923113 – Potential crash during startup/reload if global configuration options are set

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 923113 - Potential crash during startup/reload if global configuration options are set

Summary: Potential crash during startup/reload if global configuration options are set

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	bind-dyndb-ldap
Sub Component:
Version:	6.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Spacek
QA Contact:	Namita Soman
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	883504 928429
TreeView+	depends on / blocked

Reported:	2013-03-19 09:01 UTC by Petr Spacek
Modified:	2018-12-01 16:13 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	The bind-dyndb-ldap plug-in processed settings too early, which led to the daemon terminating unexpectedly with a segmentation fault during startup or reload. The bind-dyndb-ldap plug-in has been fixed to process its options later, and so, no longer crashes during startup or reload.
Clone Of:
Environment:
Last Closed:	2013-11-21 12:11:05 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:1636	0	normal	SHIPPED_LIVE	bind-dyndb-ldap bug fix update	2013-11-20 21:53:43 UTC

Description Petr Spacek 2013-03-19 09:01:11 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/bind-dyndb-ldap/ticket/110

* Define some global DNS option, e.g. `idnsAllowSyncPTR` attribute in global configuration object `cn=dns, dc=example, dc=com`.
* Start or reload BIND.
* Keep your fingers crossed, this problem not so often on RHEL 6.4.
* Check logs.

The error is more likely in latest builds from master (e1122fde894946d5cf4aa209df4c7060bb877d0a).

`/var/log/messages`:
{{{
13-Mar-2013 19:50:06.718 examining set of settings 'LDAP idnsConfig object for database ipa'
13-Mar-2013 19:50:06.718 setting 'dyn_update' was found in set 'LDAP idnsConfig object for database ipa'
13-Mar-2013 19:50:06.718 examining set of settings 'LDAP idnsConfig object for database ipa'
13-Mar-2013 19:50:06.718 setting 'dyn_update' was found in set 'LDAP idnsConfig object for database ipa'
13-Mar-2013 19:50:06.718 [settings.c     :  419: setting_update_from_ldap_entry] check failed: ignore
13-Mar-2013 19:50:06.718 zone 168.192.IN-ADDR.ARPA/IN: loaded; checking validity
13-Mar-2013 19:50:06.718 examining set of settings 'LDAP idnsConfig object for database ipa'
13-Mar-2013 19:50:06.718 setting 'sync_ptr' was found in set 'LDAP idnsConfig object for database ipa'
13-Mar-2013 19:50:06.718 examining set of settings 'LDAP idnsConfig object for database ipa'
13-Mar-2013 19:50:06.718 setting 'sync_ptr' was found in set 'LDAP idnsConfig object for database ipa'
13-Mar-2013 19:50:06.718 task.c:1678: REQUIRE(task->state == task_state_running) failed, back trace
13-Mar-2013 19:50:06.718 exiting (due to assertion failure)
}}}

Comment 1 Petr Spacek 2013-03-19 09:12:25 UTC

Workaround:
Remove all global configuration options from LDAP.

IPA command:
$ ipa dnsconfig-mod --forwarder='' --forward-policy='' --allow-sync-ptr='' --zone-refresh=''

Global forwarders and zone refresh parameters can be configured per-server in /etc/named.conf. Zone refresh was superseded by persistent search in IPA version 3.0 and higher and should not be enabled.

'Sync PTR' feature can be configured per server in /etc/named.conf and also per-zone in LDAP (via ipa dnszone-mod).

Comment 5 Petr Spacek 2013-03-20 15:47:04 UTC

BIND will crash if following conditions are met at the same time:
* Persistent search is enabled (default from IPA 3.0)
* Configuration of PTR synchronization feature has different value in global configuration and in local /etc/named.conf. I.e. PTR synchronization is globally enabled and locally disabled or vice versa.

Simpler workaround:
* Configure PTR synchronization in /etc/named.conf or per-zone as described in comment #1.
* Remove configuration for PTR synchronization from global configuration:
$ ipa dnsconfig-mod --allow-sync-ptr=''

OR

* Disable persistent search.

Comment 15 Petr Spacek 2013-04-15 14:45:28 UTC

This issue is fixed by http://rhn.redhat.com/errata/RHBA-2013-0739.html . Why is the status still MODIFIED?

Comment 16 Martin Kosek 2013-04-15 14:50:57 UTC

(In reply to comment #15)
> This issue is fixed by http://rhn.redhat.com/errata/RHBA-2013-0739.html .
> Why is the status still MODIFIED?

Because the bug was not added to the list of bugs fixed in an errata? If this is the case, we should close this bug&fill fixed in field.

Comment 17 Martin Kosek 2013-04-15 15:16:30 UTC

Ah, I see it now, this Bugzilla is for 6.5 - but I still think that Fixed In Version should be filled.

Comment 21 Namita Soman 2013-09-09 13:32:22 UTC

Tested using:
ipa-server-3.0.0-33.el6.x86_64
bind-dyndb-ldap-2.3-4.el6.x86_64

# ipa dnsconfig-mod --allow-sync-ptr=TRUE
  Allow PTR sync: TRUE

# service named restart
Stopping named: .[  OK  ]
Starting named: [  OK  ]

Not seeing the behaviour reported above.

From https://bugzilla.redhat.com/show_bug.cgi?id=928429#c10, verifying Sanity Only.

Comment 22 errata-xmlrpc 2013-11-21 12:11:05 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1636.html

Note You need to log in before you can comment on or make changes to this bug.