[Pdns-users] public DoH/DoT dnsdist 1.9.8 exited on signal 11

Christoph cm at appliedprivacy.net
Wed Jan 29 22:26:06 UTC 2025 

Hi,

our public DoH/DoT dnsdist instance just crashed.
It is the first time I see a dnsdist crash.
Unfortunately we do not have any core dump.

Jan 29 22:48:09 kernel: pid 75804 (dnsdist), jid 0, uid 208: exited on 
signal 11 (no core dump - bad address)

Our dnsdist runs behind an nginx and forwards queries to recursors.

the config:
lines with secrets were removed
-----------------------------
newServer({address="109.70.100.136", maxInFlight=1000, sockets=32, 
name="clamps"})
newServer({address="109.70.100.140", maxInFlight=1000, sockets=32, 
name="roberto"})
newServer({address="127.0.0.1", sockets=4, name="bender"})
setServerPolicy(leastOutstanding)

addTLSLocal("0.0.0.0", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.crt", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.key", 
{ciphers='ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256', 
minTLSVersion='tls1.2', tcpFastOpenQueueSize=1000, maxInFlight=1000 })
addTLSLocal("[::]", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.crt", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.key", 
{ciphers='ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256', 
minTLSVersion='tls1.2', tcpFastOpenQueueSize=1000, maxInFlight=1000 })

addDOHLocal("0.0.0.0:444", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.crt", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.key", 
"/query", {minTLSVersion='tls1.3', serverTokens='doh', 
tcpFastOpenQueueSize=1000, tcpListenQueueSize=4096 })
addDOHLocal("[::]:444", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.crt", 
"/usr/local/etc/ssl/lego/certificates/doh.applied-privacy.net.key", 
"/query", {minTLSVersion='tls1.3', serverTokens='doh', 
tcpFastOpenQueueSize=1000, tcpListenQueueSize=4096 })

setACL({'0.0.0.0/0', '::/0'})
controlSocket('127.0.0.1:5199')
setConsoleACL('127.0.0.1/8')

pc = newPacketCache(50000, {maxTTL=86400, minTTL=3, 
temporaryFailureTTL=60, staleTTL=60, dontAge=false})
getPool(""):setCache(pc)

webserver("127.0.0.1:8083")
setVerboseHealthChecks(true)
addAction(QTypeRule(65535), RCodeAction(DNSRCode.NOTIMP))




used version on FreeBSD 14.2:
---------------------------
Version        : 1.9.8
Origin         : dns/dnsdist
Architecture   : FreeBSD:14:amd64
Prefix         : /usr/local
Categories     : net dns
Licenses       : MIT, GPLv2, ISCL
Maintainer     : tremere at cainites.net
WWW            : https://dnsdist.org/
Comment        : Highly DNS-, DoS- and abuse-aware loadbalancer
Options        :
	CDB            : on
	DNSTAP         : off
	GNUTLS         : on
	LMDB           : on
	LUA            : on
	LUAJIT         : off
	OPENSSL        : on
	SNMP           : off
Shared Libs required:
	libsodium.so.26
	libre2.so.11
	libquiche.so.0
	libnghttp2.so.14
	liblua-5.4.so
	liblmdb.so.0
	libgnutls.so.30
	libedit.so.0
	libcdb.so.1
------------------------

Are there any currently known bugs that could cause this?

best regards,
Christoph

More information about the Pdns-users mailing list