Red Hat Bugzilla – Bug 595025
bind blocks dnssec-conf from installation, but it needs the files
Last modified: 2013-04-30 19:46:27 EDT
Description of problem:
The bind package blocks dnssec-conf from being upgraded, but at least after an upgrade it contains references for files from dnssec-conf
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Have a system with working bind from Fedora 11
2. Upgrade to Fedora 13
... however, /var/named/chroot/etc/pki/dnssec-keys is empty.
The files needed appear to live in the dnssec-conf package, but:
[root@gw ~]# yum -y install dnssec-conf.noarch
Loaded plugins: refresh-packagekit
Setting up Install Process
Package dnssec-conf-1.22-5.fc13.noarch is obsoleted by 32:bind-9.7.0-9.P1.fc13.i686 which is already installed
I'm not sure how this issue might have happened, bind package contains a trigger which should handle exactly this situation and remove the lines (no longer needed) from named.conf.
Do you manage your configuration directly in /var/named/chroot/etc directory? Or do you manage it in /etc and let named init script to `mount --bind` needed files to chroot?
*** Bug 596029 has been marked as a duplicate of this bug. ***
In my case, /etc/named.conf is a symbolic link to /var/named/chroot/etc/named.conf and the other files and subdirectories in /etc/ that are used by bind are symbolic links to the corresponding locations under /var/named/chroot/etc. I remember creating some of the links myself to work around issues during a previous upgrade, but I think the link from /etc/named.conf is a symbolic link to /var/named/chroot/etc/named.conf was the default during a previous fedora release. Is the preferred method for using the same config files with chroot and without chroot to remove the config files from /var/named/chroot/ and allow them to be automatically mounted from /etc/ and /var/named?
I don't know. I didn't manage my configuration directly; I was assuming the init scripts would do the mount -bind or whatever for me. In my case, /etc/named.conf was not a symlink to /var/named/chroot/etc/named.conf, but was a regular file. I wasn't sure what was the proper/preferred way to set things up.
Since reporting the bug, I've uninstalled bind-chroot and gone back to non-chrooted operation, since I couldn't figure out how to get it working short of manually copying files every time I made a change to them. So I might not be the most helpful person in continuing to troubleshoot this. Sorry.
(I think I did try a "yum reinstall bind-chroot" and "yum reinstall bind", to no apparent effect.)
I maintain my configuration explicitly. Every script that clobbers my configuration file I consider very explicitly a bug.
Now I face the same problem that after the upgrade from FC12 to FC13 I suddenly have a /etc/named.conf which is different from /var/named/chroot/etc/named.conf.
Can somebody please explain why this change?
What is now the default place for the named.conf?
This is what I have installed:
Should /etc/named.conf not be symbolic link to /var/named/chroot/etc/named.conf?
This is making it very confusing, please clear it up.
Currently the preferred way is to have all configuration files in non-chroot directories (/etc and /var/named/). All files are then mounted (mount --bind) to proper /var/named/chroot/ locations when you use chroot.
However you are right that update should not break working configuration. Main problem is that we dropped dnssec-conf package from distribution so named.conf must be adjusted a little. Current code in bind package only modifies /etc/named.conf but doesn't modify /var/named/chroot/etc/named.conf. This is a bug which will be solved in the next update.
Possibly this bug is related to bug# 608362 ?
Fedora 12 bind upgrades are breaking working bind configurations, due to missing dnssec files.
(In reply to comment #8)
> Possibly this bug is related to bug# 608362 ?
> Fedora 12 bind upgrades are breaking working bind configurations, due to
> missing dnssec files.
Although bug #608362 might look same as this one, it is actually different issue, check bug #606478.
I extended the trigger which handles transition from dnssec-conf, now it looks into both /etc/named.conf and /var/named/chroot/etc/named.conf locations. This improvement should solve this kind of problems.
bind-9.7.1-1.fc13 has been submitted as an update for Fedora 13.
bind-9.7.1-1.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update bind'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/bind-9.7.1-1.fc13
bind-9.7.1-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.