249701 – bind/named fails to start using tsig keys

Bug 249701 - bind/named fails to start using tsig keys

Summary: bind/named fails to start using tsig keys

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bind
Sub Component:
Version:	7
Hardware:	All
OS:	Linux
Priority:	low
Severity:	urgent
Target Milestone:	---
Assignee:	Adam Tkac
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-07-26 15:12 UTC by Anthony Messina
Modified:	2013-04-30 23:36 UTC (History)
CC List:	1 user (show)
Fixed In Version:	9.4.1-8.P1.fc7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-07-27 05:57:00 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Anthony Messina 2007-07-26 15:12:03 UTC

Description of problem:
bind fails to start with the following error:
view.c:1196: REQUIRE(keyp != ((void *)0) && *keyp == ((void *)0))

Version-Release number of selected component (if applicable):
bind-9.4.1-P1

How reproducible:
Every time

Steps to Reproduce:
1. Try to start bind after having configured tsig keys

Actual results:
bind fails to start

Expected results:
bind should start and initiate a transfer if necessary

Additional info:
Apparently, this is know, but it is critical for anyone who uses keys to
transfer data between master/slave servers.

Here is a link to what I found on this:
http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/99dc9ae77b4e0d49/0b49aaa959a9eada

Comment 1 Adam Tkac 2007-07-26 15:48:59 UTC

Yes, I know about this problem but I think we could wait to 9.4.2 when noone
reports it. Update will be avaliable very soon (also on
http://people.redhat.com/atkac/bind/ )

Adam

Comment 2 Anthony Messina 2007-07-26 15:57:02 UTC

Thanks for the update. When you say "we could wait"...  How long do you
anticipate?  I have a backup server in a remote location that depends on these
updates from the master.  Now that network is non-functional in terms of name
resolution.

If the wait will be more than a day, what are the alternatives that I can
implement for zone transfers in the mean time?  Would switching to IP based
transfers work?

Also, if I needed to rool-my-own from the src rpm, would I need to specify any
modifyers to the rpmbuild command, or could I just patch using the patch
supplied in the above link and do an rpmbuild without modifiers/conditionals to
mimic the default fedora install of bind?

Again, thanks for your help.

Comment 3 Adam Tkac 2007-07-26 16:11:10 UTC

With "we could wait" I though when noone reports this problem that means that
nobody uses TSIGs so I don't have to backport patch :) But now, when report
exists I'm going to release it. Update will be avaliable tomorrow

Adam

Comment 4 Anthony Messina 2007-07-26 16:18:40 UTC

Thanks a lot.  How do people do transfers then?  Am I  using an old method or
something?

Comment 5 Adam Tkac 2007-07-26 16:22:00 UTC

People often think that Internet is security so do transfers without any
protection because they don't want waste time with correct setup :) Your method
is recommended and modern

Comment 6 Anthony Messina 2007-07-26 19:07:44 UTC

thanks.  glad to hear i'm doing something right :) anyway, your .8 release works
 (i rolled my own rpm) so test #1 is good! i appreciate the quick replies.

Comment 7 Fedora Update System 2007-07-27 05:56:46 UTC

bind-9.4.1-8.P1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.