Bug#775551: bind9: Bind freezes after few hours of operation with ldap plugin
Package: bind9
Version: 1:9.9.5.dfsg-8
Severity: important
Dear Maintainer,
I run bind with bind9-dyndb-ldap plugin, so I'm not sure if the problem is in
bind itself or the plugin but after few hours of operation, bind stops
resolving queries and responding to any commands sent via rndc. If I try to
restart it (with systemctl restart bind9.service) systemctl times out waiting
for bind to restart and kills it and starts again. I've checked the logs but
haven't found any problem there - bind just stops writing there. Tried to
increase logging level with rndc trace but with no effect.
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (650, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages bind9 depends on:
ii adduser3.113+nmu3
ii bind9utils 1:9.9.5.dfsg-8
ii debconf [debconf-2.0] 1.5.55
ii init-system-helpers1.22
ii libbind9-901:9.9.5.dfsg-8
ii libc6 2.19-13
ii libcap21:2.24-6
ii libcomerr2 1.42.12-1
ii libdns100 1:9.9.5.dfsg-8
ii libgssapi-krb5-2 1.12.1+dfsg-16
ii libisc95 1:9.9.5.dfsg-8
ii libisccc90 1:9.9.5.dfsg-8
ii libisccfg901:9.9.5.dfsg-8
ii libk5crypto3 1.12.1+dfsg-16
ii libkrb5-3 1.12.1+dfsg-16
ii liblwres90 1:9.9.5.dfsg-8
ii libssl1.0.01.0.1k-1
ii libxml22.9.2+dfsg1-1+b1
ii lsb-base 4.1+Debian13+nmu1
ii net-tools 1.60-26+b1
ii netbase5.3
bind9 recommends no packages.
Versions of packages bind9 suggests:
ii bind9-doc 1:9.9.5.dfsg-8
ii dnsutils1:9.9.5.dfsg-8
pn resolvconf none
pn ufw none
-- Configuration Files:
/etc/bind/named.conf.local changed:
/** /
options {
// turns on IPv6 for port 53, IPv4 is on by default for all ifaces
listen-on-v6 {any;};
// Put files that named is allowed to write in the data/ directory:
directory /var/cache/bind; // the default
dump-file data/cache_dump.db;
statistics-file data/named_stats.txt;
memstatistics-file data/named_mem_stats.txt;
forward first;
forwarders {
213.46.172.36;
213.46.172.37;
};
// Any host is permitted to issue recursive queries
allow-recursion { any; };
tkey-gssapi-keytab /etc/named.keytab;
pid-file /run/named/named.pid;
dnssec-enable yes;
};
/**/
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* By default, SELinux policy does not allow named to modify the /var/named
directory,
* so put the default debug log file in data/ :
*/
logging {
channel default_debug {
file data/named.run;
severity dynamic;
print-time yes;
};
};
// Dynamic DNS update
include /etc/bind/rndc.key;
controls { inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; };
/*zone . IN {
type hint;
file named.ca;
};*/
include /etc/bind/zones.rfc1918;
dynamic-db ipa {
library ldap.so;
arg uri ldapi://%2fvar%2frun%2fslapd-KASPAR-IN.socket;
arg base cn=dns, dc=kaspar,dc=in;
arg fake_mname budha.kaspar.in.;
arg auth_method sasl;
arg sasl_mech GSSAPI;
arg sasl_user DNS/budha.kaspar.in;
arg serial_autoincrement yes;
};
/etc/bind/zones.rfc1918 changed:
zone 16.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 17.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 18.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 19.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 20.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 21.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 22.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 24.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 25.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 26.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 27.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 28.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 29.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 30.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 31.172.in-addr.arpa { type master; file /etc/bind/db.empty; };
zone 168.192.in-addr.arpa { type master; file /etc/bind/db.empty; };
-- debconf information:
bind9/different-configuration-file:
bind9/run-resolvconf: false
bind9/start-as-user: bind
--
To UNSUBSCRIBE, email to
Bug#775551: bind9: Bind freezes after few hours of operation with ldap plugin
Some additional information. After bind stops responding, it still does
something. In log, there are records like:
17-Jan-2015 10:02:03.125 createfetch: bugs.debian.org A
17-Jan-2015 10:02:03.152 createfetch: print.kaspar.in A
17-Jan-2015 10:02:03.152 createfetch: print.kaspar.in
17-Jan-2015 10:02:03.169 createfetch: print A
17-Jan-2015 10:02:03.169 createfetch: print
17-Jan-2015 10:02:03.169 decrement_reference: delete from rbt: 0x7ff0c9f960e0
www.lideazeme.cz
but it doesn't resolve queries and respond to rndc. Strace looks like:
[pid 19269] futex(0x7ff0d2541afc, FUTEX_WAIT_PRIVATE, 33, NULL unfinished ...
