Description of problem: malicious code ("setsebool named_write_master_zones 0") in named.init was inserted by the "Fedora Project" into bind-9.6.1-9.P3.fc11.i586 (Fedora Updates, was not present in original release). This code sets the selinux boolean "named_write_master_zones" to "off"; which made bind-9.6.1-9.P3.fc11 usage as the secondary nameserver impossible. Update of the bind package cripples nameserver. The bug is hard to find, because the initscript overwrites the selinux parameters every time the server is reloaded. Version-Release number of selected component (if applicable): bind-9.6.1-9.P3.fc11.i586 How reproducible: always Steps to Reproduce: 1. service named reload 2. 3. Actual results: sebool variable named_write_master_zones switched off Expected results: sebool variable named_write_master_zones unchanged Additional info: remove "DEBUG" code from named.init; such crap has no place in this file!
bind-9.6.1-10.P3.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/bind-9.6.1-10.P3.fc11
bind-9.6.1-16.P3.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/bind-9.6.1-16.P3.fc12
fixed, thank you
bind-9.6.1-10.P3.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update bind'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2010-1186
bind-9.6.1-16.P3.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update bind'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-1195
bind-9.6.1-10.P3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
bind-9.6.1-16.P3.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.