[arch-general] Update to Linux 4.10.1-1 Broke Bind9 /etc/named.conf never reached on startup
All, After update to Linux 4.10.1-1, Bind9 cannot connect to 127.0.0.1#953. This server has been flawless with Bind for 4 years. Now, for example attempting to sync zones: # rndc -V sync --clean create memory context create socket manager create task manager create task create logging context setting log tag creating log channel enabling log channel create parser get key decode base64 secret allocate data buffer sync post event using server 127.0.0.1 (127.0.0.1#953) create socket bind socket connect rndc: connect failed: 127.0.0.1#953: connection refused This began with the March 10 update. Now attempting to stop named results in a timeout: Mar 12 08:45:18 phoinix systemd[1]: Stopped Internet domain name server. Mar 12 08:45:18 phoinix systemd[1]: named.service: Unit entered failed state. Mar 12 08:45:18 phoinix systemd[1]: named.service: Failed with result 'timeout'. Attempting to start named, named never loads the zone files and never processes the libseccomp sandboxing active command during startup. Now, the total startup for named in the journal is: Mar 10 18:43:53 phoinix named[452]: starting BIND 9.11.0-P3 <id:4801fbc> Mar 10 18:43:53 phoinix named[452]: running on Linux x86_64 4.10.1-1-ARCH #1 SMP PREEMPT Sun Feb 26 21:08:53 UTC 2017 Mar 10 18:43:53 phoinix named[452]: built with '<snip stuff>' Mar 10 18:43:53 phoinix named[452]: running as: named -f -u named Mar 10 18:43:53 phoinix named[452]: ---------------------------------------------------- Mar 10 18:43:53 phoinix named[452]: BIND 9 is maintained by Internet Systems Consortium, Mar 10 18:43:53 phoinix named[452]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Mar 10 18:43:53 phoinix named[452]: corporation. Support and training for BIND 9 are Mar 10 18:43:53 phoinix named[452]: available at https://www.isc.org/support Mar 10 18:43:53 phoinix named[452]: ---------------------------------------------------- Mar 10 18:43:53 phoinix named[452]: adjusted limit on open files from 4096 to 1048576 Mar 10 18:43:53 phoinix named[452]: found 4 CPUs, using 4 worker threads Mar 10 18:43:53 phoinix named[452]: using 3 UDP listeners per interface Mar 10 18:43:53 phoinix named[452]: using up to 4096 sockets Where normally, the startup should continue with, e.g.: Feb 21 14:15:38 phoinix named[442]: libseccomp sandboxing active Feb 21 14:15:38 phoinix named[442]: loading configuration from '/etc/named.conf' Feb 21 14:15:38 phoinix named[442]: reading built-in trusted keys from file '/etc/bind.keys' Feb 21 14:15:38 phoinix named[442]: initializing GeoIP Country (IPv4) (type 1) DB Feb 21 14:15:38 phoinix named[442]: GEO-106FREE 20170207 Build 1 Copy Feb 21 14:15:38 phoinix named[442]: initializing GeoIP Country (IPv6) (type 12) DB Feb 21 14:15:38 phoinix named[442]: GEO-106FREE 20170207 Build 1 C Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv4) (type 2) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv4) (type 6) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv6) (type 30) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv6) (type 31) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP Region (type 3) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP Region (type 7) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP ISP (type 4) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP Org (type 5) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP AS (type 9) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP Domain (type 11) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP NetSpeed (type 10) DB not available Feb 21 14:15:38 phoinix named[442]: using default UDP/IPv4 port range: [32768, 60999] Feb 21 14:15:38 phoinix named[442]: using default UDP/IPv6 port range: [32768, 60999] Feb 21 14:15:38 phoinix named[442]: listening on IPv4 interface lo, 127.0.0.1#53 Feb 21 14:15:38 phoinix named[442]: listening on IPv4 interface enp0s10, 192.168.7.16#53 Feb 21 14:15:38 phoinix named[442]: generating session key for dynamic DNS Feb 21 14:15:38 phoinix named[442]: sizing zone task pool based on 5 zones Feb 21 14:15:38 phoinix named[442]: 'max-cache-size 90%' - setting to 7189MB (out of 7988MB) Feb 21 14:15:38 phoinix named[442]: set up managed keys zone for view _default, file 'managed-keys.bind' Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 10.IN-ADDR.ARPA Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 16.172.IN-ADDR.ARPA Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 17.172.IN-ADDR.ARPA Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 18.172.IN-ADDR.ARPA Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 19.172.IN-ADDR.ARPA For some reason the 'libseccomp sandboxing active' command never issues and /etc/named.conf is never processed. I have not touched the configuration here in a "long long time..." Is this a kernel bug, a libseccomp bug, what? -- David C. Rankin, J.D.,P.E.
On 03/12/2017 09:00 AM, David C. Rankin wrote:
For some reason the 'libseccomp sandboxing active' command never issues and /etc/named.conf is never processed. I have not touched the configuration here in a "long long time..."
Is this a kernel bug, a libseccomp bug, what?
