317522]: loading configuration from '/etc/bind/named.conf'
Jan 22 14:40:48 trefle named[1317522]: reading built-in trust anchors from file '/etc/bind/bind.keys'
Jan 22 14:40:48 trefle named[1317522]: looking for GeoIP2 databases in '/usr/share/GeoIP'
Jan 22 14:40:48 trefle named[1317522]: using default UDP/IPv4 port range: [32768, 60999]
Jan 22 14:40:48 trefle named[1317522]: using default UDP/IPv6 port range: [32768, 60999]
Jan 22 14:40:48 trefle named[1317522]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 22 14:40:48 trefle named[1317522]: listening on IPv4 interface eth0, 10.250.0.1#53
Jan 22 14:40:48 trefle named[1317522]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately
Jan 22 14:40:48 trefle named[1317522]: listening on IPv6 interface lo, ::1#53
Jan 22 14:40:48 trefle named[1317522]: listening on IPv6 interface eth0, fd3a:49e:a53d:0:76d4:35ff:febc:1476#53
Jan 22 14:40:48 trefle named[1317522]: listening on IPv6 interface eth0, fe80::76d4:35ff:febc:1476%2#53
Jan 22 14:40:48 trefle named[1317522]: generating session key for dynamic DNS
Jan 22 14:40:48 trefle named[1317522]: sizing zone task pool based on 24 zones
Jan 22 14:40:48 trefle systemd[1]: named.service: Main process exited, code=killed, status=11/SEGV
Jan 22 14:40:48 trefle systemd[1]: named.service: Failed with result 'signal'.
Jan 22 14:40:48 trefle systemd[1]: named.service: Scheduled restart job, restart counter is at 5.
Jan 22 14:40:48 trefle systemd[1]: Stopped BIND Domain Name Server.
Jan 22 14:40:48 trefle systemd[1]: named.service: Start request repeated too quickly.
Jan 22 14:40:48 trefle systemd[1]: named.service: Failed with result 'signal'.
Jan 22 14:40:48 trefle systemd[1]: Failed to start BIND Domain Name Server.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-1-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages bind9 depends on:
ii adduser 3.118
ii bind9-libs 1:9.16.11-1
ii bind9-utils 1:9.16.11-1
ii debconf [debconf-2.0] 1.5.74
ii dns-root-data 2019052802
ii init-system-helpers 1.60
ii iproute2 5.10.0-3
ii libc6 2.31-9
ii libcap2 1:2.44-1
ii libfstrm0 0.6.0-1+b1
ii libjson-c5 0.15-1
ii liblmdb0 0.9.24-1
ii libmaxminddb0 1.5.0-1
ii libprotobuf-c1 1.3.3-1+b2
ii libssl1.1 1.1.1i-2
ii libuv1 1.40.0-1
ii libxml2 2.9.10+dfsg-6.3+b1
ii lsb-base 11.1.0
ii netbase 6.2
ii zlib1g 1:1.2.11.dfsg-2
bind9 recommends no packages.
Versions of packages bind9 suggests:
pn bind-doc <none>
ii bind9-dnsutils [dnsutils] 1:9.16.11-1
pn resolvconf <none>
pn ufw <none>
-- Configuration Files:
/etc/bind/named.conf changed:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/certbot-ddns.key";
//include "/etc/bind/named.conf.default-zones";
/etc/bind/named.conf.local changed:
//
// Do any local configuration here
//
logging {
channel security_file {
file "/var/log/named/security.log" versions 3 size 30m;
severity dynamic;
print-time yes;
};
category security {
security_file;
};
};
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
acl nsnicru { 91.217.20.0/26; 91.217.21.0/26; 194.226.96.192/28; 31.177.66.192/28; 195.253.54.22; 195.253.51.22; };
acl nstriflenet { 195.24.128.164; };
acl trefleru { 80.89.203.170; 83.234.135.17; };
view "internal" {
// This should match our internal networks.
match-clients { !key certbot-ddns-key; localnets; trefleru;};
// Provide recursive service to internal clients only.
recursion yes;
// Enable all empty zones.
empty-zones-enable yes;
// Provide a complete view of the example.com zone
// including addresses of internal hosts.
