1984982 – bind-9.11.4-9.P2.el7.x86_64 doesn't allow same file for multiple zone

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1984982 - bind-9.11.4-9.P2.el7.x86_64 doesn't allow same file for multiple zone

Summary: bind-9.11.4-9.P2.el7.x86_64 doesn't allow same file for multiple zone

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	bind
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	beta
Target Release:	---
Assignee:	Petr Menšík
QA Contact:	rhel-cs-infra-services-qe
Docs Contact:	Šárka Jana
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-07-22 15:12 UTC by Petr Sklenar
Modified:	2024-01-08 11:44 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Known Issue
Doc Text:	.`named` fails to start if the same writable zone file is used in multiple zones BIND does not allow the same writable zone file in multiple zones. Consequently, if a configuration includes multiple zones which share a path to a file that can be modified by the `named` service, `named` fails to start. To work around this problem, use the `in-view` clause to share one zone between multiple views and make sure to use different paths for different zones. For example, include the view names in the path. Note that writable zone files are typically used in zones with allowed dynamic updates, secondary zones, or zones maintained by DNSSEC.
Clone Of:
Environment:
Last Closed:	2023-01-22 07:27:38 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Petr Sklenar 2021-07-22 15:12:46 UTC

This bug was initially created as a copy of Bug #1744081

I am copying this bug because: 



Description of problem:

bind-9.11.4-9.P2.el7.x86_64 doesn't allow same file for multiple zone

Version-Release number of selected component (if applicable):

bind-9.11.4-9.P2.el7.x86_64 

How reproducible:

Configure named with following configuration

zone "example.com" {

       type slave;
       file slaves/example.db <=======

};

zone "redhat.com" {

   type slave;
   file slave/example.db; <===========

};



Actual results:

/etc/named.conf:xx: writeable file 'slave/example.db': already in use: /etc/named.conf:xx


Expected results:

Bind should start

Additional info:

It's working fine with "bind-9.9.4-74.el7_6.2.x86_64"

Comment 1 Petr Sklenar 2021-07-22 15:14:15 UTC

/CoreOS/bind/Regression/doesn-t-allow-same-file-for-multiple-zone
shows the same error as old bz described:

Redirecting to /bin/systemctl status named.service
Redirecting to /bin/systemctl start named.service
Job for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xeu named.service" for details.
:: [ 08:50:39 ] :: [  ERROR   ] :: rlServiceStart: Starting service named failed
:: [ 08:50:39 ] :: [  ERROR   ] :: Status of the failed service:
:: [ 08:50:39 ] :: [   LOG    ] ::   Redirecting to /bin/systemctl status named.service
:: [ 08:50:39 ] :: [   LOG    ] ::   × named.service - Berkeley Internet Name Domain (DNS)
:: [ 08:50:39 ] :: [   LOG    ] ::   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
:: [ 08:50:39 ] :: [   LOG    ] ::   Active: failed (Result: exit-code) since Thu 2021-07-22 08:50:39 UTC; 51ms ago
:: [ 08:50:39 ] :: [   LOG    ] ::   Process: 123158 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=1/FAILURE)
:: [ 08:50:39 ] :: [   LOG    ] ::   CPU: 17ms
:: [ 08:50:39 ] :: [   LOG    ] ::   
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com bash[123159]: /etc/named.conf:23: writeable file '/var/named/dynamic/db.master': already in use: /etc/named.conf:14
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com bash[123159]: /etc/named.conf:48: writeable file '/var/named/slaves/db.test': already in use: /etc/named.conf:34
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com systemd[1]: named.service: Failed with result 'exit-code'.
:: [ 08:50:39 ] :: [   LOG    ] ::   Jul 22 08:50:39 ip-10-29-163-166.us-east-1.aws.redhat.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).

Comment 2 Petr Menšík 2021-08-03 13:03:33 UTC

This behaviour is intentional and is considered correct by upstream. Shared files can be used in multiple zones only in case they are read-only. If writing is permitted by bind into it, be it dynamic updates enabled or dnssec zone maintenance, each zone MUST have different file for predictable results.

I think this change should only be documented. It does not differ from latest RHEL 7 or RHEL 8 builds, BIND 9.11.x already has this check built-in. It changed just from RHEL 7.6, where BIND 9.9.4 allowed this configuration. But it were unreliable and broken even in that version, just hidden from being obvious.

Comment 14 RHEL Program Management 2023-01-22 07:27:38 UTC

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.

Note You need to log in before you can comment on or make changes to this bug.