Bug 1819826

Summary: Backport upstream bind9 version > 9.13 to RHEL/CentOS 8
Product: Red Hat Enterprise Linux 8 Reporter: Jim Garrison <jhg>
Component: bindAssignee: Petr Menšík <pemensik>
Status: CLOSED WONTFIX QA Contact: qe-baseos-daemons
Severity: low Docs Contact:
Priority: unspecified    
Version: CentOS Stream   
Target Milestone: rc   
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-07 09:05:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jim Garrison 2020-04-01 16:31:21 UTC 
This is a request to backport a more recent upstream version of bind9 to RHEL8 so it can be picked up by CentOS 8.  There's an existing Bug 1756201 for RHEL7.

Description of problem:

Excess "resolver priming query complete" messages logged in bind version < 13.


Version-Release number of selected component (if applicable):

bind-9.11.4-26.P2.el8.x86_64

How reproducible:

100%


Steps to Reproduce:
1. Have bind running
2.
3.

Actual results:

Lots and lots of "resolver priming query complete" messages logged

Expected results:

Priming occurring once at startup


Additional info:

https://kb.isc.org/docs/aa-01537
Comment 1 Petr Menšík 2020-04-07 09:05:22 UTC 
Priming queries would be already fixed by rebase to 8.11.13, bug #1704328.

That is the reason why mentioned bug is not cloned to RHEL8. CentOS 8 would be fixed next release.

There is simple way to fix priming queries now. Turn off minimal-responses in forwarder, which your server is using. A lot of priming queries logged happens in case priming does not deliver root ns addresses, only their names. Just check

$ dig @${FORWARDER_IP} +norec ns .

If it does not contain ADDITIONAL SECTION, that would be reason for priming queries. If you can enable it in responses, please do so. More recent bind 9.11 releases would not longer ask forwarder, but only root servers. It is required just when forward first; is used in options (which is default). It can be disabled also by setting forward only; which would not query root servers at all, just forwarders. It then does not require root servers priming.

Another way is to cache explicitly root server addresses.

# run once per day or after named restart
for H in a b c d e f g h i j k l
do
  dig @localhost +short -t A -q $H.root-servers.net
  dig @localhost +short -t AAAA -q $H.root-servers.net
done


Anyway, more recent version might break existing installations. We would not rebase to new major version just because priming query issues. That would be fixed by minor version rebase. If missing feature is important to you, please specify it more precisely.
Comment 2 Jim Garrison 2020-04-15 00:48:10 UTC 
Just FYI, the command

    $ dig @${FORWARDER_IP} +norec ns .

DOES include an ADDITIONAL SECTION listing all the root servers (a..m).

And, the solution you provided doesn't really work.  I still get lots of 
"Resolver priming query complete" messages cluttering up the log on a 
regular basis. 

I understand this is benign and not enough to rebase.  

Does that mean this won't be fixed until RHEL 9?
Comment 3 Petr Menšík 2020-04-24 09:00:04 UTC 
It should be fixed by minor 9.11.x rebase, which would be available in a few weeks with RHEL 8.2 release. More apropriate close reason would be maybe CURRENTRELEASE for this reason.

It was changed in RHEL 7 bug #1756201, by directing priming queries to root servers directly, instead of forwarders. The same fix would be in rebased version in 8.2. Please wait a while until it is out and try the fix. If it would not fix your issue, please request needinfo to me. I expect it to be fixed by it.