include "/etc/bind/named.conf.default-zones";
// Local zones on Trefle
zone "trefle.ru." {
type master;
file "m/db.trefle.ru-local";
allow-query { localnets; };
allow-transfer { localnets; };
allow-update { trefleru; };
};
zone "0.250.10.in-addr.arpa." {
type master;
file "m/db.10.250.0";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "0.251.10.in-addr.arpa." {
type master;
file "m/db.10.251.0";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "0.252.10.in-addr.arpa." {
type master;
file "m/db.10.252.0";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "b.a.e.8.0.d.0.0.1.0.a.2.ip6.arpa." {
type master;
file "m/db.2a01.d0.ffff.eab";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "belka.trefle.ru." {
type master;
file "m/db.belka.trefle.ru-local";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
allow-update { trefleru; };
};
zone "gofman.biz." {
type master;
file "m/db.gofman.biz-local";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "gofman.su." {
type master;
file "m/db.gofman.su-local";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "secretlaboratory.ru." {
type master;
file "m/db.secretlaboratory.ru-local";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
// Zones from Academ.org
zone "academ.local." {
type forward;
forwarders {
85.118.224.121;
89.31.118.1;
};
};
zone "academ.info." {
type forward;
forwarders {
85.118.224.121;
89.31.118.1;
};
};
};
view "external" {
// Enable all empty zones.
empty-zones-enable yes;
// Match all clients not matched by the previous view.
match-clients { key certbot-ddns-key; any; };
// Refuse recursive service to external clients.
allow-recursion {
trefleru;
};
// Provide a restricted view of the example.com zone
// containing only publicly accessible hosts.
zone "trefle.ru." {
type master;
file "m/db.trefle.ru";
//file "m/db.trefle.ru.signed";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; trefleru; };
notify yes;
also-notify { 195.253.54.22; 195.253.51.22; };
update-policy {
grant certbot-ddns-key zonesub ANY;
};
};
zone "170/32.203.89.80.in-addr.arpa." {
type master;
file "m/db.80.89.203.170";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; trefleru; };
};
zone "0.252.10.in-addr.arpa." {
type master;
file "m/db.10.252.0";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "b.a.e.8.0.d.0.0.1.0.a.2.ip6.arpa." {
type master;
file "m/db.2a01.d0.ffff.eab";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "belka.trefle.ru." {
type master;
file "m/db.belka.trefle.ru";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; trefleru; };
notify yes;
also-notify { 195.253.54.22; 195.253.51.22; };
};
zone "gofman.biz." {
type master;
file "m/db.gofman.biz";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
update-policy {
grant certbot-ddns-key zonesub ANY;
};
};
zone "gofman.su." {
type master;
file "m/db.gofman.su";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "secretlaboratory.ru." {
type master;
file "m/db.secretlaboratory.ru";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
notify yes;
also-notify { 195.253.54.22; 195.253.51.22; };
update-policy {
grant certbot-ddns-key zonesub ANY;
};
};
};
-- debconf information:
bind9/run-resolvconf: true
bind9/start-as-user: bind
bind9/different-configuration-file:
Version: 1:9.16.11-1
Severity: important
Dear Maintainer,
After bind9 update to 1:9.16.11-1, named daemon cannot start dou to 11/SEGV signal.
Full log is like this:
Jan 22 14:40:47 trefle systemd[1]: Started BIND Domain Name Server.
