[Giorgio Pioda] > In my crash I got an A statement with empty hostname, but actually the > hostname was a normal lowercase (for instance the string "piattaforma"). > The only possible wrong char could be an invisible white space. > > I'm triing to understand what happened, but it is not easy, since this > A statement was added a week before the crash, so ldap2zone had already > run with this setup without errors (IIRC ldap2zone runs every hour). > > Just berfore the crash I dist-upgraded the server because of the bash > vulnerability claim. In this upgrade I got also kerberos, ldap > and possibly other server patches. I should browse the etckeeper git repo > to see exact file modifications and its timing (is there a short howto since > I'm pretty > newbe on git). > > I'm beginning to think that it has been a kind > of "race condition" between the ldap2zone script and the dist-upgrade > of the slapd/ldap. It is only a suspect, still with no evidences.
I believe ldap2zone created a broken zone file and tried to reload bind, which rejected the zone file and kept using the old zone it had in memory. There should be syslog messages about this. Then you upgraded the server and restarted bind, which no longer had the option of keeping the old data (restart forces reload, reload only suggest it) and had no other option than to refuse to start. Without a running bind, DNS lookup failed all over the place and nothing worked. Running 'cd /etc/bind; git log -p' as root you should be able to see what the zone file looked like when it was broken, and how it was before it was broken. The ldap2zone version I uploaded yesterday will check if bind liked the new zone file, and revert to the old one if bind did not, and syslog an error when this happen. It should ensure bind never end up with a broken file after restart. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
