Bug 1259514 - bind testsuite failures
bind testsuite failures
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: bind (Show other bugs)
7.2
Unspecified Unspecified
low Severity low
: rc
: ---
Assigned To: Tomáš Hozza
Petr Sklenar
: EasyFix
Depends On:
Blocks: 1295396 1305230
  Show dependency treegraph
 
Reported: 2015-09-02 16:42 EDT by Petr Sklenar
Modified: 2016-11-03 21:25 EDT (History)
2 users (show)

See Also:
Fixed In Version: bind-9.9.4-33.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 21:25:02 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Petr Sklenar 2015-09-02 16:42:26 EDT
Description of problem:
bind testsuite failures.
there are 2 failures with rhel72
and 1 failure with rhel71

Version-Release number of selected component (if applicable):
bind-9.9.4-28.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1.make test
2.
3.

Actual results:
rhel72:
T:dlvauto:1:A
A:System test dlvauto
I:checking dnssec-lookaside "auto"; with views of multiple classes (1)
I:checking that only the DLV key was imported from bind.keys (2)
R:PASS
E:dlvauto:Wed Sep  2 15:47:29 EDT 2015
S:dlz:Wed Sep  2 15:47:29 EDT 2015
T:dlz:1:A
A:System test dlz
I:no response from ns1
R:FAIL
I:ns1 died before a SIGTERM was sent
S:dlzexternal:Wed Sep  2 15:48:28 EDT 2015
T:dlzexternal:1:A
A:System test dlzexternal
prereq.sh: line 21: ./dlopen: No such file or directory
I:dlopen() not supported - skipping dlzexternal test
I:Prerequisites for dlzexternal missing, skipping test.
R:SKIPPED
E:dlzexternal:Wed Sep  2 15:48:29 EDT 2015
S:dname:Wed Sep  2 15:48:29 EDT 2015
--
E:stub:Wed Sep  2 15:56:22 EDT 2015
S:tkey:Wed Sep  2 15:56:22 EDT 2015
T:tkey:1:A
A:System test tkey
I:generating new DH key
I:creating new key using owner name "."
I:request event result: timed out
I:failed
I:exit status: 1
I:ns1 didn't die when sent a SIGTERM
R:FAIL
E:tkey:Wed Sep  2 15:57:53 EDT 2015
S:tsig:Wed Sep  2 15:57:53 EDT 2015
T:tsig:1:A
A:System test tsig
I:fetching using hmac-md5 (old form)
I:fetching using hmac-md5 (new form)
I:fetching using hmac-sha1
I:fetching using hmac-sha224
I:fetching using hmac-sha256
I:fetching using hmac-sha384


Expected results:
no issue

Additional info:
rhel7.1:

T:dlvauto:1:A
A:System test dlvauto
I:checking dnssec-lookaside "auto"; with views of multiple classes (1)
I:checking that only the DLV key was imported from bind.keys (2)
R:PASS
E:dlvauto:Wed Sep  2 16:14:59 EDT 2015
S:dlz:Wed Sep  2 16:14:59 EDT 2015
T:dlz:1:A
A:System test dlz
I:no response from ns1
R:FAIL
I:ns1 died before a SIGTERM was sent
S:dlzexternal:Wed Sep  2 16:15:59 EDT 2015
T:dlzexternal:1:A
A:System test dlzexternal
prereq.sh: line 21: ./dlopen: No such file or directory
I:dlopen() not supported - skipping dlzexternal test
I:Prerequisites for dlzexternal missing, skipping test.
R:SKIPPED
E:dlzexternal:Wed Sep  2 16:15:59 EDT 2015
S:dname:Wed Sep  2 16:15:59 EDT 2015
Comment 3 Tomáš Hozza 2015-09-16 14:03:41 EDT
So I found out what is the problem. The test fails, because communication with bind times out. The reason is that BIND does not have enough entropy for generating the session key using Diffie-Hellman algorithm.

When you run the test and interrupt it, so that BIND keeps running, you can get further information by attaching to it using GDB:

Thread 4 (Thread 0x7fa9a72c6700 (LWP 25295)):
#0  0x00007fa9a82918f3 in select () from /lib64/libc.so.6
#1  0x00007fa9a94496ba in wait_for_sources (ent=0x7fa9ab1ac020) at entropy.c:436
#2  fillpool (ent=ent@entry=0x7fa9ab1ac020, desired=<optimized out>, 
	blocking=blocking@entry=isc_boolean_true) at entropy.c:355
#3  0x00007fa9a944a124 in isc_entropy_getdata (ent=0x7fa9ab1ac020, 
	data=data@entry=0x7fa9ab102020, length=length@entry=16, 
	returned=returned@entry=0x0, flags=<optimized out>) at ../entropy.c:582
#4  0x00007fa9aab69475 in dst__entropy_getdata (buf=buf@entry=0x7fa9ab102020, 
	len=len@entry=16, pseudo=pseudo@entry=isc_boolean_false) at dst_api.c:1900
#5  0x00007fa9aab153fa in process_dhtkey (tctx=<optimized out>, 
	namelist=0x7fa9a72c2920, ring=0x7fa9ab144020, tkeyout=0x7fa9a72c2bb0, 
	tkeyin=0x7fa9a72c2b10, name=0x7fa9a72c2c50, signer=0x7fa9a72c2a70, 
	msg=0x7fa9ab0f2020) at tkey.c:391
#6  dns_tkey_processquery (msg=0x7fa9ab0f2020, tctx=<optimized out>, 
	ring=0x7fa9ab144020) at tkey.c:798
#7  0x00007fa9ab24cf43 in ns_query_start (client=client@entry=0x7fa9a0170c00)
	at query.c:7711
#8  0x00007fa9ab22c921 in client_request (task=<optimized out>, event=<optimized out>)
#9  0x00007fa9a9440b96 in dispatch (manager=0x7fa9ab1a8020) at task.c:1116
#10 run (uap=0x7fa9ab1a8020) at task.c:1286
#11 0x00007fa9a8ff1dc5 in start_thread () from /lib64/libpthread.so.0
#12 0x00007fa9a829a1cd in clone () from /lib64/libc.so.6


If you add the following option into the 'options' section inside bin/tests/system/tkey/ns1/named.conf.in

random-device "/dev/urandom";

the test will pass.


Upstream added the option into the test configuration by commit https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=d58e33bfabfee19a035031dac633d36659738d56

Moving this to 7.3 as it is not a real issue.
Comment 9 errata-xmlrpc 2016-11-03 21:25:02 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2233.html

Note You need to log in before you can comment on or make changes to this bug.