Bug#1120381: bind9 (1:9.18.41-1~deb12u1) — named fails to start after security update (systemd timeout)

Klaus Singvogel Sat, 08 Nov 2025 06:15:15 -0800

Package: bind9
Version: 1:9.18.41-1~deb12u1
Severity: serious
Justification: Policy 9.3.1
X-Debbugs-Cc: [email protected]


Dear Debian maintainers,

After installing the recent security update
        bind9:amd64 (1:9.18.33-1~deb12u2 → 1:9.18.41-1~deb12u1)
I noticed today the named service no longer starts correctly. systemd restarts 
it continuously (about 900 times per day).

From journalctl:
        [...]
        named.service: start operation timed out. Terminating.
        [...]
        named.service: Failed with result 'timeout'.

Starting named manually works as flawless:
        /usr/sbin/named -u bind -t /var/lib/bind -n 3

The issue seems related to the systemd unit configuration. After adding the 
following options under [Service], the service starts normally:
        RestartSec=10
        TimeoutStartSec=300
‥and removing the line (done accidently, when debugging):
        Type=notify

With all these three changes the service runs at my side without an issue.

Best regards,
        Klaus Singvogel.

-- System Information:
Debian Release: 12.12
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-40-cloud-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bind9 depends on:
ii  adduser                    3.134
ii  bind9-libs                 1:9.18.41-1~deb12u1
ii  bind9-utils                1:9.18.41-1~deb12u1
ii  debconf [debconf-2.0]      1.5.82
ii  dns-root-data              2024071801~deb12u1
ii  init-system-helpers        1.65.2+deb12u1
ii  iproute2                   6.1.0-3
ii  libc6                      2.36-9+deb12u13
ii  libcap2                    1:2.66-4+deb12u2
ii  libfstrm0                  0.6.1-1
ii  libjemalloc2               5.3.0-1
ii  libjson-c5                 0.16-2
ii  liblmdb0                   0.9.24-1
ii  libmaxminddb0              1.7.1-1
ii  libnghttp2-14              1.52.0-1+deb12u2
ii  libprotobuf-c1             1.4.1-1+b1
ii  libssl3                    3.0.17-1~deb12u3
ii  libsystemd0                252.39-1~deb12u1
ii  libuv1                     1.44.2-1+deb12u1
ii  libxml2                    2.9.14+dfsg-1.3~deb12u4
ii  netbase                    6.4
ii  sysvinit-utils [lsb-base]  3.06-4
ii  zlib1g                     1:1.2.13.dfsg-1

bind9 recommends no packages.

Versions of packages bind9 suggests:
pn  bind-doc                   <none>
ii  bind9-dnsutils [dnsutils]  1:9.18.41-1~deb12u1
ii  dnsutils                   1:9.18.41-1~deb12u1
ii  openresolv [resolvconf]    3.12.0-3
pn  ufw                        <none>

-- Configuration Files:
/etc/bind/named.conf.default-zones changed [not included]
/etc/bind/named.conf.local changed [not included]
/etc/bind/named.conf.options changed [not included]
/etc/default/named changed [not included]

-- no debconf information

Bug#1120381: bind9 (1:9.18.41-1~deb12u1) — named fails to start after security update (systemd timeout)

Reply via email to