Your message dated Sun, 22 Oct 2017 13:19:11 +0200
with message-id
<1508671151.815349.1146906880.773a8...@webmail.messagingengine.com>
and subject line Closing bugs in old-old-stable bind9 versions
has caused the Debian Bug report #168931,
regarding bind9: bind is unable to open/create pid file as non-root
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
168931: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=168931
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: bind9
Version: 1:9.2.1-2.woody.1
Severity: normal
Unlike bind8, when running bind9 as non-root, bind9 drops privileges
before opening/creating the pid file. It should open/create the pid
file first.
Here's the error from my log:
Nov 12 22:07:09 proton named[3679]: couldn't open pid file
'/var/run/named.pid': Permission denied
It's possible to work around the problem by doing:
(assuming you have a "named" user and group)
mkdir /var/run/named
chown named:named /var/run/named
And add this line to options in named.conf:
pid-file "/var/run/named/named.pid";
But, bind should not require the work-around. (In fact, bind should
default to running as user named, group named. It's easy.)
-- System Information
Debian Release: 3.0
Kernel Version: Linux proton 2.4.19-ac4 #3 Sun Sep 15 01:57:14 PDT 2002 i686
unknown
Versions of the packages bind9 depends on:
ii libc6 2.2.5-11.2 GNU C Library: Shared libraries and Timezone
ii libdns5 9.2.1-2.woody. DNS Shared Library used by BIND
ii libisc4 9.2.1-2.woody. ISC Shared Library used by BIND
ii libisccc0 9.2.1-2.woody. Command Channel Library used by BIND
ii libisccfg0 9.2.1-2.woody. Config File Handling Library used by BIND
ii liblwres1 9.2.1-2.woody. Lightweight Resolver Library used by BIND
ii libssl0.9.6 0.9.6c-2.woody SSL shared libraries
ii netbase 4.07 Basic TCP/IP networking system
--- Begin /etc/init.d/bind9 (modified conffile)
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
OPTS=""
test -f /etc/default/named && . /etc/default/named
test -x /usr/sbin/named || exit 0
case "$1" in
start)
echo -n "Starting domain name service: named"
start-stop-daemon --start --quiet \
--pidfile /var/run/named.pid --exec /usr/sbin/named -- $OPTS
echo "."
;;
stop)
echo -n "Stopping domain name service: named"
/usr/sbin/rndc stop
echo "."
;;
reload)
/usr/sbin/rndc reload
;;
restart|force-reload)
$0 stop
sleep 2
$0 start
;;
*)
echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}"
>&2
exit 1
;;
esac
exit 0
--- End /etc/init.d/bind9
--- Begin /etc/bind/named.conf (modified conffile)
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
acl internal {
127.0.0.1/32; // localhost
10.0.0.0/8; // internal
216.103.211.240; // proton.pathname.com
};
acl friendly {
64.158.222.226; // NS1.KERNEL.ORG
204.152.189.113; // NS2.KERNEL.ORG
216.103.211.240; // NS.PATHNAME.COM
127.0.0.1/32; // localhost
10.0.0.0/8; // internal
};
options {
directory "/var/cache/bind";
pid-file "/var/run/named/named.pid";
allow-query { internal; };
allow-recursion { internal; }; // redundant due to allow-query option
allow-transfer { none; };
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// add entries for other zones below here
zone "pathname.com" {
type master;
file "/etc/bind/db.pathname";
allow-query { any; };
allow-transfer { friendly; };
};
--- End /etc/bind/named.conf
--- End Message ---
--- Begin Message ---
Version: 1:9.10.3.dfsg.P4-12.3
Hi,
the bind9 bug list grew too much and the Debian BIND team cannot
simply test all the reported bugs against versions not in stable, so
this is mass bug close, as either the version is no longer relevant
(because of old-old-stable 9.8.x or old-stable 9.9.5 or even older
version of bind9) or the bug was already fixed.
However, if you can reproduce the bug with a current version in stable,
please use Debian BTS 'found <bug> <version_you_reproduced_the_issue>'
command to retag the bug and reopen it.
Cheers,
Ondrej
signature.asc
Description: PGP signature
--- End Message ---
