Bug 450995 - regression: allow-update now crashes bind
regression: allow-update now crashes bind
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-06-12 02:24 EDT by Jeff Garzik
Modified: 2013-07-02 22:35 EDT (History)
3 users (show)

See Also:
Fixed In Version: 9.5.0-33.P1.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-07-09 17:45:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jeff Garzik 2008-06-12 02:24:38 EDT
Description of problem:
Fedora 8 original 'bind' works 100% with the following configuration line:

     allow-update { netop_admins; key gtf.org.; };

however recent Fedora updates caused a major regression, whereby named refuses
to run, giving the following error:
     mem.c:918: INSIST(ctx->stats[i].gets == 0U) failed.

Upgrading to Fedora 9, the same regression is present.

Removing the "key gtf.org.;" statement, or commenting out the entire
allow-update statement, fixes the problem and permits named to run.


This caused all my DNS servers to fail, when Fedora 8 automatic package updates
were applied, upgrading my bind server in Fedora 8 to bind-9.5.0-27.rc1.fc8.  As
noted, upgrading the systems to Fedora 9 did not help, the bug is present there too.

At the moment, my users are denied the ability to update their domains' in DNS
because of this problem.

Version-Release number of selected component (if applicable):
     and also

How reproducible:

Steps to Reproduce:
1. create TSIG MD5 keys with version of bind previous to 9.5.0.
2. verify that all allow-update statements work as expected
3. upgrade to current bind
4. watch bind refuse to run
Actual results:
bind crashes

Expected results:
bind accepts "key gtf.org.;" statement, just like it did in earlier versions.

Additional info:
Full BIND config and zones available upon PRIVATE request.  I cannot give out
that data in bugzilla.
Comment 1 Adam Tkac 2008-06-12 06:11:23 EDT
Would it be possible attach named.conf, please? (or send it to me) Zones are not
needed. I'm not able reproduce your problem on my machine. Thanks
Comment 2 Fedora Update System 2008-07-08 18:55:09 EDT
bind-9.5.0-33.P1.fc9 has been submitted as an update for Fedora 9
Comment 3 Fedora Update System 2008-07-09 17:45:15 EDT
bind-9.5.0-33.P1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.