Bug 1259514

Summary: bind testsuite failures
Product: Red Hat Enterprise Linux 7 Reporter: Petr Sklenar <psklenar>
Component: bindAssignee: Tomáš Hozza <thozza>
Status: CLOSED ERRATA QA Contact: Petr Sklenar <psklenar>
Severity: low Docs Contact:
Priority: low    
Version: 7.2CC: jscotka, ovasik
Target Milestone: rcKeywords: EasyFix
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: bind-9.9.4-33.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 01:25:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1295396, 1305230    

Description Petr Sklenar 2015-09-02 20:42:26 UTC 
Description of problem:
bind testsuite failures.
there are 2 failures with rhel72
and 1 failure with rhel71

Version-Release number of selected component (if applicable):
bind-9.9.4-28.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1.make test
2.
3.

Actual results:
rhel72:
T:dlvauto:1:A
A:System test dlvauto
I:checking dnssec-lookaside "auto"; with views of multiple classes (1)
I:checking that only the DLV key was imported from bind.keys (2)
R:PASS
E:dlvauto:Wed Sep  2 15:47:29 EDT 2015
S:dlz:Wed Sep  2 15:47:29 EDT 2015
T:dlz:1:A
A:System test dlz
I:no response from ns1
R:FAIL
I:ns1 died before a SIGTERM was sent
S:dlzexternal:Wed Sep  2 15:48:28 EDT 2015
T:dlzexternal:1:A
A:System test dlzexternal
prereq.sh: line 21: ./dlopen: No such file or directory
I:dlopen() not supported - skipping dlzexternal test
I:Prerequisites for dlzexternal missing, skipping test.
R:SKIPPED
E:dlzexternal:Wed Sep  2 15:48:29 EDT 2015
S:dname:Wed Sep  2 15:48:29 EDT 2015
--
E:stub:Wed Sep  2 15:56:22 EDT 2015
S:tkey:Wed Sep  2 15:56:22 EDT 2015
T:tkey:1:A
A:System test tkey
I:generating new DH key
I:creating new key using owner name "."
I:request event result: timed out
I:failed
I:exit status: 1
I:ns1 didn't die when sent a SIGTERM
R:FAIL
E:tkey:Wed Sep  2 15:57:53 EDT 2015
S:tsig:Wed Sep  2 15:57:53 EDT 2015
T:tsig:1:A
A:System test tsig
I:fetching using hmac-md5 (old form)
I:fetching using hmac-md5 (new form)
I:fetching using hmac-sha1
I:fetching using hmac-sha224
I:fetching using hmac-sha256
I:fetching using hmac-sha384


Expected results:
no issue

Additional info:
rhel7.1:

T:dlvauto:1:A
A:System test dlvauto
I:checking dnssec-lookaside "auto"; with views of multiple classes (1)
I:checking that only the DLV key was imported from bind.keys (2)
R:PASS
E:dlvauto:Wed Sep  2 16:14:59 EDT 2015
S:dlz:Wed Sep  2 16:14:59 EDT 2015
T:dlz:1:A
A:System test dlz
I:no response from ns1
R:FAIL
I:ns1 died before a SIGTERM was sent
S:dlzexternal:Wed Sep  2 16:15:59 EDT 2015
T:dlzexternal:1:A
A:System test dlzexternal
prereq.sh: line 21: ./dlopen: No such file or directory
I:dlopen() not supported - skipping dlzexternal test
I:Prerequisites for dlzexternal missing, skipping test.
R:SKIPPED
E:dlzexternal:Wed Sep  2 16:15:59 EDT 2015
S:dname:Wed Sep  2 16:15:59 EDT 2015
Comment 3 Tomáš Hozza 2015-09-16 18:03:41 UTC 
So I found out what is the problem. The test fails, because communication with bind times out. The reason is that BIND does not have enough entropy for generating the session key using Diffie-Hellman algorithm.

When you run the test and interrupt it, so that BIND keeps running, you can get further information by attaching to it using GDB:

Thread 4 (Thread 0x7fa9a72c6700 (LWP 25295)):
#0  0x00007fa9a82918f3 in select () from /lib64/libc.so.6
#1  0x00007fa9a94496ba in wait_for_sources (ent=0x7fa9ab1ac020) at entropy.c:436
#2  fillpool (ent=ent@entry=0x7fa9ab1ac020, desired=<optimized out>, 
	blocking=blocking@entry=isc_boolean_true) at entropy.c:355
#3  0x00007fa9a944a124 in isc_entropy_getdata (ent=0x7fa9ab1ac020, 
	data=data@entry=0x7fa9ab102020, length=length@entry=16, 
	returned=returned@entry=0x0, flags=<optimized out>) at ../entropy.c:582
#4  0x00007fa9aab69475 in dst__entropy_getdata (buf=buf@entry=0x7fa9ab102020, 
	len=len@entry=16, pseudo=pseudo@entry=isc_boolean_false) at dst_api.c:1900
#5  0x00007fa9aab153fa in process_dhtkey (tctx=<optimized out>, 
	namelist=0x7fa9a72c2920, ring=0x7fa9ab144020, tkeyout=0x7fa9a72c2bb0, 
	tkeyin=0x7fa9a72c2b10, name=0x7fa9a72c2c50, signer=0x7fa9a72c2a70, 
	msg=0x7fa9ab0f2020) at tkey.c:391
#6  dns_tkey_processquery (msg=0x7fa9ab0f2020, tctx=<optimized out>, 
	ring=0x7fa9ab144020) at tkey.c:798
#7  0x00007fa9ab24cf43 in ns_query_start (client=client@entry=0x7fa9a0170c00)
	at query.c:7711
#8  0x00007fa9ab22c921 in client_request (task=<optimized out>, event=<optimized out>)
#9  0x00007fa9a9440b96 in dispatch (manager=0x7fa9ab1a8020) at task.c:1116
#10 run (uap=0x7fa9ab1a8020) at task.c:1286
#11 0x00007fa9a8ff1dc5 in start_thread () from /lib64/libpthread.so.0
#12 0x00007fa9a829a1cd in clone () from /lib64/libc.so.6


If you add the following option into the 'options' section inside bin/tests/system/tkey/ns1/named.conf.in

random-device "/dev/urandom";

the test will pass.


Upstream added the option into the test configuration by commit https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=d58e33bfabfee19a035031dac633d36659738d56

Moving this to 7.3 as it is not a real issue.
Comment 9 errata-xmlrpc 2016-11-04 01:25:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2233.html