Hello Stuart, ports@,
latest isc-bind on OpenBSD 6.7 caught me off-guard with upgrading, as
CWD now must be writeable or it doesn't start at all. (there's a note on
packge install, but I missed it on package upgrade)
clean isc-bind on clean new OpenBSD 6.7 install still doesn't come up,
as it has relative paths and now CWD is /tmp (in chroot). Patch for
stock named.conf below, also console log with steps to reproduce.
Took me a while to fix all relative paths to absolute (from chroot point
of view) and also, DNSSEC was broken as managed-keys directive is now
deprecated. (had 2 keys there for the trust anchor))
removing managed-keys directive, stopping, deleting
/var/named/tmp/managed-keys.bind{,.jnl} and restarting fixed DNSSEC for
me. Clean package works with DNSSEC fine.
Maybe note in the upgrade guide might be helpful that paths need to be
absolute now in named.conf.
- console log on clean 6.7 in vmd below the patch
- dmesg below console log
Thank you for new release and have a nice day,
Jan
- patch for named.conf:
###
--- named.conf.orig Wed May 20 17:45:20 2020
+++ named.conf Wed May 20 17:45:56 2020
@@ -35,24 +35,24 @@
//
zone "." {
type hint;
- file "etc/root.hint";
+ file "/etc/root.hint";
};
zone "localhost" {
type master;
- file "standard/localhost";
+ file "/standard/localhost";
allow-transfer { localhost; };
};
zone "127.in-addr.arpa" {
type master;
- file "standard/loopback";
+ file "/standard/loopback";
allow-transfer { localhost; };
};
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
- file "standard/loopback6.arpa";
+ file "/standard/loopback6.arpa";
allow-transfer { localhost; };
};
@@ -61,13 +61,13 @@
//
//zone "myzone.net" {
// type master;
-// file "master/myzone.net";
+// file "/master/myzone.net";
//};
// Slave zones
//
//zone "otherzone.net" {
// type slave;
-// file "slave/otherzone.net";
+// file "/slave/otherzone.net";
// masters { 192.0.2.1; [...;] };
//};
###
## HOW TO REPRODUCE ISSUE:
bsd67# pkg_add isc-bind
quirks-3.325 signed on 2020-05-09T19:52:28Z
Ambiguous: choose package for isc-bind
a 0: <None>
1: isc-bind-9.16.2v0
2: isc-bind-9.16.2v0-geoip
Your choice: 1
isc-bind-9.16.2v0: ok
The following new rcscripts were installed: /etc/rc.d/isc_named
See rcctl(8) for details.
--- +isc-bind-9.16.2v0 -------------------
BIND: named 9.12+ insists that the "working directory" (inside the
/var/named chroot) is writable. Simplest fix if upgrading is probably
to add 'directory "/tmp";' to the options section of named.conf.
bsd67# rcctl enable isc_named
bsd67# rcctl start isc_named
isc_named(failed)
bsd67# tail -5 /var/log/messages
May 20 17:48:19 bsd67 named[76037]:
----------------------------------------------------
May 20 17:48:19 bsd67 named[76037]: max open files (7030) is smaller
than max sockets (21000)
May 20 17:48:19 bsd67 named[76037]: could not configure root hints from
'etc/root.hint': file not found
May 20 17:48:19 bsd67 named[76037]: loading configuration: file not
found
May 20 17:48:19 bsd67 named[76037]: exiting (due to fatal error)
vim /var/named/etc/named.conf # fix absolute paths
rcctl start isc_named
May 20 17:51:57 bsd67 named[40740]: max open files (7030) is smaller
than max sockets (21000)
May 20 17:51:57 bsd67 named[40740]: command channel listening on
127.0.0.1#953
May 20 17:51:57 bsd67 named[40740]: command channel listening on ::1#953
May 20 17:51:57 bsd67 named[40740]: all zones loaded
May 20 17:51:57 bsd67 named[40740]: running
May 20 17:51:57 bsd67 named[40740]: managed-keys-zone: Initializing
automatic trust anchor management for zone '.'; DNSKEY ID 20326 is now
trusted, waiving the normal 30-day waiting period.
May 20 17:51:58 bsd67 named[40740]: checkhints: b.root-servers.net/A
(199.9.14.201) missing from hints
May 20 17:51:58 bsd67 named[40740]: checkhints: b.root-servers.net/A
(192.228.79.201) extra record in hints
May 20 17:51:58 bsd67 named[40740]: checkhints: b.root-servers.net/AAAA
(2001:500:200::b) missing from hints
May 20 17:51:58 bsd67 named[40740]: checkhints: b.root-servers.net/AAAA
(2001:500:84::b) extra record in hints
May 20 17:51:58 bsd67 named[40740]: checkhints: h.root-servers.net/A
(198.97.190.53) missing from hints
May 20 17:51:58 bsd67 named[40740]: checkhints: h.root-servers.net/A
(128.63.2.53) extra record in hints
May 20 17:51:58 bsd67 named[40740]: checkhints: h.root-servers.net/AAAA
(2001:500:1::53) missing from hints
May 20 17:51:58 bsd67 named[40740]: checkhints: h.root-servers.net/AAAA
(2001:500:1::803f:235) extra record in hints
May 20 17:51:58 bsd67 named[40740]: checkhints: l.root-servers.net/AAAA
(2001:500:9f::42) missing from hints
May 20 17:51:58 bsd67 named[40740]: checkhints: l.root-servers.net/AAAA
(2001:500:3::42) extra record in hints
bsd67# dig +dnssec seznam.cz 127.0.0.1 | fgrep ad
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
### obligatory dmesg
OpenBSD 6.7 (GENERIC) #1: Sat May 16 16:07:20 MDT 2020
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1056956416 (1007MB)
avail mem = 1012457472 (965MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf3f40 (10 entries)
bios0: vendor SeaBIOS version "1.11.0p2-OpenBSD-vmm" date 01/01/2011
bios0: OpenBSD VMM
acpi at bios0 not configured
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.98 MHz, 06-2a-07
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,CX8,SEP,PGE,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,HV,NXE,LONG,LAHF,ITSC,MD_CLEAR,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
cpu0: using VERW MDS workaround
pvbus0 at mainbus0: OpenBSD
pvclock0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "OpenBSD VMM Host" rev 0x00
virtio0 at pci0 dev 1 function 0 "Qumranet Virtio RNG" rev 0x00
viornd0 at virtio0
virtio0: irq 3
virtio1 at pci0 dev 2 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio1: address fe:e1:bb:d1:eb:fb
virtio1: irq 5
virtio2 at pci0 dev 3 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio2
scsibus1 at vioblk0: 2 targets
sd0 at scsibus1 targ 0 lun 0: <VirtIO, Block Device, >
sd0: 20480MB, 512 bytes/sector, 41943040 sectors
virtio2: irq 6
virtio3 at pci0 dev 4 function 0 "OpenBSD VMM Control" rev 0x00
vmmci0 at virtio3
virtio3: irq 7
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns8250, no fifo
com0: console
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (76d13b8d30185ee8.a) swap on sd0b dump on sd0b
