Bug 2057493 - Upgrade to bind 9.18.x
Summary: Upgrade to bind 9.18.x
Alias: None
Product: Fedora
Classification: Fedora
Component: bind
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Petr Menšík
QA Contact: Fedora Extras Quality Assurance
URL: https://fedoraproject.org/wiki/Change...
Depends On: 2048235
Blocks: 2109170 2114330
TreeView+ depends on / blocked
Reported: 2022-02-23 14:00 UTC by Petr Menšík
Modified: 2022-08-04 11:11 UTC (History)
9 users (show)

Fixed In Version: bind-9.18.5-1.fc37
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2022-08-04 11:11:34 UTC
Type: Bug

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Fedora Pagure bind-dyndb-ldap pull-request 212 0 None None None 2022-02-23 14:00:54 UTC

Description Petr Menšík 2022-02-23 14:00:55 UTC
Description of problem:

New BIND 9.18.0 is released as a stable version. We would like upgrade it in upcoming releases, because it has new features available. Most important is built-in support for DNS over HTTPS and DNS over TLS support.

Test builds exist on COPR pemensik/bind [1].

However bind-dyndb-ldap is not yet prepared for new version, upgrade would break freeipa package. Ongoing PR is open to support new release [2]. It is not yet tested and proved to work.

Also recently new bug #2048235 appeared in latest 9.16.x release, which crashes new bind under freeipa configuration. That would be the case also for latest release.

This bug is to track progress and placeholder, until upgrade is ready.

Additional info:

1. https://copr.fedorainfracloud.org/coprs/pemensik/bind/
2. https://pagure.io/bind-dyndb-ldap/pull-request/212

Comment 1 Petr Menšík 2022-04-30 09:05:27 UTC
I am considering also renaming the bind package to bind9 with this change. It would allow having bind9 and bind9-next at the same time, both providing bind-utils or bind Provides in respective packages.

Comment 2 pgnet.dev 2022-07-11 11:35:31 UTC


	"Bind 9.17+ support was merged to FreeIPA. We are going to release FreeIPA 4.9.10 and 4.10.0 which will have this support"


	freeipa-4.10.0-1.fc37/stable -> 2022-06-30
	freeipa-4.9.10-1.fc36/stable -> 2022-06-25


	"@pemensik @tjaalton I have released bind-dyndb-ldap-11.10 which supports bind 9.17+."


	CLOSED ERRATA -> 2022-03-22

all appear resolved (?)

what's left, if anything, that's currently blocking the update to 9.18?

Comment 3 Petr Menšík 2022-07-12 14:19:59 UTC
I am preparing a change to be announced to Fedora:

I want to remove no-longer necessary selinux boolean complexity. And I am considering also two changes:

- Adding a /etc/named/options.conf, similar to /etc/bind/named.conf.options in Debian. It would contain the body of options { } tag, making it easier to adding  options from scripts. Very useful for cases when you want just adding forwarders and there is no good way for automated configuration change.

- Changing default working directory from /var to /var/lib/named and /var/cache/named for having a secondary zones. It would make bind follow better FHS used by common applications. Chroot would still work, at the cost of extra two bind-mounts.

Otherwise there is no other blocker.

Comment 4 Fedora Update System 2022-08-03 19:28:07 UTC
FEDORA-2022-2a542348da has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-2a542348da

Comment 5 Fedora Update System 2022-08-04 11:11:34 UTC
FEDORA-2022-2a542348da has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.