Bug 529947

Summary: Post Update does the wrong thing with named.conf file
Product: [Fedora] Fedora Reporter: John 'Warthog9' Hawley <warthog9>
Component: bindAssignee: Adam Tkac <atkac>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 11CC: atkac, ovasik, pwouters
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-30 11:53:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John 'Warthog9' Hawley 2009-10-20 20:32:06 UTC 
Description of problem:

The post-update (or one of the scripts) in the bind series of rpms makes an adjustment to the named.conf configuration file to add dnssec information.  It however does it wrong when you have a complex named.conf file, specifically if you have something akin to the following:

options {
        directory "/etc/named.d";

listen-on port 53 { 140.211.167.34; 127.0.0.1; !any; };

        statistics-file "/var/log/named.stats";
        zone-statistics yes;

        allow-recursion {
                127.0.0.0/8;            # localhost
                1.0.3.0/27;             # subnet 1
                1.2.3.0/26;             # subnet 2
                1.3.4.0/27;             # subnet 3
                1.4.5.0/24;             # subnet 4
                1.5.6.0/28;             # subnet 5
                1.6.7.0/24;             # subnet 6
        };

};

Which is a perfectly valid, and sane thing to do, it mashes it into:


options {
        directory "/etc/named.d";

listen-on port 53 { 140.211.167.34; 127.0.0.1; !any; };

        statistics-file "/var/log/named.stats";
        zone-statistics yes;

        allow-recursion {
                127.0.0.0/8;            # localhost
                1.0.3.0/27;             # subnet 1
                1.2.3.0/26;             # subnet 2
                1.3.4.0/27;             # subnet 3
                1.4.5.0/24;             # subnet 4
                1.5.6.0/28;             # subnet 5
                1.6.7.0/24;             # subnet 6
	dnssec-enable yes;
	dnssec-validation yes;
	dnssec-lookaside . trust-anchor dlv.isc.org.;
};
};

Which, as you can imagine, causes no end of brokenness

Version-Release number of selected component (if applicable):


How reproducible:

Always


Steps to Reproduce:
1. Take above configuration from an older system, and upgrade
2. ???
3. Squashed named
  
Actual results:

Would expect it to place the new information *AFTER* the block and not in the middle of it

This was not present in F10, is present in F11
Comment 1 Adam Tkac 2009-10-30 11:53:16 UTC 

*** This bug has been marked as a duplicate of bug 505754 ***