Bind crashes shortly after starting
This all started after a "DNF update" updated Bind from version 9.16.23-18.el9_4.1 to _4.6 I'm pretty sure it is related to bind-dyndb-ldap, because when I comment out the dyndb section of the named.conf file, named comes up and works. When the dyndb section is in place, named comes up fine and seems to initialize, but shortly after that, it crashes.
This occurs on Rocky 9.4 ( 5.14.0-427.40.1.el9_4.aarch64 ) Upgrade Bind from version 32:9.16.23-18.el9_4.1 to 32:9.16.23-18.el9_4.6
I tried this on another server and the same thing happened.
Plugin version: 11.9-10.el9_4
Version of BIND: 32:9.16.23-18.el9_4.6
Distribution and version (i.e. including updates): Rocky 9.4 kernel 5.14.0-427.40.1.el9_4
Architecture: aarch64
Do you use bind-dyndb-ldap as part of FreeIPA installation? Yes, version 4.11.0-15.el9_4
from /var/log/messages
<!!image>
File /etc/named.conf
Export of global LDAP configuration
This looks like an issue in Rocky Linux builds as bind-dyndb-ldap must be rebuilt with bind when bind's ABI changes.
If you look at https://git.rockylinux.org/staging/rpms/bind/-/commit/0406b88666eb24c92134b8a71f64c9c9da95db18, you can see that it includes CVE fixes that actually required bind-dyndb-ldap rebuilds. RHEL and Fedora did those rebuilds whie RockyLinux did not, thus bind and bind-dyndb-ldap in RockyLinux repositories went out of sync.
RHEL update for these bind CVEs even includes bind-dyndb-ldap together with bind packages: https://access.redhat.com/errata/RHSA-2024:5907
You should be talking to RockyLinux maintainers and open an issue there.
Metadata Update from @abbra: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Thanks for the update. I have opened an issue with the Rocky Linux team. Hopefully, they'll get it fixed.
On Wed, Oct 23, 2024 at 3:23=E2=80=AFAM Alexander Bokovoy <pagure@pagure.io=
wrote: abbra added a new comment to an issue you are following: `` This looks like an issue in Rocky Linux builds as bind-dyndb-ldap must be rebuilt with bind when bind's ABI changes. If you look at https://git.rockylinux.org/staging/rpms/bind/-/commit/0406b88666eb24c9213= 4b8a71f64c9c9da95db18, you can see that it includes CVE fixes that actually required bind-dyndb-ldap rebuilds. RHEL and Fedora did those rebuilds whie RockyLinux did not, thus bind and bind-dyndb-ldap in RockyLinux repositories went out of sync. RHEL update for these bind CVEs even includes bind-dyndb-ldap together with bind packages: https://access.redhat.com/errata/RHSA-2024:5907 You should be talking to RockyLinux maintainers and open an issue there. `` To reply, visit the link below or just reply to this email https://pagure.io/bind-dyndb-ldap/issue/236
wrote:
abbra added a new comment to an issue you are following: `` This looks like an issue in Rocky Linux builds as bind-dyndb-ldap must be rebuilt with bind when bind's ABI changes.
If you look at https://git.rockylinux.org/staging/rpms/bind/-/commit/0406b88666eb24c9213= 4b8a71f64c9c9da95db18, you can see that it includes CVE fixes that actually required bind-dyndb-ldap rebuilds. RHEL and Fedora did those rebuilds whie RockyLinux did not, thus bind and bind-dyndb-ldap in RockyLinux repositories went out of sync.
You should be talking to RockyLinux maintainers and open an issue there. ``
To reply, visit the link below or just reply to this email https://pagure.io/bind-dyndb-ldap/issue/236
--=20 This email may contain confidential or privileged information.=C2=A0 If you= =20 believe you have received this email in error,
=C2=A0please notify the sender=20 by reply email and then delete this email immediately.
Log in to comment on this ticket.