這個綁定錯誤是什麼意思？

背景

我正在嘗試使用dnssec-lookaside選項設置遞歸 DNSSec 伺服器。遵循本指南。

錯誤資訊

root@dnssec:/home/jose# systemctl status bind9
● bind9.service - BIND Domain Name Server
  Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
  Active: failed (Result: signal) since Sun 2020-01-19 18:54:09 UTC; 1s ago
    Docs: man:named(8)
 Process: 1617 ExecStart=/usr/sbin/named -f $OPTIONS (code=killed, signal=ABRT)
Main PID: 1617 (code=killed, signal=ABRT)

ene 19 18:54:09 dnssec named[1617]: #2 0x7f3fa9fd125e in ??
ene 19 18:54:09 dnssec named[1617]: #3 0x561ca9e89856 in ??
ene 19 18:54:09 dnssec named[1617]: #4 0x561ca9ecbc00 in ??
ene 19 18:54:09 dnssec named[1617]: #5 0x561ca9ecd343 in ??
ene 19 18:54:09 dnssec named[1617]: #6 0x7f3fa9b6fd99 in ??
ene 19 18:54:09 dnssec named[1617]: #7 0x7f3fa90e86db in ??
ene 19 18:54:09 dnssec named[1617]: #8 0x7f3fa881c88f in ??
ene 19 18:54:09 dnssec named[1617]: exiting (due to assertion failure)
ene 19 18:54:09 dnssec systemd[1]: bind9.service: Main process exited, code=killed, status=6/ABRT
ene 19 18:54:09 dnssec systemd[1]: bind9.service: Failed with result 'signal'.

綁定配置：

命名.conf

root@dnssec:/home/jose# cat /etc/bind/named.conf

include "/etc/bind/named.conf.options";

include "/etc/bind/named.conf.options.dnssec";


zone "wetlands.cam"{
       type master;
       file "/etc/bind/db.wetlands.cam";
};

zone "30.20.10.in-addr.arpa"{
       type master;
       file "/etc/bind/db.30.20.10";
};

命名.conf.options

root@dnssec:/home/jose# cat /etc/bind/named.conf.options
acl homeLab {
       10.20.30.0/24;
       localhost;
       localnets;
};

options {
       directory "/var/cache/bind";

       recursion yes;
       allow-query { homeLab; };

       forwarders {
               10.20.30.1;
               8.8.8.8;
               8.8.4.4;
       };


       dnssec-enable yes;
       dnssec-validation yes;
       dnssec-lookaside "." trust-anchor auto;

       auth-nxdomain no;    # conform to RFC1035
       listen-on-v6 { none; };

       dnssec-lookaside auto;

};

named.conf.options 還包括日誌，如本文所述，但沒有日誌文件包含有關錯誤的資訊，因此為了便於閱讀，我省略了它。

命名.conf.dnssec

root@dnssec:/home/jose# cat /etc/bind/named.conf.options.dnssec
trusted-keys{
"." 257 3 8
"AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU=";

"cat." 257 3 10
"AwEAAYA2JNjCp4vwA2YjEASi2AyxNSCB8RwAJveS44fCrcOsy3ejVzH4 s1bVKolZdObVAcZcjFd1uusnIZ6SRVpRxs2G9nflbYgCZ1oihfwPuuVE HExUDzu8nFEkivKTL4RBOT6EYNYgbVwG7JVRaCKU8/g1YR+by1cfTAl6 0SgdyMGapN3JlBcYBq9P3bMX0beYWdxTa+NSasAauLemmp84RJwBWtX3 YhAyF3LrCapSfLVkgakNb+kuUbQngnX1ABdioYD5BvFO3TjslwuFy+FU GH8HGaI2F4kwXfpIukUfjhGTnXihG1n1cI3Noy0wOL/twxy9SB66GbxT rNOnoXftnzk=";

"org." 257 3 7
"AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1b dq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5 T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsU ACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jI R2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tp dbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r 8ti6MNoJEHU=";

"dlv.isc.org." 257 3 5
"BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh";

};