Jan 22 14:40:47 trefle named[1317468]: starting BIND 9.16.11-Debian (Stable Release) <id:9ff601b>
Jan 22 14:40:47 trefle named[1317468]: running on Linux x86_64 5.10.0-1-amd64 #1 SMP Debian 5.10.5-1 (2021-01-09)
Jan 22 14:40:47 trefle named[1317468]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-udv6N3/bind9-9.16.11=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
Jan 22 14:40:47 trefle named[1317468]: running as: named -f -u bind
Jan 22 14:40:47 trefle named[1317468]: compiled by GCC 10.2.1 20210110
Jan 22 14:40:47 trefle named[1317468]: compiled with OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:47 trefle named[1317468]: linked to OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:47 trefle named[1317468]: compiled with libxml2 version: 2.9.10
Jan 22 14:40:47 trefle named[1317468]: linked to libxml2 version: 20910
Jan 22 14:40:47 trefle named[1317468]: compiled with json-c version: 0.15
Jan 22 14:40:47 trefle named[1317468]: linked to json-c version: 0.15
Jan 22 14:40:47 trefle named[1317468]: compiled with zlib version: 1.2.11
Jan 22 14:40:47 trefle named[1317468]: linked to zlib version: 1.2.11
Jan 22 14:40:47 trefle named[1317468]: ----------------------------------------------------
Jan 22 14:40:47 trefle named[1317468]: BIND 9 is maintained by Internet Systems Consortium,
Jan 22 14:40:47 trefle named[1317468]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jan 22 14:40:47 trefle named[1317468]: corporation. Support and training for BIND 9 are
Jan 22 14:40:47 trefle named[1317468]: available at https://www.isc.org/support
Jan 22 14:40:47 trefle named[1317468]: ----------------------------------------------------
Jan 22 14:40:47 trefle named[1317468]: adjusted limit on open files from 524288 to 1048576
Jan 22 14:40:47 trefle named[1317468]: found 8 CPUs, using 8 worker threads
Jan 22 14:40:47 trefle named[1317468]: using 8 UDP listeners per interface
Jan 22 14:40:47 trefle named[1317468]: using up to 21000 sockets
Jan 22 14:40:47 trefle named[1317468]: loading configuration from '/etc/bind/named.conf'
Jan 22 14:40:47 trefle named[1317468]: reading built-in trust anchors from file '/etc/bind/bind.keys'
Jan 22 14:40:47 trefle named[1317468]: looking for GeoIP2 databases in '/usr/share/GeoIP'
Jan 22 14:40:47 trefle named[1317468]: using default UDP/IPv4 port range: [32768, 60999]
Jan 22 14:40:47 trefle named[1317468]: using default UDP/IPv6 port range: [32768, 60999]
Jan 22 14:40:47 trefle named[1317468]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 22 14:40:47 trefle named[1317468]: listening on IPv4 interface eth0, 10.250.0.1#53
Jan 22 14:40:47 trefle named[1317468]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately
Jan 22 14:40:47 trefle named[1317468]: listening on IPv6 interface lo, ::1#53
Jan 22 14:40:47 trefle named[1317468]: listening on IPv6 interface eth0, fd3a:49e:a53d:0:76d4:35ff:febc:1476#53
Jan 22 14:40:47 trefle named[1317468]: listening on IPv6 interface eth0, fe80::76d4:35ff:febc:1476%2#53
Jan 22 14:40:47 trefle named[1317468]: generating session key for dynamic DNS
Jan 22 14:40:47 trefle named[1317468]: sizing zone task pool based on 24 zones
Jan 22 14:40:47 trefle systemd[1]: named.service: Main process exited, code=killed, status=11/SEGV
Jan 22 14:40:47 trefle systemd[1]: named.service: Failed with result 'signal'.
Jan 22 14:40:47 trefle systemd[1]: named.service: Scheduled restart job, restart counter is at 3.
Jan 22 14:40:47 trefle systemd[1]: Stopped BIND Domain Name Server.
Jan 22 14:40:47 trefle systemd[1]: Started BIND Domain Name Server.
