bind-dyndb-ldap

#138 BIND stop working after deleting root zone '.'
Closed: Fixed Opened by mbasti.

Closed: Fixed
Reopen Issue

Problem

  • What does not work as expected?

named stop working after removing root zone '.' from LDAP

To allow ipa donszone-add ., patch required: https://fedorahosted.org/freeipa/attachment/ticket/4149

  • Is your problem related to a single DNS zone or a DNS record?

Single zone

Steps to Reproduce

  • ipactls status (all services RUNNING)
  • ipa dnszone-add .
  • ipactls status (all services RUNNING)

  • tail /var/named/data/named.run (shows errors)

    25-Aug-2014 13:23:05.197 zone ./IN: NS 'ns.example.com' has no address records (A or AAAA)
    25-Aug-2014 13:23:05.197 zone ./IN: not loaded due to errors.
    25-Aug-2014 13:23:05.197 update_zone (syncrepl) failed for 'idnsname=.,cn=dns,dc=example,dc=com'. Zones can be outdated, run rndc reload: bad zone
    25-Aug-2014 13:23:05.349 zone ./IN: loaded serial 1408965786

  • ipactl status (all services running)

  • dig NS .

    ;; QUESTION SECTION:
    ;. IN NS

    ;; ANSWER SECTION:
    . 86400 IN NS ns.example.com.

    ;; ADDITIONAL SECTION:
    ns.example.com. 1200 IN A 10.x.x.x

  • ipa dnszone-del .

  • ipactl status (named: STOPPED)

  • tail /var/named/data/named.run (shows assertion)

    25-Aug-2014 13:35:39.524 task.c:1678: REQUIRE(task->state == task_state_running) failed, back trace
    25-Aug-2014 13:35:39.524 #0 0x7febc696b920 in ??
    25-Aug-2014 13:35:39.525 #1 0x7febc4b5b17a in ??
    25-Aug-2014 13:35:39.525 #2 0x7febc4b7d3b7 in ??
    25-Aug-2014 13:35:39.525 #3 0x7febc0a0fafe in ??
    25-Aug-2014 13:35:39.525 #4 0x7febc0a0a086 in ??
    25-Aug-2014 13:35:39.525 #5 0x7febc0a0df24 in ??
    25-Aug-2014 13:35:39.525 #6 0x7febc4b7d836 in ??
    25-Aug-2014 13:35:39.525 #7 0x7febc4731f33 in ??
    25-Aug-2014 13:35:39.525 #8 0x7febc39d5ded in ??
    25-Aug-2014 13:35:39.525 exiting (due to assertion failure)

  • zone is removed from LDAP

SIDE EFFECT: significant slowdown of ipa commands, after zone deletion (ipa dnszone-find ~10sec)

dirserv error?: no errors in dirsrv error log

  • systemctl start named

Everything works fine, speed of ipa commands is restored (ipa dnszone-find ~1sec)

  • dig NS .

    ;; QUESTION SECTION:
    ;. IN NS

    ;; ANSWER SECTION:
    . 46510 IN NS d.root-servers.net.
    . 46510 IN NS a.root-servers.net.

NOTE: ipa dnsforwardzone-add/del '.' works fine

Environment

bind-dyndb-ldap-5.1-1.fc20.x86_64

bind-9.9.4-12.P2.fc20.x86_64

  • Distribution and version (i.e. including updates):

F20

  • Architecture:

x86_64

  • Do you use bind-dyndb-ldap as part of ​FreeIPA installation? If you answered no: Which LDAP server you use? Which version?

Yes

  • Include dynamic-db section from configuration file /etc/named.conf:

    dynamic-db "ipa" {
    library "ldap.so";
    arg "uri ldapi://%2fvar%2frun%2fslapd-IDM-LAB-ENG-BRQ-REDHAT-COM.socket";
    arg "base cn=dns, dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com";
    arg "fake_mname vm-073.idm.lab.eng.brq.redhat.com.";
    arg "auth_method sasl";
    arg "sasl_mech GSSAPI";
    arg "sasl_user DNS/vm-073.idm.lab.eng.brq.redhat.com";
    arg "serial_autoincrement yes";
    };

  • Do you have some other text based or ​DLZ zones configured?

No

  • Do you have some global forwarders configured in BIND configuration file? (Statements forward and forwarders.)

Yes

  • Do you have some settings in global configuration object in LDAP? Please export configuration object to LDIF and attach it to the bug report.

No

Metadata Update from @mbasti:
- Issue assigned to pspacek
- Issue set to the milestone: Fedora 21

Log in to comment on this ticket.

Metadata
None
None
None
Normal
defect
ldap driver
nihsyndrome, crash
https://bugzilla.redhat.com/show_bug.cgi?id=1056202
5.2
e3da71fcf26c0bd024f739d23ce431408fb9246d
Powered by Pagure 1.0.0
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.