journalctl 輸出

ene 19 18:54:09 dnssec systemd[1]: Started BIND Domain Name Server.
ene 19 18:54:09 dnssec named[1617]: starting BIND 9.11.3-1ubuntu1.11-Ubuntu (Extended Support Version) <id:a375815>
ene 19 18:54:09 dnssec named[1617]: running on Linux x86_64 4.15.0-74-generic #84-Ubuntu SMP Thu Dec 19 08:06:28 UTC 2019
ene 19 18:54:09 dnssec named[1617]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexec
ene 19 18:54:09 dnssec named[1617]: running as: named -f -u bind
ene 19 18:54:09 dnssec named[1617]: ----------------------------------------------------
ene 19 18:54:09 dnssec named[1617]: BIND 9 is maintained by Internet Systems Consortium,
ene 19 18:54:09 dnssec named[1617]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
ene 19 18:54:09 dnssec named[1617]: corporation.  Support and training for BIND 9 are
ene 19 18:54:09 dnssec named[1617]: available at https://www.isc.org/support
ene 19 18:54:09 dnssec named[1617]: ----------------------------------------------------
ene 19 18:54:09 dnssec named[1617]: adjusted limit on open files from 4096 to 1048576
ene 19 18:54:09 dnssec named[1617]: found 1 CPU, using 1 worker thread
ene 19 18:54:09 dnssec named[1617]: using 1 UDP listener per interface
ene 19 18:54:09 dnssec named[1617]: using up to 4096 sockets
ene 19 18:54:09 dnssec named[1617]: loading configuration from '/etc/bind/named.conf'
ene 19 18:54:09 dnssec named[1617]: /etc/bind/named.conf.options:27: dnssec-lookaside 'auto' is no longer supported
ene 19 18:54:09 dnssec named[1617]: /etc/bind/named.conf.options.dnssec:1: trusted-key for dlv.isc.org still present; dlv.isc.org has been shut down
ene 19 18:54:09 dnssec named[1617]: reading built-in trust anchors from file '/etc/bind/bind.keys'
ene 19 18:54:09 dnssec named[1617]: initializing GeoIP Country (IPv4) (type 1) DB
ene 19 18:54:09 dnssec named[1617]: GEO-106FREE 20180315 Build
ene 19 18:54:09 dnssec named[1617]: initializing GeoIP Country (IPv6) (type 12) DB
ene 19 18:54:09 dnssec named[1617]: GEO-106FREE 20180315 Build
ene 19 18:54:09 dnssec named[1617]: GeoIP City (IPv4) (type 2) DB not available
ene 19 18:54:09 dnssec named[1617]: GeoIP City (IPv4) (type 6) DB not available
ene 19 18:54:09 dnssec named[1617]: GeoIP City (IPv6) (type 30) DB not available
ene 19 18:54:09 dnssec named[1617]: GeoIP City (IPv6) (type 31) DB not available
ene 19 18:54:09 dnssec named[1617]: GeoIP Region (type 3) DB not available
ene 19 18:54:09 dnssec named[1617]: GeoIP Region (type 7) DB not available
ene 19 18:54:09 dnssec named[1617]: GeoIP ISP (type 4) DB not available
ene 19 18:54:09 dnssec named[1617]: GeoIP Org (type 5) DB not available
ene 19 18:54:09 dnssec named[1617]: GeoIP AS (type 9) DB not available
ene 19 18:54:09 dnssec named[1617]: GeoIP Domain (type 11) DB not available
ene 19 18:54:09 dnssec named[1617]: GeoIP NetSpeed (type 10) DB not available
ene 19 18:54:09 dnssec named[1617]: using default UDP/IPv4 port range: [32768, 60999]
ene 19 18:54:09 dnssec named[1617]: using default UDP/IPv6 port range: [32768, 60999]
ene 19 18:54:09 dnssec named[1617]: listening on IPv4 interface lo, 127.0.0.1#53
ene 19 18:54:09 dnssec named[1617]: listening on IPv4 interface enp0s3, 10.20.30.200#53
ene 19 18:54:09 dnssec named[1617]: listening on IPv4 interface enp0s8, 192.168.56.200#53
ene 19 18:54:09 dnssec named[1617]: generating session key for dynamic DNS
ene 19 18:54:09 dnssec named[1617]: sizing zone task pool based on 2 zones
ene 19 18:54:09 dnssec named[1617]: none:103: 'max-cache-size 90%' - setting to 886MB (out of 985MB)
ene 19 18:54:09 dnssec named[1617]: ../../../lib/isccfg/parser.c:1228: REQUIRE(obj != ((void *)0) && obj->type->rep == &cfg_rep_string) failed, back trace
ene 19 18:54:09 dnssec named[1617]: #0 0x561ca9ea1050 in ??
ene 19 18:54:09 dnssec named[1617]: #1 0x7f3fa9b477da in ??
ene 19 18:54:09 dnssec named[1617]: #2 0x7f3fa9fd125e in ??
ene 19 18:54:09 dnssec named[1617]: #3 0x561ca9e89856 in ??
ene 19 18:54:09 dnssec named[1617]: #4 0x561ca9ecbc00 in ??
ene 19 18:54:09 dnssec named[1617]: #5 0x561ca9ecd343 in ??
ene 19 18:54:09 dnssec named[1617]: #6 0x7f3fa9b6fd99 in ??
ene 19 18:54:09 dnssec named[1617]: #7 0x7f3fa90e86db in ??
ene 19 18:54:09 dnssec named[1617]: #8 0x7f3fa881c88f in ??
ene 19 18:54:09 dnssec named[1617]: exiting (due to assertion failure)
ene 19 18:54:09 dnssec systemd[1]: bind9.service: Main process exited, code=killed, status=6/ABRT
ene 19 18:54:09 dnssec systemd[1]: bind9.service: Failed with result 'signal'.

讀取您的配置時，您的綁定伺服器嚴重失敗。嘗試named-checkconf -p查看語法是否正確。

你有/有的錯誤是一個斷言，當程序員確定某事永遠不會發生時，他們會使用它。所以最終你在bind中遇到了一個錯誤：正確的行為是檢測配置錯誤並列印適當的錯誤消息。

如果您可以重現該錯誤，則應將其報告給綁定問題跟踪器。

引用自：https://serverfault.com/questions/999564