Jan 22 14:40:47 trefle named[1317495]: starting BIND 9.16.11-Debian (Stable Release) <id:9ff601b>
Jan 22 14:40:47 trefle named[1317495]: running on Linux x86_64 5.10.0-1-amd64 #1 SMP Debian 5.10.5-1 (2021-01-09)
Jan 22 14:40:47 trefle named[1317495]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-udv6N3/bind9-9.16.11=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
Jan 22 14:40:47 trefle named[1317495]: running as: named -f -u bind
Jan 22 14:40:47 trefle named[1317495]: compiled by GCC 10.2.1 20210110
Jan 22 14:40:47 trefle named[1317495]: compiled with OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:47 trefle named[1317495]: linked to OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:47 trefle named[1317495]: compiled with libxml2 version: 2.9.10
Jan 22 14:40:47 trefle named[1317495]: linked to libxml2 version: 20910
Jan 22 14:40:47 trefle named[1317495]: compiled with json-c version: 0.15
Jan 22 14:40:47 trefle named[1317495]: linked to json-c version: 0.15
Jan 22 14:40:47 trefle named[1317495]: compiled with zlib version: 1.2.11
Jan 22 14:40:47 trefle named[1317495]: linked to zlib version: 1.2.11
Jan 22 14:40:47 trefle named[1317495]: ----------------------------------------------------
Jan 22 14:40:47 trefle named[1317495]: BIND 9 is maintained by Internet Systems Consortium,
Jan 22 14:40:47 trefle named[1317495]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jan 22 14:40:47 trefle named[1317495]: corporation. Support and training for BIND 9 are
Jan 22 14:40:47 trefle named[1317495]: available at https://www.isc.org/support
Jan 22 14:40:47 trefle named[1317495]: ----------------------------------------------------
Jan 22 14:40:47 trefle named[1317495]: adjusted limit on open files from 524288 to 1048576
Jan 22 14:40:47 trefle named[1317495]: found 8 CPUs, using 8 worker threads
Jan 22 14:40:47 trefle named[1317495]: using 8 UDP listeners per interface
Jan 22 14:40:47 trefle named[1317495]: using up to 21000 sockets
Jan 22 14:40:47 trefle named[1317495]: loading configuration from '/etc/bind/named.conf'
Jan 22 14:40:47 trefle named[1317495]: reading built-in trust anchors from file '/etc/bind/bind.keys'
Jan 22 14:40:47 trefle named[1317495]: looking for GeoIP2 databases in '/usr/share/GeoIP'
Jan 22 14:40:47 trefle named[1317495]: using default UDP/IPv4 port range: [32768, 60999]
Jan 22 14:40:47 trefle named[1317495]: using default UDP/IPv6 port range: [32768, 60999]
Jan 22 14:40:47 trefle named[1317495]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 22 14:40:47 trefle named[1317495]: listening on IPv4 interface eth0, 10.250.0.1#53
Jan 22 14:40:47 trefle named[1317495]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately
Jan 22 14:40:47 trefle named[1317495]: listening on IPv6 interface lo, ::1#53
Jan 22 14:40:47 trefle named[1317495]: listening on IPv6 interface eth0, fd3a:49e:a53d:0:76d4:35ff:febc:1476#53
Jan 22 14:40:47 trefle named[1317495]: listening on IPv6 interface eth0, fe80::76d4:35ff:febc:1476%2#53
Jan 22 14:40:47 trefle named[1317495]: generating session key for dynamic DNS
Jan 22 14:40:47 trefle named[1317495]: sizing zone task pool based on 24 zones
Jan 22 14:40:47 trefle systemd[1]: named.service: Main process exited, code=killed, status=11/SEGV
Jan 22 14:40:47 trefle systemd[1]: named.service: Failed with result 'signal'.
Jan 22 14:40:48 trefle systemd[1]: named.service: Scheduled restart job, restart counter is at 4.
Jan 22 14:40:48 trefle systemd[1]: Stopped BIND Domain Name Server.
Jan 22 14:40:48 trefle systemd[1]: Started BIND Domain Name Server.