[pid 11270] epoll_wait(8, unfinished ...
[pid 11269] restart_syscall(... resuming interrupted call ... unfinished ...
[pid 11268] futex(0x7ff0c9e86300, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ...
[pid 11267] futex(0x7ff0c29c89d0, FUTEX_WAIT, 19269, NULL unfinished ...
[pid 11266] futex(0x7ff0d252b0a4, FUTEX_WAIT_PRIVATE, 81987, NULL unfinished
...
[pid 11265] futex(0x7ff0d252b0a4, FUTEX_WAIT_PRIVATE, 81988, NULL unfinished
...
[pid 11266] ... futex resumed ) = -1 EAGAIN (Resource temporarily
unavailable)
[pid 11266] futex(0x7ff0d252b0a4, FUTEX_WAIT_PRIVATE, 81988, NULL unfinished
...
[pid 11264] rt_sigsuspend([], 8
unfinished ...
[pid 11270] ... epoll_wait resumed {{EPOLLIN, {u32=527, u64=527}}, {EPOLLIN,
{u32=524, u64=524}}, {EPOLLIN, {u32=525, u64=525}}, {EPOLLIN, {u32=526,
u64=526}}}, 64, -1) = 4
[pid 11270] futex(0x7ff0d252b0a4, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x7ff0d252b0a0,
{FUTEX_OP_SET, 0, FUTEX_OP_CMP_GT, 1}) = 1
[pid 11265] ... futex resumed ) = 0
[pid 11270] epoll_ctl(8, EPOLL_CTL_DEL, 527, 7ff0cb3fbe40 unfinished ...
[pid 11265] futex(0x7ff0d252b028, FUTEX_WAKE_PRIVATE, 1 unfinished ...
[pid 11270] ... epoll_ctl resumed ) = 0
[pid 11265] ... futex resumed ) = 0
[pid 11270] futex(0x7ff0d252b0a4, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x7ff0d252b0a0,
{FUTEX_OP_SET, 0, FUTEX_OP_CMP_GT, 1} unfinished ...
[pid 11265] recvmsg(527, unfinished ...
[pid 11270] ... futex resumed ) = 1
[pid 11266] ... futex resumed ) = 0
[pid 11270] epoll_ctl(8, EPOLL_CTL_DEL, 524, 7ff0cb3fbe40 unfinished ...
[pid 11266] futex(0x7ff0d252b028, FUTEX_WAKE_PRIVATE, 1 unfinished ...
[pid 11270] ... epoll_ctl resumed ) = 0
[pid 11266] ... futex resumed ) = 0
[pid 11270] epoll_ctl(8, EPOLL_CTL_DEL, 525, 7ff0cb3fbe40 unfinished ...
[pid 11266] recvmsg(524, unfinished ...
[pid 11270] ... epoll_ctl resumed ) = 0
[pid 11266] ... recvmsg resumed 0x7ff0cd3ffcf0, 0) = -1 EAGAIN (Resource
temporarily unavailable)
[pid 11270] epoll_ctl(8, EPOLL_CTL_DEL, 526, 7ff0cb3fbe40 unfinished ...
[pid 11266] write(7, \f\2\0\0\375\377\377\377, 8 unfinished ...
[pid 11270] ... epoll_ctl resumed ) = 0
[pid 11266] ... write resumed ) = 8
[pid 11270] epoll_wait(8, unfinished ...
[pid 11266] recvmsg(525, unfinished ...
[pid 11270] ... epoll_wait resumed {{EPOLLIN, {u32=6, u64=6}}}, 64, -1) = 1
[pid 11266] ... recvmsg resumed 0x7ff0cd3ffcf0, 0) = -1 EAGAIN (Resource
temporarily unavailable)
[pid 11270] read(6, unfinished ...
[pid 11266] write(7, \r\2\0\0\375\377\377\377, 8 unfinished ...
[pid 11270] ... read resumed \f\2\0\0\375\377\377\377, 8) = 8
[pid 11266] ... write resumed ) = 8
[pid 11270] epoll_ctl(8, EPOLL_CTL_ADD, 524, {EPOLLIN, {u32=524, u64=524}}
unfinished ...
[pid 11266] recvmsg(526, unfinished ...
[pid 11270] ... epoll_ctl resumed ) = 0
--
Michal Kašpar
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
