Bug#775551: bind9: Bind freezes after few hours of operation with ldap plugin

Sat, 17 Jan 2015 00:40:10 -0800 

Package: bind9
Version: 1:9.9.5.dfsg-8
Severity: important

Dear Maintainer,
I run bind with bind9-dyndb-ldap plugin, so I'm not sure if the problem is in 
bind itself or the plugin but after few hours of operation, bind stops 
resolving queries and responding to any commands sent via rndc. If I try to 
restart it (with systemctl restart bind9.service) systemctl times out waiting 
for bind to restart and kills it and starts again. I've checked the logs but 
haven't found any problem there - bind just stops writing there. Tried to 
increase logging level with rndc trace but with no effect.

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (650, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bind9 depends on:
ii  adduser                3.113+nmu3
ii  bind9utils             1:9.9.5.dfsg-8
ii  debconf [debconf-2.0]  1.5.55
ii  init-system-helpers    1.22
ii  libbind9-90            1:9.9.5.dfsg-8
ii  libc6                  2.19-13
ii  libcap2                1:2.24-6
ii  libcomerr2             1.42.12-1
ii  libdns100              1:9.9.5.dfsg-8
ii  libgssapi-krb5-2       1.12.1+dfsg-16
ii  libisc95               1:9.9.5.dfsg-8
ii  libisccc90             1:9.9.5.dfsg-8
ii  libisccfg90            1:9.9.5.dfsg-8
ii  libk5crypto3           1.12.1+dfsg-16
ii  libkrb5-3              1.12.1+dfsg-16
ii  liblwres90             1:9.9.5.dfsg-8
ii  libssl1.0.0            1.0.1k-1
ii  libxml2                2.9.2+dfsg1-1+b1
ii  lsb-base               4.1+Debian13+nmu1
ii  net-tools              1.60-26+b1
ii  netbase                5.3

bind9 recommends no packages.

Versions of packages bind9 suggests:
ii  bind9-doc   1:9.9.5.dfsg-8
ii  dnsutils    1:9.9.5.dfsg-8
pn  resolvconf  <none>
pn  ufw         <none>

-- Configuration Files:
/etc/bind/named.conf.local changed:
/** /
options {
        // turns on IPv6 for port 53, IPv4 is on by default for all ifaces
        listen-on-v6 {any;};
        // Put files that named is allowed to write in the data/ directory:
        directory "/var/cache/bind"; // the default
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";
        forward first;
        forwarders {
                213.46.172.36;
                213.46.172.37;
        };
        // Any host is permitted to issue recursive queries
        allow-recursion { any; };
        tkey-gssapi-keytab "/etc/named.keytab";
        pid-file "/run/named/named.pid";
        dnssec-enable yes;
};
/**/
/* If you want to enable debugging, eg. using the 'rndc trace' command,
 * By default, SELinux policy does not allow named to modify the /var/named 
directory,
 * so put the default debug log file in data/ :
 */
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
                print-time yes;
        };
};
// Dynamic DNS update
include "/etc/bind/rndc.key";
controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; };
/*zone "." IN {
        type hint;
        file "named.ca";
};*/
include "/etc/bind/zones.rfc1918";
dynamic-db "ipa" {
        library "ldap.so";
        arg "uri ldapi://%2fvar%2frun%2fslapd-KASPAR-IN.socket";
        arg "base cn=dns, dc=kaspar,dc=in";
        arg "fake_mname budha.kaspar.in.";
        arg "auth_method sasl";
        arg "sasl_mech GSSAPI";
        arg "sasl_user DNS/budha.kaspar.in";
        arg "serial_autoincrement yes";
};

/etc/bind/zones.rfc1918 changed:
 
zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };


-- debconf information:
  bind9/different-configuration-file:
  bind9/run-resolvconf: false
  bind9/start-as-user: bind


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to