Bug 595025 - bind blocks dnssec-conf from installation, but it needs the files
bind blocks dnssec-conf from installation, but it needs the files
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
13
All Linux
low Severity medium
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
:
: 596029 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-22 18:49 EDT by H. Peter Anvin
Modified: 2013-04-30 19:46 EDT (History)
6 users (show)

See Also:
Fixed In Version: bind-9.7.1-1.fc13
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-07 13:54:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description H. Peter Anvin 2010-05-22 18:49:49 EDT
Description of problem:

The bind package blocks dnssec-conf from being upgraded, but at least after an upgrade it contains references for files from dnssec-conf


Version-Release number of selected component (if applicable):
32:bind-9.7.0-9.P1.fc13.i686

How reproducible:
Fully

Steps to Reproduce:
1. Have a system with working bind from Fedora 11
2. Upgrade to Fedora 13
  
Actual results:
/var/named/chroot/etc/named.conf contains:

include "/etc/pki/dnssec-keys//named.dnssec.keys";
include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";

... however, /var/named/chroot/etc/pki/dnssec-keys is empty.

The files needed appear to live in the dnssec-conf package, but:

[root@gw ~]# yum -y install dnssec-conf.noarch
Loaded plugins: refresh-packagekit
Setting up Install Process
Package dnssec-conf-1.22-5.fc13.noarch is obsoleted by 32:bind-9.7.0-9.P1.fc13.i686 which is already installed
Comment 1 Adam Tkac 2010-06-01 08:23:40 EDT
I'm not sure how this issue might have happened, bind package contains a trigger which should handle exactly this situation and remove the lines (no longer needed) from named.conf.

Do you manage your configuration directly in /var/named/chroot/etc directory? Or do you manage it in /etc and let named init script to `mount --bind` needed files to chroot?
Comment 2 Adam Tkac 2010-06-01 08:26:19 EDT
*** Bug 596029 has been marked as a duplicate of this bug. ***
Comment 3 rambler8 2010-06-01 10:51:33 EDT
In my case, /etc/named.conf is a symbolic link to /var/named/chroot/etc/named.conf and the other files and subdirectories in /etc/ that are used by bind are symbolic links to the corresponding locations under /var/named/chroot/etc. I remember creating some of the links myself to work around issues during a previous upgrade, but I think the link from /etc/named.conf is a symbolic link to /var/named/chroot/etc/named.conf was the default during a previous fedora release. Is the preferred method for using the same config files with chroot and without chroot to remove the config files from /var/named/chroot/ and allow them to be automatically mounted from /etc/ and /var/named?
Comment 4 D. Wagner 2010-06-01 13:12:08 EDT
I don't know.  I didn't manage my configuration directly; I was assuming the init scripts would do the mount -bind or whatever for me.  In my case, /etc/named.conf was not a symlink to /var/named/chroot/etc/named.conf, but was a regular file.  I wasn't sure what was the proper/preferred way to set things up.

Since reporting the bug, I've uninstalled bind-chroot and gone back to non-chrooted operation, since I couldn't figure out how to get it working short of manually copying files every time I made a change to them.  So I might not be the most helpful person in continuing to troubleshoot this.  Sorry.

(I think I did try a "yum reinstall bind-chroot" and "yum reinstall bind", to no apparent effect.)
Comment 5 H. Peter Anvin 2010-06-07 20:41:17 EDT
I maintain my configuration explicitly.  Every script that clobbers my configuration file I consider very explicitly a bug.
Comment 6 Eddie Lania 2010-06-18 08:50:59 EDT
Now I face the same problem that after the upgrade from FC12 to FC13 I suddenly have a /etc/named.conf which is different from /var/named/chroot/etc/named.conf.

Can somebody please explain why this change?

What is now the default place for the named.conf?

This is what I have installed:

bind-chroot-9.7.0-10.P2.fc13.i686
bind-9.7.0-10.P2.fc13.i686
bind-utils-9.7.0-10.P2.fc13.i686
bind-libs-9.7.0-10.P2.fc13.i686

Should /etc/named.conf not be symbolic link to /var/named/chroot/etc/named.conf?

This is making it very confusing, please clear it up.

Regards,

Eddie.
Comment 7 Adam Tkac 2010-06-23 06:28:07 EDT
Currently the preferred way is to have all configuration files in non-chroot directories (/etc and /var/named/). All files are then mounted (mount --bind) to proper /var/named/chroot/ locations when you use chroot.

However you are right that update should not break working configuration. Main problem is that we dropped dnssec-conf package from distribution so named.conf must be adjusted a little. Current code in bind package only modifies /etc/named.conf but doesn't modify /var/named/chroot/etc/named.conf. This is a bug which will be solved in the next update.
Comment 8 Jeff Garzik 2010-06-27 15:35:08 EDT
Possibly this bug is related to bug# 608362 ?

Fedora 12 bind upgrades are breaking working bind configurations, due to missing dnssec files.
Comment 9 Adam Tkac 2010-06-28 04:01:09 EDT
(In reply to comment #8)
> Possibly this bug is related to bug# 608362 ?
> 
> Fedora 12 bind upgrades are breaking working bind configurations, due to
> missing dnssec files.    

Although bug #608362 might look same as this one, it is actually different issue, check bug #606478.
Comment 10 Adam Tkac 2010-06-28 08:22:57 EDT
I extended the trigger which handles transition from dnssec-conf, now it looks into both /etc/named.conf and /var/named/chroot/etc/named.conf locations. This improvement should solve this kind of problems.
Comment 11 Fedora Update System 2010-06-28 08:23:59 EDT
bind-9.7.1-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/bind-9.7.1-1.fc13
Comment 12 Fedora Update System 2010-06-28 13:13:08 EDT
bind-9.7.1-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update bind'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/bind-9.7.1-1.fc13
Comment 13 Fedora Update System 2010-07-07 13:54:33 EDT
bind-9.7.1-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.