Bug#760555: bind9: rndc hang can prevent network interface scripts from running

Fri, 05 Sep 2014 02:27:55 -0700 

Package: bind9
Version: 1:9.9.5.dfsg-4
Severity: important
Tags: patch

Currently, the following scripts are installed by the bind9 package:

    /etc/ppp/ip-up.d/bind9
    /etc/ppp/ip-down.d/bind9
    /etc/network/if-up.d/bind9
    /etc/network/if-down.d/bind9

These scripts contain the following call:

    rndc reconfig >/dev/null 2>&1 || true

I had an issue on my system that made the named daemon freeze in such
a way that any rndc command would hang forever. Since rndc is called as
part of network interface up/down scripts, it made these scripts hang as
well. As a result, my machine lost its network connection.

Network interface up/down scripts should not have a critical dependency
on some non-critical part of the system (bind9) behaving correctly.
Otherwise it makes the network subsystem exceedingly brittle.

To fix the issue, I suggest replacing the line above with the following
so that the network subsystem will never wait on rndc:

    rndc reconfig >/dev/null 2>&1 &

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bind9 depends on:
ii  adduser                3.113+nmu3
ii  bind9utils             1:9.9.5.dfsg-4
ii  debconf [debconf-2.0]  1.5.53
ii  init-system-helpers    1.19
ii  libbind9-90            1:9.9.5.dfsg-4
ii  libc6                  2.19-6
ii  libcap2                1:2.22-1.2
ii  libcomerr2             1.42.11-1
ii  libdns100              1:9.9.5.dfsg-4
ii  libgssapi-krb5-2       1.12.1+dfsg-3
ii  libisc95               1:9.9.5.dfsg-4
ii  libisccc90             1:9.9.5.dfsg-4
ii  libisccfg90            1:9.9.5.dfsg-4
ii  libk5crypto3           1.12.1+dfsg-3
ii  libkrb5-3              1.12.1+dfsg-3
ii  liblwres90             1:9.9.5.dfsg-4
ii  libssl1.0.0            1.0.1h-3
ii  libxml2                2.9.1+dfsg1-4
ii  lsb-base               4.1+Debian13
ii  net-tools              1.60-26
ii  netbase                5.2

bind9 recommends no packages.

Versions of packages bind9 suggests:
pn  bind9-doc                 <none>
ii  knot-dnsutils [dnsutils]  1.5.0-1
ii  resolvconf                1.75
pn  ufw                       <none>

-- Configuration Files:
/etc/bind/named.conf.local changed [not included]
/etc/bind/named.conf.options changed [not included]

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to