1259514 – bind testsuite failures

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1259514 - bind testsuite failures

Summary: bind testsuite failures

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	bind
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Tomáš Hozza
QA Contact:	Petr Sklenar
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1295396 1305230
TreeView+	depends on / blocked

Reported:	2015-09-02 20:42 UTC by Petr Sklenar
Modified:	2016-11-04 01:25 UTC (History)
CC List:	2 users (show)
Fixed In Version:	bind-9.9.4-33.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-04 01:25:02 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:2233	0	normal	SHIPPED_LIVE	bind bug fix and enhancement update	2016-11-03 13:27:38 UTC

Description Petr Sklenar 2015-09-02 20:42:26 UTC

Description of problem:
bind testsuite failures.
there are 2 failures with rhel72
and 1 failure with rhel71

Version-Release number of selected component (if applicable):
bind-9.9.4-28.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1.make test
2.
3.

Actual results:
rhel72:
T:dlvauto:1:A
A:System test dlvauto
I:checking dnssec-lookaside "auto"; with views of multiple classes (1)
I:checking that only the DLV key was imported from bind.keys (2)
R:PASS
E:dlvauto:Wed Sep  2 15:47:29 EDT 2015
S:dlz:Wed Sep  2 15:47:29 EDT 2015
T:dlz:1:A
A:System test dlz
I:no response from ns1
R:FAIL
I:ns1 died before a SIGTERM was sent
S:dlzexternal:Wed Sep  2 15:48:28 EDT 2015
T:dlzexternal:1:A
A:System test dlzexternal
prereq.sh: line 21: ./dlopen: No such file or directory
I:dlopen() not supported - skipping dlzexternal test
I:Prerequisites for dlzexternal missing, skipping test.
R:SKIPPED
E:dlzexternal:Wed Sep  2 15:48:29 EDT 2015
S:dname:Wed Sep  2 15:48:29 EDT 2015
--
E:stub:Wed Sep  2 15:56:22 EDT 2015
S:tkey:Wed Sep  2 15:56:22 EDT 2015
T:tkey:1:A
A:System test tkey
I:generating new DH key
I:creating new key using owner name "."
I:request event result: timed out
I:failed
I:exit status: 1
I:ns1 didn't die when sent a SIGTERM
R:FAIL
E:tkey:Wed Sep  2 15:57:53 EDT 2015
S:tsig:Wed Sep  2 15:57:53 EDT 2015
T:tsig:1:A
A:System test tsig
I:fetching using hmac-md5 (old form)
I:fetching using hmac-md5 (new form)
I:fetching using hmac-sha1
I:fetching using hmac-sha224
I:fetching using hmac-sha256
I:fetching using hmac-sha384


Expected results:
no issue

Additional info:
rhel7.1:

T:dlvauto:1:A
A:System test dlvauto
I:checking dnssec-lookaside "auto"; with views of multiple classes (1)
I:checking that only the DLV key was imported from bind.keys (2)
R:PASS
E:dlvauto:Wed Sep  2 16:14:59 EDT 2015
S:dlz:Wed Sep  2 16:14:59 EDT 2015
T:dlz:1:A
A:System test dlz
I:no response from ns1
R:FAIL
I:ns1 died before a SIGTERM was sent
S:dlzexternal:Wed Sep  2 16:15:59 EDT 2015
T:dlzexternal:1:A
A:System test dlzexternal
prereq.sh: line 21: ./dlopen: No such file or directory
I:dlopen() not supported - skipping dlzexternal test
I:Prerequisites for dlzexternal missing, skipping test.
R:SKIPPED
E:dlzexternal:Wed Sep  2 16:15:59 EDT 2015
S:dname:Wed Sep  2 16:15:59 EDT 2015

Comment 3 Tomáš Hozza 2015-09-16 18:03:41 UTC

So I found out what is the problem. The test fails, because communication with bind times out. The reason is that BIND does not have enough entropy for generating the session key using Diffie-Hellman algorithm.

When you run the test and interrupt it, so that BIND keeps running, you can get further information by attaching to it using GDB:

Thread 4 (Thread 0x7fa9a72c6700 (LWP 25295)):
#0  0x00007fa9a82918f3 in select () from /lib64/libc.so.6
#1  0x00007fa9a94496ba in wait_for_sources (ent=0x7fa9ab1ac020) at entropy.c:436
#2  fillpool (ent=ent@entry=0x7fa9ab1ac020, desired=<optimized out>, 
	blocking=blocking@entry=isc_boolean_true) at entropy.c:355
#3  0x00007fa9a944a124 in isc_entropy_getdata (ent=0x7fa9ab1ac020, 
	data=data@entry=0x7fa9ab102020, length=length@entry=16, 
	returned=returned@entry=0x0, flags=<optimized out>) at ../entropy.c:582
#4  0x00007fa9aab69475 in dst__entropy_getdata (buf=buf@entry=0x7fa9ab102020, 
	len=len@entry=16, pseudo=pseudo@entry=isc_boolean_false) at dst_api.c:1900
#5  0x00007fa9aab153fa in process_dhtkey (tctx=<optimized out>, 
	namelist=0x7fa9a72c2920, ring=0x7fa9ab144020, tkeyout=0x7fa9a72c2bb0, 
	tkeyin=0x7fa9a72c2b10, name=0x7fa9a72c2c50, signer=0x7fa9a72c2a70, 
	msg=0x7fa9ab0f2020) at tkey.c:391
#6  dns_tkey_processquery (msg=0x7fa9ab0f2020, tctx=<optimized out>, 
	ring=0x7fa9ab144020) at tkey.c:798
#7  0x00007fa9ab24cf43 in ns_query_start (client=client@entry=0x7fa9a0170c00)
	at query.c:7711
#8  0x00007fa9ab22c921 in client_request (task=<optimized out>, event=<optimized out>)
#9  0x00007fa9a9440b96 in dispatch (manager=0x7fa9ab1a8020) at task.c:1116
#10 run (uap=0x7fa9ab1a8020) at task.c:1286
#11 0x00007fa9a8ff1dc5 in start_thread () from /lib64/libpthread.so.0
#12 0x00007fa9a829a1cd in clone () from /lib64/libc.so.6


If you add the following option into the 'options' section inside bin/tests/system/tkey/ns1/named.conf.in

random-device "/dev/urandom";

the test will pass.


Upstream added the option into the test configuration by commit https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=d58e33bfabfee19a035031dac633d36659738d56

Moving this to 7.3 as it is not a real issue.

Comment 9 errata-xmlrpc 2016-11-04 01:25:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2233.html

Note You need to log in before you can comment on or make changes to this bug.