Uugh... Whatever broke, I need to find a solution, and fast, this is the mail host for my office and it is now rejecting all mail, e.g.: Mar 12 09:06:23 phoinix postfix/smtpd[1107]: connect from unknown[206.224.69.184] Mar 12 09:06:23 phoinix postfix/smtpd[1107]: NOQUEUE: reject: RCPT from unknown[206.224.69.184]: 450 4.7.25 Client host rejected: cannot find your hostname, [206.224.69.184]; from=<TexasBarCLE@email.texasbarcle.com> to=<berry@rankinlawfirm.com> proto=ESMTP helo=<massmail.texasbarcle.com> Mar 12 09:06:23 phoinix postfix/smtpd[1107]: disconnect from unknown[206.224.69.184] ehlo=1 mail=1 rcpt=0/1 quit=1 commands=3/4 Downgrading the following solved the problem: 2017-03-12 09:18] [PACMAN] Running 'pacman -U linux-api-headers-4.7-1-x86_64.pkg.tar.xz geoip-database-20170207-1-any.pkg.tar.xz linux-4.9.9-1-x86_64.pkg.tar.xz linux-headers-4.9.9-1-x86_64.pkg.tar.xz openresolv-3.8.1-1-any.pkg.tar.xz glibc-2.24-2-x86_64.pkg.tar.xz binutils-2.27-1-x86_64.pkg.tar.xz gcc-libs-6.3.1-1-x86_64.pkg.tar.xz cifs-utils-6.5-1-x86_64.pkg.tar.xz gcc-6.3.1-1-x86_64.pkg.tar.xz libinput-1.6.2-1-x86_64.pkg.tar.xz linux-firmware-20170217.12987ca-2-any.pkg.tar.xz xf86-input-libinput-0.24.0-1-x86_64.pkg.tar.xz valgrind-3.12.0-1-x86_64.pkg.tar.xz' [2017-03-12 09:18] [ALPM] transaction started [2017-03-12 09:18] [ALPM] downgraded linux-api-headers (4.10.1-1 -> 4.7-1) [2017-03-12 09:18] [ALPM] downgraded geoip-database (20170307-1 -> 20170207-1) [2017-03-12 09:18] [ALPM] downgraded linux-firmware (20170227.5abb924-1 -> 20170217.12987ca-2) [2017-03-12 09:18] [ALPM] downgraded glibc (2.25-1 -> 2.24-2) [2017-03-12 09:18] [ALPM-SCRIPTLET] Generating locales... [2017-03-12 09:18] [ALPM-SCRIPTLET] en_US.UTF-8... done [2017-03-12 09:18] [ALPM-SCRIPTLET] Generation complete. [2017-03-12 09:18] [ALPM] downgraded gcc-libs (6.3.1-2 -> 6.3.1-1) [2017-03-12 09:19] [ALPM] downgraded linux (4.10.1-1 -> 4.9.9-1) [2017-03-12 09:19] [ALPM-SCRIPTLET] >>> Updating module dependencies. Please wait ... [2017-03-12 09:19] [ALPM] downgraded linux-headers (4.10.1-1 -> 4.9.9-1) [2017-03-12 09:19] [ALPM] reinstalled openresolv (3.8.1-1) [2017-03-12 09:19] [ALPM] downgraded binutils (2.28-1 -> 2.27-1) [2017-03-12 09:19] [ALPM] downgraded cifs-utils (6.7-1 -> 6.5-1) [2017-03-12 09:19] [ALPM] downgraded gcc (6.3.1-2 -> 6.3.1-1) [2017-03-12 09:19] [ALPM] downgraded libinput (1.6.3-1 -> 1.6.2-1) [2017-03-12 09:19] [ALPM] downgraded xf86-input-libinput (0.25.0-1 -> 0.24.0-1) [2017-03-12 09:19] [ALPM] downgraded valgrind (3.12.0-2 -> 3.12.0-1) [2017-03-12 09:19] [ALPM] transaction completed [2017-03-12 09:19] [ALPM] running '99-linux.hook'... [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default' [2017-03-12 09:19] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> Starting build: 4.9.9-1-ARCH [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [base] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [udev] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [autodetect] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [modconf] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [block] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [mdadm_udev] [2017-03-12 09:19] [ALPM-SCRIPTLET] Custom /etc/mdadm.conf file will be used in initramfs for assembling arrays. [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [filesystems] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [keyboard] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [fsck] [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> Generating module dependencies [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux.img [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> Image generation successful [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback' [2017-03-12 09:19] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> Starting build: 4.9.9-1-ARCH [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [base] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [udev] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [modconf] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [block] [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: wd719x [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: aic94xx [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [mdadm_udev] [2017-03-12 09:19] [ALPM-SCRIPTLET] Custom /etc/mdadm.conf file will be used in initramfs for assembling arrays. [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [filesystems] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [keyboard] [2017-03-12 09:19] [ALPM-SCRIPTLET] -> Running build hook: [fsck] [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> Generating module dependencies [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-fallback.img [2017-03-12 09:19] [ALPM-SCRIPTLET] ==> Image generation successful [2017-03-12 09:19] [ALPM] running 'systemd-hwdb.hook'... [2017-03-12 09:19] [ALPM] running 'systemd-tmpfiles.hook'... [2017-03-12 09:19] [ALPM] running 'systemd-update.hook'... [2017-03-12 09:19] [ALPM] running 'texinfo-install.hook'... There is a BIG bug in one of those upgrades -- but which one? -- David C. Rankin, J.D.,P.E.
