[arch-general] Update to Linux 4.10.1-1 Broke Bind9 /etc/named.conf never reached on startup

David C. Rankin drankinatty at suddenlinkmail.com
Sun Mar 12 14:00:37 UTC 2017 

All,

  After update to Linux 4.10.1-1, Bind9 cannot connect to 127.0.0.1#953. This
server has been flawless with Bind for 4 years. Now, for example attempting to
sync zones:

# rndc -V sync --clean
create memory context
create socket manager
create task manager
create task
create logging context
setting log tag
creating log channel
enabling log channel
create parser
get key
decode base64 secret
allocate data buffer
sync
post event
using server 127.0.0.1 (127.0.0.1#953)
create socket
bind socket
connect
rndc: connect failed: 127.0.0.1#953: connection refused

  This began with the March 10 update. Now attempting to stop named results in
a timeout:

Mar 12 08:45:18 phoinix systemd[1]: Stopped Internet domain name server.
Mar 12 08:45:18 phoinix systemd[1]: named.service: Unit entered failed state.
Mar 12 08:45:18 phoinix systemd[1]: named.service: Failed with result 'timeout'.

  Attempting to start named, named never loads the zone files and never
processes the libseccomp sandboxing active command during startup. Now, the
total startup for named in the journal is:

Mar 10 18:43:53 phoinix named[452]: starting BIND 9.11.0-P3 <id:4801fbc>
Mar 10 18:43:53 phoinix named[452]: running on Linux x86_64 4.10.1-1-ARCH #1
SMP PREEMPT Sun Feb 26 21:08:53 UTC 2017
Mar 10 18:43:53 phoinix named[452]: built with '<snip stuff>'
Mar 10 18:43:53 phoinix named[452]: running as: named -f -u named
Mar 10 18:43:53 phoinix named[452]:
----------------------------------------------------
Mar 10 18:43:53 phoinix named[452]: BIND 9 is maintained by Internet Systems
Consortium,
Mar 10 18:43:53 phoinix named[452]: Inc. (ISC), a non-profit 501(c)(3)
public-benefit
Mar 10 18:43:53 phoinix named[452]: corporation.  Support and training for
BIND 9 are
Mar 10 18:43:53 phoinix named[452]: available at https://www.isc.org/support
Mar 10 18:43:53 phoinix named[452]:
----------------------------------------------------
Mar 10 18:43:53 phoinix named[452]: adjusted limit on open files from 4096 to
1048576
Mar 10 18:43:53 phoinix named[452]: found 4 CPUs, using 4 worker threads
Mar 10 18:43:53 phoinix named[452]: using 3 UDP listeners per interface
Mar 10 18:43:53 phoinix named[452]: using up to 4096 sockets

  Where normally, the startup should continue with, e.g.:

Feb 21 14:15:38 phoinix named[442]: libseccomp sandboxing active
Feb 21 14:15:38 phoinix named[442]: loading configuration from '/etc/named.conf'
Feb 21 14:15:38 phoinix named[442]: reading built-in trusted keys from file
'/etc/bind.keys'
Feb 21 14:15:38 phoinix named[442]: initializing GeoIP Country (IPv4) (type 1) DB
Feb 21 14:15:38 phoinix named[442]: GEO-106FREE 20170207 Build 1 Copy
Feb 21 14:15:38 phoinix named[442]: initializing GeoIP Country (IPv6) (type 12) DB
Feb 21 14:15:38 phoinix named[442]: GEO-106FREE 20170207 Build 1 C
Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv4) (type 2) DB not available
Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv4) (type 6) DB not available
Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv6) (type 30) DB not available
Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv6) (type 31) DB not available
Feb 21 14:15:38 phoinix named[442]: GeoIP Region (type 3) DB not available
Feb 21 14:15:38 phoinix named[442]: GeoIP Region (type 7) DB not available
Feb 21 14:15:38 phoinix named[442]: GeoIP ISP (type 4) DB not available
Feb 21 14:15:38 phoinix named[442]: GeoIP Org (type 5) DB not available
Feb 21 14:15:38 phoinix named[442]: GeoIP AS (type 9) DB not available
Feb 21 14:15:38 phoinix named[442]: GeoIP Domain (type 11) DB not available
Feb 21 14:15:38 phoinix named[442]: GeoIP NetSpeed (type 10) DB not available
Feb 21 14:15:38 phoinix named[442]: using default UDP/IPv4 port range: [32768,
60999]
Feb 21 14:15:38 phoinix named[442]: using default UDP/IPv6 port range: [32768,
60999]
Feb 21 14:15:38 phoinix named[442]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 21 14:15:38 phoinix named[442]: listening on IPv4 interface enp0s10,
192.168.7.16#53
Feb 21 14:15:38 phoinix named[442]: generating session key for dynamic DNS
Feb 21 14:15:38 phoinix named[442]: sizing zone task pool based on 5 zones
Feb 21 14:15:38 phoinix named[442]: 'max-cache-size 90%' - setting to 7189MB
(out of 7988MB)
Feb 21 14:15:38 phoinix named[442]: set up managed keys zone for view
_default, file 'managed-keys.bind'
Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 10.IN-ADDR.ARPA
Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 16.172.IN-ADDR.ARPA
Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 17.172.IN-ADDR.ARPA
Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 18.172.IN-ADDR.ARPA
Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 19.172.IN-ADDR.ARPA

  For some reason the 'libseccomp sandboxing active' command never issues and
/etc/named.conf is never processed. I have not touched the configuration here
in a "long long time..."

  Is this a kernel bug, a libseccomp bug, what?

-- 
David C. Rankin, J.D.,P.E.

More information about the arch-general mailing list