I think it's a bug in BIND. It happens on both BIND DNS 9.9.x and 9.10.x.
If I set the root-delegation-only without the exclude opntion into named.conf, the named cannot start.
Named.conf example:
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
key "rndc-key" {
algorithm "hmac-md5";
secret "MTIzNDU2";
};
options {
directory "C:\named";
root-delegation-only;
#root-delegation-only exclude { "com"; "net"; };
};
Run named
named.exe -c C:\named\named.conf -g
Named crashes with errors:
23-Jul-2015 18:47:22.280 set up managed keys zone for view _default, file 'managed-keys.bind'
23-Jul-2015 18:47:22.280 ..\parser.c:1167: REQUIRE(obj == ((void *)0) || obj->type->rep == &cfg_rep_list) failed
23-Jul-2015 18:47:22.280 exiting (due to assertion failure)
It works if I add the exclude option:
root-delegation-only exclude { "com"; "net"; };
It is a bug in BIND. It's a known bug, and a fix has been coded already and will be included in the next regularly-scheduled releases of BIND (i.e. BIND 9.9.8 and BIND 9.10.3.)
4112. [bug] Named failed to load when "root-delegation-only"
was used without a list of domains to exclude.
[RT #39380]
Development (beta) releases that will include the change should be available in late August or in September (2015), but since you know the bug number (39380) and change number (4112) you can retrieve a diff from ISC's source repository if you wish. Here's a link to the gitweb interface, or you can use command-line git tools if you prefer.