Jan 22 14:40:48 trefle named[1317522]: starting BIND 9.16.11-Debian (Stable Release) <id:9ff601b>
Jan 22 14:40:48 trefle named[1317522]: running on Linux x86_64 5.10.0-1-amd64 #1 SMP Debian 5.10.5-1 (2021-01-09)
Jan 22 14:40:48 trefle named[1317522]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-udv6N3/bind9-9.16.11=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
Jan 22 14:40:48 trefle named[1317522]: running as: named -f -u bind
Jan 22 14:40:48 trefle named[1317522]: compiled by GCC 10.2.1 20210110
Jan 22 14:40:48 trefle named[1317522]: compiled with OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:48 trefle named[1317522]: linked to OpenSSL version: OpenSSL 1.1.1i 8 Dec 2020
Jan 22 14:40:48 trefle named[1317522]: compiled with libxml2 version: 2.9.10
Jan 22 14:40:48 trefle named[1317522]: linked to libxml2 version: 20910
Jan 22 14:40:48 trefle named[1317522]: compiled with json-c version: 0.15
Jan 22 14:40:48 trefle named[1317522]: linked to json-c version: 0.15
Jan 22 14:40:48 trefle named[1317522]: compiled with zlib version: 1.2.11
Jan 22 14:40:48 trefle named[1317522]: linked to zlib version: 1.2.11
Jan 22 14:40:48 trefle named[1317522]: ----------------------------------------------------
Jan 22 14:40:48 trefle named[1317522]: BIND 9 is maintained by Internet Systems Consortium,
Jan 22 14:40:48 trefle named[1317522]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jan 22 14:40:48 trefle named[1317522]: corporation. Support and training for BIND 9 are
Jan 22 14:40:48 trefle named[1317522]: available at https://www.isc.org/support
Jan 22 14:40:48 trefle named[1317522]: ----------------------------------------------------
Jan 22 14:40:48 trefle named[1317522]: adjusted limit on open files from 524288 to 1048576
Jan 22 14:40:48 trefle named[1317522]: found 8 CPUs, using 8 worker threads
Jan 22 14:40:48 trefle named[1317522]: using 8 UDP listeners per interface
Jan 22 14:40:48 trefle named[1317522]: using up to 21000 sockets
Jan 22 14:40:48 trefle named[1317522]: loading configuration from '/etc/bind/named.conf'
Jan 22 14:40:48 trefle named[1317522]: reading built-in trust anchors from file '/etc/bind/bind.keys'
Jan 22 14:40:48 trefle named[1317522]: looking for GeoIP2 databases in '/usr/share/GeoIP'
Jan 22 14:40:48 trefle named[1317522]: using default UDP/IPv4 port range: [32768, 60999]
Jan 22 14:40:48 trefle named[1317522]: using default UDP/IPv6 port range: [32768, 60999]
Jan 22 14:40:48 trefle named[1317522]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 22 14:40:48 trefle named[1317522]: listening on IPv4 interface eth0, 10.250.0.1#53
Jan 22 14:40:48 trefle named[1317522]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately
Jan 22 14:40:48 trefle named[1317522]: listening on IPv6 interface lo, ::1#53
Jan 22 14:40:48 trefle named[1317522]: listening on IPv6 interface eth0, fd3a:49e:a53d:0:76d4:35ff:febc:1476#53
Jan 22 14:40:48 trefle named[1317522]: listening on IPv6 interface eth0, fe80::76d4:35ff:febc:1476%2#53
Jan 22 14:40:48 trefle named[1317522]: generating session key for dynamic DNS
Jan 22 14:40:48 trefle named[1317522]: sizing zone task pool based on 24 zones
Jan 22 14:40:48 trefle systemd[1]: named.service: Main process exited, code=killed, status=11/SEGV
Jan 22 14:40:48 trefle systemd[1]: named.service: Failed with result 'signal'.
Jan 22 14:40:48 trefle systemd[1]: named.service: Scheduled restart job, restart counter is at 5.
Jan 22 14:40:48 trefle systemd[1]: Stopped BIND Domain Name Server.
Jan 22 14:40:48 trefle systemd[1]: named.service: Start request repeated too quickly.
Jan 22 14:40:48 trefle systemd[1]: named.service: Failed with result 'signal'.
Jan 22 14:40:48 trefle systemd[1]: Failed to start BIND Domain Name Server.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-1-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages bind9 depends on:
ii adduser 3.118
ii bind9-libs 1:9.16.11-1
ii bind9-utils 1:9.16.11-1
ii debconf [debconf-2.0] 1.5.74
ii dns-root-data 2019052802
ii init-system-helpers 1.60
ii iproute2 5.10.0-3
ii libc6 2.31-9
ii libcap2 1:2.44-1
ii libfstrm0 0.6.0-1+b1
ii libjson-c5 0.15-1
ii liblmdb0 0.9.24-1
ii libmaxminddb0 1.5.0-1
ii libprotobuf-c1 1.3.3-1+b2
ii libssl1.1 1.1.1i-2
ii libuv1 1.40.0-1
ii libxml2 2.9.10+dfsg-6.3+b1
ii lsb-base 11.1.0
ii netbase 6.2
ii zlib1g 1:1.2.11.dfsg-2
bind9 recommends no packages.
