202012 – rndc.conf change breaks working bind config

Bug 202012 - rndc.conf change breaks working bind config

Summary: rndc.conf change breaks working bind config

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	bind
Sub Component:
Version:	3.8
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Martin Stransky
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	208237 (view as bug list)
Depends On:
Blocks:	203070
TreeView+	depends on / blocked

Reported:	2006-08-10 11:58 UTC by Tom G. Christensen
Modified:	2007-11-17 01:14 UTC (History)
CC List:	1 user (show)
Fixed In Version:	RHSA-2007-0044
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-02-06 18:46:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
proposed patch (1.74 KB, patch) 2006-08-18 10:05 UTC, Martin Stransky	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0044	0	normal	SHIPPED_LIVE	Moderate: bind security update	2007-02-06 18:46:19 UTC

Description Tom G. Christensen 2006-08-10 11:58:59 UTC

Description of problem:
A custom named.conf contains include "/etc/rndc.key"
rndc.conf prior to the U8 update also contained include "/etc/rndc.key"
The U8 update changes rndc.conf to include a hardcoded key statement instead of
/etc/rndc.key.
This results in rndc nolonger being able to authenticate itself to named.

Version-Release number of selected component (if applicable):
9.2.4-14_EL3

How reproducible:
Consistently

Steps to Reproduce:
1. Existing named.conf must contain include "/etc/rndc.key"
2. Existing /etc/rndc.conf must be unmodified (so it will be updated during the
upgrade)
3. Upgrade from 9.2.4-7_EL3 to 9.2.4-14_EL3
4. service named status
  
Actual results:
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of 
the command protocol, this host is not authorized to connect,
or the key is invalid.

Expected results:
rndc status output

Additional info:
Checking a clean install of bind-9.2.4_14_EL3 on a pristine machine that's never
seen bind before also produces a non-working config. That is one where the
default named.conf includes /etc/rndc.key but /etc/rndc.conf hardcodes a
different key.

Comment 1 Martin Stransky 2006-08-10 12:10:30 UTC

Thanks for the report.

Comment 2 Tuomo Soini 2006-08-16 07:19:19 UTC

from bind.spec file:

#%patch1 -p1 -b .key
# This patch now in 'bind-9.2.4-5.backport.patch'

This might be true but there is no bind-9.2.4-5.backport.patch in spec.

There is: Patch9: bind-9.2.4-5_backport.patch

which doesn't include necessary bits for rndc.conf patching.

Enabling Patch1 again fixes this problem.

Comment 3 Tuomo Soini 2006-08-16 07:22:53 UTC

Oh. and this same bug affects rhel-4U4 users.

Comment 4 Martin Stransky 2006-08-18 10:05:19 UTC

Created attachment 134430 [details]
proposed patch

bind-9.2.1-key.patch really fixes this problem, unfortunately it isn't included

in 4.4

Comment 5 Martin Stransky 2006-10-04 12:39:22 UTC

*** Bug 208237 has been marked as a duplicate of this bug. ***

Comment 8 Red Hat Bugzilla 2007-02-06 18:46:39 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0044.html

Note You need to log in before you can comment on or make changes to this bug.