search

pi-hole / FTL

The Pi-hole FTL engine
https://pi-hole.net
Other
1.36k stars 194 forks source link

Pihole silently crashes on FTLDNS branch while DNSSEC enabled. Cannot be restarted unless repaired #284

Closed DiJuMx closed 6 years ago

DiJuMx commented 6 years ago

In raising this issue, I confirm the following (please check boxes, eg [X]) Failure to fill the template will close your issue:

How familiar are you with the codebase?:

1

[BUG] Expected Behaviour: Pihole successfully resolves the hostname i.redd.it to 151.101.61.140

[BUG] Actual Behaviour: DNS service silently crashes, and cannot be restored with pihole restartdns or pihole enable. Only pihole -r brings it back up.

[BUG] Steps to reproduce:

  1. (Optional?) Configure unbound on localhost#5353, and point pihole at it
  2. Switch the FTLDNS branch
  3. Enable DNSSEC
  4. nslookup i.redd.it or dig i.redd.it

Log file output

pihole.log

May 13 20:22:35 dnsmasq[3459]: 112 192.168.2.10/44334 query[A] i.redd.it from 192.168.2.10
May 13 20:22:35 dnsmasq[3459]: 112 192.168.2.10/44334 forwarded i.redd.it to 127.0.0.1
May 13 20:22:35 dnsmasq[3459]: * 192.168.2.10/44334 dnssec-query[DS] it to 127.0.0.1
May 13 20:22:35 dnsmasq[3459]: 113 192.168.2.10/44334 query[AAAA] i.redd.it from 192.168.2.10
May 13 20:22:35 dnsmasq[3459]: 113 192.168.2.10/44334 forwarded i.redd.it to 127.0.0.1
May 13 20:22:35 dnsmasq[3459]: * 192.168.2.10/44334 reply it is DS keytag 41901, algo 10, digest 2
May 13 20:22:35 dnsmasq[3459]: * 192.168.2.10/44334 dnssec-query[DS] redd.it to 127.0.0.1
May 13 20:22:35 dnsmasq[3459]: * 192.168.2.10/44334 dnssec-query[DS] redd.it to 127.0.0.1
May 13 20:22:35 dnsmasq[3459]: * 192.168.2.10/44334 dnssec-query[DNSKEY] it to 127.0.0.1
May 13 20:22:35 dnsmasq[3459]: * 192.168.2.10/44334 dnssec-query[DNSKEY] it to 127.0.0.1

syslog

May 13 20:22:35 regulus systemd[1]: Stopping User Manager for UID 999...
May 13 20:22:35 regulus systemd[3441]: Stopped target Default.
May 13 20:22:35 regulus systemd[3441]: Stopped target Basic System.
May 13 20:22:35 regulus systemd[3441]: Stopped target Paths.
May 13 20:22:35 regulus systemd[3441]: Stopped target Sockets.
May 13 20:22:35 regulus systemd[3441]: Closed GnuPG cryptographic agent and passphrase cache.
May 13 20:22:35 regulus systemd[3441]: Closed GnuPG network certificate management daemon.
May 13 20:22:35 regulus systemd[3441]: Closed GnuPG cryptographic agent and passphrase cache (restricted).
May 13 20:22:35 regulus systemd[3441]: Closed GnuPG cryptographic agent (ssh-agent emulation).
May 13 20:22:35 regulus systemd[3441]: Closed D-Bus User Message Bus Socket.
May 13 20:22:35 regulus systemd[3441]: Stopped target Timers.
May 13 20:22:35 regulus systemd[3441]: Closed GnuPG cryptographic agent and passphrase cache (access for web browsers).
May 13 20:22:35 regulus systemd[3441]: Reached target Shutdown.
May 13 20:22:35 regulus systemd[3441]: Starting Exit the Session...
May 13 20:22:35 regulus systemd[3441]: Received SIGRTMIN+24 from PID 3508 (kill).
May 13 20:22:35 regulus systemd[1]: Stopped User Manager for UID 999.
May 13 20:22:35 regulus systemd[1]: Removed slice User Slice of pihole.

Device specifics

Hardware Type: Raspberry Pi 1 Model B Rev 1 OS: Raspbian Stretch

This template was created based on the work of udemy-dl.

DiJuMx commented 6 years ago

Forgot the debug token: mgnw0mh1za

PromoFaux commented 6 years ago

Hardware Type: Raspberry Pi 1 Model B Rev 1

I think this is already known about on ARM6 devices. Was tinkering about with it myself last night on a zero and experienced the same crash on the same domain.

Could you try the following command and see if you're able to reproduce?

pihole checkout ftl fix/dnssec-crash

Cheers

Edit: I might have crossed wires here... May not be the solution you're looking for. Might be best to wait for @DL6ER or @Mcat12 to chime in

DL6ER commented 6 years ago

Please run FTL in debugging mode as described here: https://docs.pi-hole.net/ftldns/debugging/

DiJuMx commented 6 years ago

gdb gives this on crash:

Thread 1 "pihole-FTL" received signal SIGILL, Illegal instruction.
_nettle_sha512_compress () at sha512-compress.s:124
124     sha512-compress.s: No such file or directory.

backtrace:

#0  _nettle_sha512_compress () at sha512-compress.s:124
#1  0x00557440 in nettle_sha512_update (ctx=0x2949d98, length=264, data=0x18bdd80 "\001") at sha512.c:150
#2  0x00000000 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Running on fix/dnssec-crash does not crash.

DL6ER commented 6 years ago

Okay, thanks. This fix is already included and should be available in all future FTLDNS builds