Versions of packages bind9 suggests:
pn bind-doc <none>
ii bind9-dnsutils [dnsutils] 1:9.16.11-1
pn resolvconf <none>
pn ufw <none>
-- Configuration Files:
/etc/bind/named.conf changed:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/certbot-ddns.key";
//include "/etc/bind/named.conf.default-zones";
/etc/bind/named.conf.local changed:
//
// Do any local configuration here
//
logging {
channel security_file {
file "/var/log/named/security.log" versions 3 size 30m;
severity dynamic;
print-time yes;
};
category security {
security_file;
};
};
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
acl nsnicru { 91.217.20.0/26; 91.217.21.0/26; 194.226.96.192/28; 31.177.66.192/28; 195.253.54.22; 195.253.51.22; };
acl nstriflenet { 195.24.128.164; };
acl trefleru { 80.89.203.170; 83.234.135.17; };
view "internal" {
// This should match our internal networks.
match-clients { !key certbot-ddns-key; localnets; trefleru;};
// Provide recursive service to internal clients only.
recursion yes;
// Enable all empty zones.
empty-zones-enable yes;
// Provide a complete view of the example.com zone
// including addresses of internal hosts.
include "/etc/bind/named.conf.default-zones";
// Local zones on Trefle
zone "trefle.ru." {
type master;
file "m/db.trefle.ru-local";
allow-query { localnets; };
allow-transfer { localnets; };
allow-update { trefleru; };
};
zone "0.250.10.in-addr.arpa." {
type master;
file "m/db.10.250.0";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "0.251.10.in-addr.arpa." {
type master;
file "m/db.10.251.0";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "0.252.10.in-addr.arpa." {
type master;
file "m/db.10.252.0";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "b.a.e.8.0.d.0.0.1.0.a.2.ip6.arpa." {
type master;
file "m/db.2a01.d0.ffff.eab";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "belka.trefle.ru." {
type master;
file "m/db.belka.trefle.ru-local";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
allow-update { trefleru; };
};
zone "gofman.biz." {
type master;
file "m/db.gofman.biz-local";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "gofman.su." {
type master;
file "m/db.gofman.su-local";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "secretlaboratory.ru." {
type master;
file "m/db.secretlaboratory.ru-local";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
// Zones from Academ.org
zone "academ.local." {
type forward;
forwarders {
85.118.224.121;
89.31.118.1;
};
};
zone "academ.info." {
type forward;
forwarders {
85.118.224.121;
89.31.118.1;
};
};
};
view "external" {
// Enable all empty zones.
empty-zones-enable yes;
// Match all clients not matched by the previous view.
match-clients { key certbot-ddns-key; any; };
// Refuse recursive service to external clients.
allow-recursion {
trefleru;
};
// Provide a restricted view of the example.com zone
// containing only publicly accessible hosts.
zone "trefle.ru." {
type master;
file "m/db.trefle.ru";
//file "m/db.trefle.ru.signed";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; trefleru; };
notify yes;
also-notify { 195.253.54.22; 195.253.51.22; };
update-policy {
grant certbot-ddns-key zonesub ANY;
};
};
zone "170/32.203.89.80.in-addr.arpa." {
type master;
file "m/db.80.89.203.170";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; trefleru; };
};
zone "0.252.10.in-addr.arpa." {
type master;
file "m/db.10.252.0";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "b.a.e.8.0.d.0.0.1.0.a.2.ip6.arpa." {
type master;
file "m/db.2a01.d0.ffff.eab";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "belka.trefle.ru." {
type master;
file "m/db.belka.trefle.ru";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; trefleru; };
notify yes;
also-notify { 195.253.54.22; 195.253.51.22; };
};
zone "gofman.biz." {
type master;
file "m/db.gofman.biz";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
update-policy {
grant certbot-ddns-key zonesub ANY;
};
};
zone "gofman.su." {
type master;
file "m/db.gofman.su";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
};
zone "secretlaboratory.ru." {
type master;
file "m/db.secretlaboratory.ru";
allow-query { any; };
allow-transfer { nsnicru; nstriflenet; };
notify yes;
also-notify { 195.253.54.22; 195.253.51.22; };
update-policy {
grant certbot-ddns-key zonesub ANY;
};
};
};
-- debconf information:
bind9/run-resolvconf: true
bind9/start-as-user: bind
bind9/different-configuration-file: