Bug 1997504

Summary: masterfile-format map incompatible after 9.16.20 release
Product: [Fedora] Fedora Reporter: Petr Menšík <pemensik>
Component: bindAssignee: Petr Menšík <pemensik>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: aegorenk, anon.amish, dns-sig, mruprich, msehnout, pavel, pemensik, vonsch, zdohnal
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: bind-9.16.20-3.fc34 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-08-30 20:41:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1995289    
Bug Blocks:    

Description Petr Menšík 2021-08-25 12:17:24 UTC 
Description of problem:
After release of 9.16.20, some internal changes were made to BIND structures, which made masterfile-format map incompatible with previous versions.

I attached bind-9.16-nodelock-count.patch to revert responsible change, making it compatible again. But that means memory requirements in some uses are higher than necessary and different from upstream version.

Version-Release number of selected component (if applicable):
bind-9.16.20-2.fc36

ISC written KB article [1] describing possible solutions. map format is not recommended for primary zones, raw is recommended for faster loading instead. On secondary zones, changed format would require new fetch of whole zone again. Increasing traffic of the server just for a while.

After this bug fix, size of structures would return to those in 9.16.20 release. And instead version of map files would be increased, so named can refuse them correctly without a crash. If using map format for primary zone, use named-compilezone -f map -F raw to load map file BEFORE the upgrade, convert it into raw temporary file. AFTER upgrade, use named-compilezone -f raw -F map to convert it back to map format, this time with higher version.

No action is required on slave zones, just expect them to refetch affected zones after upgrade.

This bug works just for pointers to upstream issues and documents.

1. https://kb.isc.org/docs/map-zone-format-incompatibility-in-bind-9-16-20-and-9-17-17
2. https://downloads.isc.org/isc/bind9/9.16.20/patches/bind-9.16.20-map-format-fix.patch
Comment 1 Petr Menšík 2021-08-25 13:20:32 UTC 
Example of supported format file:

named-checkzone -f map root-servers.net /var/named/slaves/db.root-servers.net 
zone root-servers.net/IN: loaded serial 2021081700
OK

Example of invalid format file:
named-checkzone -f map root-servers.net /var/named/slaves/db.root-servers.net 
zone root-servers.net/IN: loading from master file /var/named/slaves/db.root-servers.net failed: invalid file
zone root-servers.net/IN: not loaded due to errors.

In case this happens and zone would not be fetched manually, bind would have to be downgraded:

dnf downgrade bind

for each map file, create a copy in different format. text format is the most portable.

ORIGIN=root-servers.net
# adjust whatever file naming you use
named-compilezone -f map -F text -o db.$ORIGIN.txt $ORIGIN db.$ORIGIN

dnf upgrade bind

for each txt file, convert it back to new map version

ORIGIN=root-servers.net
# adjust whatever file naming you use
named-compilezone -f text -F map -o db.$ORIGIN $ORIGIN db.$ORIGIN.txt

rndc reload
Comment 2 Fedora Update System 2021-08-25 17:59:42 UTC 
FEDORA-2021-e67471c3d8 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-e67471c3d8
Comment 3 Fedora Update System 2021-08-25 18:00:20 UTC 
FEDORA-2021-9556804a32 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-9556804a32
Comment 4 Fedora Update System 2021-08-25 20:42:32 UTC 
FEDORA-2021-e67471c3d8 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-e67471c3d8`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-e67471c3d8

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2021-08-26 19:49:29 UTC 
FEDORA-2021-9556804a32 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-9556804a32`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9556804a32

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2021-08-30 20:41:42 UTC 
FEDORA-2021-e67471c3d8 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.