Package: bind9 Version: 1:9.20.23-1 Severity: normal Tags: patch X-Debbugs-Cc: [email protected], [email protected] User: [email protected] Usertags: runit-outstanding
Dear bind9 maintainers, on bind9 package purge I get #apt-get purge bind9 [...] Reading database… 831469 files and directories currently installed.) Purging configuration files for bind9 (1:9.20.23-1)… dpkg: warning: while removing bind9, directory '/var/cache/bind' not empty so not removed dpkg: warning: while removing bind9, directory '/etc/apparmor.d/local' not empty so not removed If Later I reinstall bind9 and looking at logs I get 2026-06-06_22:28:27.05824 07-Jun-2026 00:28:27.052 managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete) 2026-06-06_22:28:27.05830 07-Jun-2026 00:28:27.052 managed-keys-zone: New key 38696 observed for zone '.': starting 30-day acceptance timer 2026-06-06_22:28:27.05836 07-Jun-2026 00:28:27.056 managed-keys.bind.jnl: open: permission denied 2026-06-06_22:28:27.05838 07-Jun-2026 00:28:27.056 managed-keys-zone: keyfetch_done:dns_journal_open -> unexpected error 2026-06-06_22:28:27.05839 07-Jun-2026 00:28:27.056 managed-keys-zone: error during managed-keys processing (unexpected error): DNSSEC validation may be at risk bind (run with -u bind) can't access files in /var/cache/bind ; what happened is that files in /var/cache/bind were not removed on purge but at the same time the bind user is deleted on purge. As bind is reintalled, bind user is crated again but with different uid/gid so it has no access to files left in /var/cache/bind; in my system I have # ls -l /var/cache/bind/ total 8 -rw-r--r-- 1 139 150 821 Apr 20 2023 managed-keys.bind -rw-r--r-- 1 139 150 3733 Apr 20 2023 managed-keys.bind.jnl # getent passwd bind bind:x:131:136::/var/cache/bind:/usr/sbin/nologin I tested that a simple chown -R bind:bind /var/cache/bind fixes the issue, but I think it would be better if the bind9 package removes the files on purge. A simple rm -f /var/cache/bind/managed-keys.bind rm -f /var/cache/bind/managed-keys.bind.jnl rmdir --ignore-fail-on-non-empty /var/cache/bind in postrm/purge will do it. A related issue is that, while removing the user on purge is a common pattern to many other packages, there is consensus in Debian that is better to leave the user there (maybe just lock it) because if there are files left on the system owned by that user and the user is removed, then another system user created later could access those files if it gets assigned the same uid or gid of the old-bind9 removed user. Best, Lorenzo -- System Information: Debian Release: forky/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.17.9+deb14-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: runit (via /run/runit.stopit) Versions of packages bind9 depends on: ii adduser 3.156 ii bind9-libs 1:9.20.23-1 ii bind9-utils 1:9.20.23-1 ii debconf [debconf-2.0] 1.5.92 ii dns-root-data 2025080400 ii iproute2 7.0.0-1 ii libc6 2.42-16 ii libcap2 1:2.78-1 ii libfstrm0 0.6.1-1+b4 ii libjemalloc2 5.3.1-2 ii libjson-c5 0.18+ds-3 ii liblmdb0 0.9.31-1+b3 ii libmaxminddb0 1.13.3-1 ii libnghttp2-14 1.69.0-1 ii libprotobuf-c1 1.5.1-1+b2 ii libssl3t64 3.6.2-1 ii liburcu8t64 0.15.6-1+b1 ii libuv1t64 1.52.1-4 ii libxml2-16 2.15.2+dfsg-0.1 ii netbase 6.5 ii zlib1g 1:1.3.dfsg+really1.3.2-3 bind9 recommends no packages. Versions of packages bind9 suggests: ii bind9-dnsutils 1:9.20.23-1 pn bind9-doc <none> pn resolvconf <none> pn ufw <none> -- no debconf information
