Bug 1984982

Summary: bind-9.11.4-9.P2.el7.x86_64 doesn't allow same file for multiple zone
Product: Red Hat Enterprise Linux 9 Reporter: Petr Sklenar <psklenar>
Component: bindAssignee: Petr Menšík <pemensik>
Status: CLOSED WONTFIX QA Contact: rhel-cs-infra-services-qe <rhel-cs-infra-services-qe>
Severity: unspecified Docs Contact: Šárka Jana <sjanderk>
Priority: unspecified    
Version: 9.0CC: gfialova, lkuprova, pasik, pemensik
Target Milestone: betaKeywords: Documentation
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
.`named` fails to start if the same writable zone file is used in multiple zones BIND does not allow the same writable zone file in multiple zones. Consequently, if a configuration includes multiple zones which share a path to a file that can be modified by the `named` service, `named` fails to start. To work around this problem, use the `in-view` clause to share one zone between multiple views and make sure to use different paths for different zones. For example, include the view names in the path. Note that writable zone files are typically used in zones with allowed dynamic updates, secondary zones, or zones maintained by DNSSEC.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-22 07:27:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Sklenar 2021-07-22 15:12:46 UTC 
This bug was initially created as a copy of Bug #1744081

I am copying this bug because: 



Description of problem:

bind-9.11.4-9.P2.el7.x86_64 doesn't allow same file for multiple zone

Version-Release number of selected component (if applicable):

bind-9.11.4-9.P2.el7.x86_64 

How reproducible:

Configure named with following configuration

zone "example.com" {

       type slave;
       file slaves/example.db <=======

};

zone "redhat.com" {

   type slave;
   file slave/example.db; <===========

};



Actual results:

/etc/named.conf:xx: writeable file 'slave/example.db': already in use: /etc/named.conf:xx


Expected results:

Bind should start

Additional info:

It's working fine with "bind-9.9.4-74.el7_6.2.x86_64"
Comment 1 Petr Sklenar 2021-07-22 15:14:15 UTC 
/CoreOS/bind/Regression/doesn-t-allow-same-file-for-multiple-zone
shows the same error as old bz described:

Redirecting to /bin/systemctl status named.service
Redirecting to /bin/systemctl start named.service
Job for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xeu named.service" for details.
:: [ 08:50:39 ] :: [  ERROR   ] :: rlServiceStart: Starting service named failed
:: [ 08:50:39 ] :: [  ERROR   ] :: Status of the failed service:
:: [ 08:50:39 ] :: [   LOG    ] ::   Redirecting to /bin/systemctl status named.service
:: [ 08:50:39 ] :: [   LOG    ] ::   × named.service - Berkeley Internet Name Domain (DNS)
:: [ 08:50:39 ] :: [   LOG    ] ::   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
:: [ 08:50:39 ] :: [   LOG    ] ::   Active: failed (Result: exit-code) since Thu 2021-07-22 08:50:39 UTC; 51ms ago
:: [ 08:50:39 ] :: [   LOG    ] ::   Process: 123158 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=1/FAILURE)
:: [ 08:50:39 ] :: [   LOG    ] ::   CPU: 17ms
:: [ 08:50:39 ] :: [   LOG    ] ::   
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com bash[123159]: /etc/named.conf:23: writeable file '/var/named/dynamic/db.master': already in use: /etc/named.conf:14
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com bash[123159]: /etc/named.conf:48: writeable file '/var/named/slaves/db.test': already in use: /etc/named.conf:34
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com systemd[1]: named.service: Failed with result 'exit-code'.
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Comment 2 Petr Menšík 2021-08-03 13:03:33 UTC 
This behaviour is intentional and is considered correct by upstream. Shared files can be used in multiple zones only in case they are read-only. If writing is permitted by bind into it, be it dynamic updates enabled or dnssec zone maintenance, each zone MUST have different file for predictable results.

I think this change should only be documented. It does not differ from latest RHEL 7 or RHEL 8 builds, BIND 9.11.x already has this check built-in. It changed just from RHEL 7.6, where BIND 9.9.4 allowed this configuration. But it were unreliable and broken even in that version, just hidden from being obvious.
Comment 14 RHEL Program Management 2023-01-22 07:27:38 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.