Description of problem: bind hangs after reload/GSSAPI Error: The referenced context has expired (Success) After a while (about once in a week) the bind daemon is in the state hang/zombie. The bind daemon seems to be present and accept requests from the clients, but is not answering any dns requests. Only killing the process with kill -9 can stop the daemon. After starting bind again, it works fine, until the problem occurs again. Version-Release number of selected component (if applicable): bind-9.9.4-14.el7.x86_64 How reproducible: Everytime Logrotates runs. Steps to Reproduce: 1. Configure IPA server with DNS 2. Wait till logrotate starts rotating. Additional info: It is related to https://fedorahosted.org/bind-dyndb-ldap/ticket/131
Thank you for your report. I already discussed this issue with Petr Spacek and it should be pretty easy to fix it. It is an error in the dyndb patch adding API for bind-dyndb-ldap. I'll talk to QA guys and try to get it into 7.1.
This problem is caused by two separate bugs: This one and bind-dyndb-ldap bug #131. bind-dyndb-ldap was already fixed upstream so the fix will be pulled in as part of bind-dyndb-ldap rebase. We need to fix both bugs to completely solve the issue.
Created attachment 938587 [details] SRPM with bind-dyndb-ldap plugin for testing of this bug Build and install this bind-dyndb-ldap plugin package to trigger this bug in BIND DYNDB API. scratch build can be found here: https://brewweb.devel.redhat.com/taskinfo?taskID=7982364
(In reply to Tomas Hozza from comment #4) > Created attachment 938587 [details] > SRPM with bind-dyndb-ldap plugin for testing of this bug > > Build and install this bind-dyndb-ldap plugin package to trigger this bug in > BIND DYNDB API. > > scratch build can be found here: > https://brewweb.devel.redhat.com/taskinfo?taskID=7982364 To rebuild just run: $ brew build --scratch <target> <path_to_SRPM> <target> for 7.1 is "rhel-7.1-candidate"
Created attachment 938588 [details] Patch for the issue. Thanks to Petr Spacek!
Steps to reproduce for QA: 1. install bind 2. build the attachment 938587 [details] for your architecture 3. install the bind-dyndb-ldap package built from attachment 938587 [details] 4. Add the following section to /etc/named.conf: dynamic-db "my_db_name" { library "ldap.so"; arg "uri ldap://ldap.example.com"; arg "base cn=dns, dc=example, dc=com"; arg "auth_method none"; }; 5. run 'named -u named -fg' as root 6. named will start 7. run 'rndc reload' from another console and watch the error on output: [root@localhost ~]# rndc reload rndc: 'reload' failed: out of memory 8. press CTRL+C in the terminal you've started named or run 'rndc halt' Actual result in 8.: Named will freeze and the only way to stop it is to kill -9 it. Expected result in 8. (and with attached patch): Named will exit just normally.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0357.html