|
Symptoms and Cause:
After upgrading, DNS resolution issues may lead to service outages. This problem is caused by a bug that crashes the dnsproxy service when secondary DNS entries are added, impacting FortiGuard connectivity and license validation.
Crash Log Example:
2024-08-09 00:03:50 dnsproxy crashed 243701 times. Latest crash:
2024-08-09 00:03:51 (Bad system call) signal 31
Register dump:
RAX: 0000000000000035 RBX: 0000000000000000
RCX: 00007faf10d4541a RDX: 0000000000000000
...
Backtrace:
[0x000fb41a] => /usr/lib/x86_64-linux-gnu/libc.so.6 (socketpair)
[0x009042b6] => /bin/dnsproxy => dnszone_refresh_timer_fn at dns_db.c:1696
[0x01a61092] => /bin/dnsproxy => check_expiration at timer.c:206
...
Logs show multiple crashes with signal 31 (Bad system call), indicating a failure in the dnsproxy service.
Potential solutions to address this issue:
- Emergency Workaround:
Delete all DNS database entries to stop the crashes and restore normal operation.
For example:
config system dns-database
delete "exampledomain1.com"
delete "exampledomain2.com"
end
- Downgrade to a stable version, such as FortiOS 7.4.x or 7.2.x.
- Install FortiOS 7.6.1 interim build (3421) with the bug fix.
- Wait for the General Availability (GA) release of FortiOS 7.6.1 for a permanent solution.
Conclusion:
The temporary solution involves deleting DNS entries, while a permanent fix requires either downgrading or waiting for the GA release of FortiOS 7.6.1.
|
