Bug 1753259
| Summary: | Regression: BIND 9.11 listens on [::]:53 even it isn't configured to do so | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Robert Scheck <redhat-bugzilla> | ||||
| Component: | bind | Assignee: | Petr Menšík <pemensik> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Petr Sklenar <psklenar> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 7.7 | CC: | amarecek, cww, fkrska, ovasik, psklenar, robert.scheck, thozza | ||||
| Target Milestone: | rc | Keywords: | Regression | ||||
| Target Release: | 7.8 | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | bind-9.11.4-15.P2.el7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2020-03-31 19:45:51 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Cross-filed ticket 02474954 at the Red Hat customer portal. As a workaround, it is always possible to specify in options:
listen-on-v6 { none; };
It it was intended to be turned off by default. Default action when listen-on-v6 is missing at all should have been not to listen on RHEL 7.
Needs change in bin/named/config.c from any to none.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1061 |
Created attachment 1616227 [details] /etc/named.conf Description of problem: BIND 9.9 from RHEL 7.6 behaves like this: [root@tux ~]# rpm -q bind bind-9.9.4-72.el7.x86_64 [root@tux ~]# [root@tux ~]# ss -lpn | grep :53 udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",pid=1323,fd=513),("named",pid=1323,fd=512)) tcp LISTEN 0 10 127.0.0.1:53 *:* users:(("named",pid=1323,fd=21)) [root@tux ~]# When now using the exactly same configuration file, BIND 9.11 from RHEL 7.7 behaves like this: [root@tux ~]# rpm -q bind bind-9.11.4-9.P2.el7.x86_64 [root@tux ~]# [root@tux ~]# ss -lpn | grep :53 udp UNCONN 0 0 127.0.0.1:53 *:* users:(("named",pid=1444,fd=513)) udp UNCONN 0 0 :::53 :::* users:(("named",pid=1444,fd=512)) tcp LISTEN 0 10 127.0.0.1:53 *:* users:(("named",pid=1444,fd=22)) tcp LISTEN 0 10 :::53 :::* users:(("named",pid=1444,fd=21)) [root@tux ~]# While I'm tempted to not call this a "regression" explicitly, because the world needs to use more IPv6 for sure, it still is a undocumented change that must be at least documented in the RHEL 7.7 release notes. Version-Release number of selected component (if applicable): bind-9.11.4-9.P2.el7.x86_64 How reproducible: Always, see above and below. Steps to Reproduce: 1. Install bind-9.9.4-72.el7.x86_64 2. Use attached configuration file for /etc/named.conf 3. systemctl start named 4. "ss -lpn | grep :53" outputs listening on 127.0.0.1:53 5. Update to bind-9.11.4-9.P2.el7.x86_64 6. Ensure /etc/named.conf configuration file remained unchanged 7. systemctl stop named; systemctl start named 8. "ss -lpn | grep :53" outputs listening on 127.0.0.1:53 AND [::]:53 Actual results: BIND 9.11 listens on [::]:53 even it isn't configured to do so. Expected results: a) Document this new behaviour in the RHEL 7.7 release notes, or alternatively b) Treat this new behaviour as regression and restore the old behaviour Additional info: While it seems a trivial issue, any unintended new listening on [::]:53 might break other daemons like in our use-case where Samba-AD/DC was listening on [::1]:53 which no longer worked because the port was consumed by BIND now.