On 03/12/2017 09:24 AM, David C. Rankin wrote:
There is a BIG bug in one of those upgrades -- but which one?
If it helps, I had individually downgraded the following and tested, but named remained broken until I backed out the block of packages containing the kernel and gcc. I had individually tried: [2017-03-12 08:33] [ALPM] downgraded bind-tools (9.11.0.P3-2 -> 9.11.0.P3-1) [2017-03-12 08:33] [ALPM] downgraded bind (9.11.0.P3-2 -> 9.11.0.P3-1) No change. [2017-03-12 09:02] [ALPM] downgraded geoip-database (20170307-1 -> 20170207-1) No change. [2017-03-12 09:06] [ALPM] downgraded openresolv (3.9.0-1 -> 3.8.1-1) No change. 2017-03-12 09:18] [ALPM] transaction started [2017-03-12 09:18] [ALPM] downgraded linux-api-headers (4.10.1-1 -> 4.7-1) [2017-03-12 09:18] [ALPM] downgraded geoip-database (20170307-1 -> 20170207-1) [2017-03-12 09:18] [ALPM] downgraded linux-firmware (20170227.5abb924-1 -> 20170217.12987ca-2) [2017-03-12 09:18] [ALPM] downgraded glibc (2.25-1 -> 2.24-2) [2017-03-12 09:18] [ALPM-SCRIPTLET] Generating locales... [2017-03-12 09:18] [ALPM-SCRIPTLET] en_US.UTF-8... done [2017-03-12 09:18] [ALPM-SCRIPTLET] Generation complete. [2017-03-12 09:18] [ALPM] downgraded gcc-libs (6.3.1-2 -> 6.3.1-1) [2017-03-12 09:19] [ALPM] downgraded linux (4.10.1-1 -> 4.9.9-1) [2017-03-12 09:19] [ALPM-SCRIPTLET] >>> Updating module dependencies. Please wait ... [2017-03-12 09:19] [ALPM] downgraded linux-headers (4.10.1-1 -> 4.9.9-1) [2017-03-12 09:19] [ALPM] reinstalled openresolv (3.8.1-1) [2017-03-12 09:19] [ALPM] downgraded binutils (2.28-1 -> 2.27-1) [2017-03-12 09:19] [ALPM] downgraded cifs-utils (6.7-1 -> 6.5-1) [2017-03-12 09:19] [ALPM] downgraded gcc (6.3.1-2 -> 6.3.1-1) [2017-03-12 09:19] [ALPM] downgraded libinput (1.6.3-1 -> 1.6.2-1) [2017-03-12 09:19] [ALPM] downgraded xf86-input-libinput (0.25.0-1 -> 0.24.0-1) [2017-03-12 09:19] [ALPM] downgraded valgrind (3.12.0-2 -> 3.12.0-1) [2017-03-12 09:19] [ALPM] transaction completed Success. So one of the packages in the block upgrade is the culprit. And candidly it is probably either the kernel or gcc, but that is just a suspicion. Should I open a bug, and if so, which package do I open it under? -- David C. Rankin, J.D.,P.E.
On Sun, 12 Mar 2017 09:36:48 -0500 "David C. Rankin" <drankinatty@suddenlinkmail.com> wrote:
Should I open a bug, and if so, which package do I open it under?
There already is one, has been for a couple of days
On 12-03-2017 14:00, David C. Rankin wrote:
All,
After update to Linux 4.10.1-1, Bind9 cannot connect to 127.0.0.1#953. This server has been flawless with Bind for 4 years. Now, for example attempting to sync zones:
It seems other people also have noticed problems: https://bbs.archlinux.org/viewtopic.php?id=224028 I guess the quick "fix" would be to downgrade the kernel or maybe try the lts kernel. -- Mauro Santos
On 03/12/2017 10:36 AM, Mauro Santos via arch-general wrote:
On 12-03-2017 14:00, David C. Rankin wrote:
All,
After update to Linux 4.10.1-1, Bind9 cannot connect to 127.0.0.1#953. This server has been flawless with Bind for 4 years. Now, for example attempting to sync zones:
It seems other people also have noticed problems: https://bbs.archlinux.org/viewtopic.php?id=224028
I guess the quick "fix" would be to downgrade the kernel or maybe try the lts kernel.
Mauro, Doug, Thanks, I'll add what I found to the bug. The downgrade solved the problem. -- David C. Rankin, J.D.,P.E.
participants (3)
-
David C. Rankin
-
Doug Newgard
-
Mauro Santos