[Bug 223842] dns/bind912: fails to start, stating possibly wrong reason for this

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Nov 24 14:04:17 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223842

            Bug ID: 223842
           Summary: dns/bind912: fails to start, stating possibly wrong
                    reason for this
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: mat at FreeBSD.org
          Reporter: emz at norma.perm.ru
             Flags: maintainer-feedback?(mat at FreeBSD.org)
          Assignee: mat at FreeBSD.org

dns/bind912 from recent ports.

Fails to start:

Nov 24 15:49:53 g1fw1 named[26422]: starting BIND 9.12.0b2 <id:5b1e929>
Nov 24 15:49:53 g1fw1 named[26422]: running on FreeBSD amd64 11.1-RELEASE
FreeBSD 11.1-RELEASE #0 r321309: Fri Jul 21 02:08:28 UTC 2017    
root at releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
Nov 24 15:49:53 g1fw1 named[26422]: built with '--localstatedir=/var'
'--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random'
'--with-libxml2=/usr/local' '--with-readline=-L/usr/local/lib -ledit'
'--with-dlopen=yes' '--sysconfdir=/usr/local/etc/namedb' '--disable-dnstap'
'--disable-filter-aaaa' '--disable-fixed-rrset' '--without-geoip'
'--with-idn=/usr/local' '--enable-ipv6' '--with-libjson' '--disable-largefile'
'--with-lmdb' '--with-python=/usr/local/bin/python2.7' '--disable-querytrace'
'--enable-rpz-nsdname' '--enable-rpz-nsip' 'STD_CDEFINES=-DDIG_SIGCHASE=1'
'--enable-threads' '--without-gssapi' '--with-openssl=/usr'
'--disable-native-pkcs11' '--with-dlz-filesystem=yes' '--without-gost'
'--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/'
'--build=amd64-portbld-freebsd11.1' 'build_alias=amd64-portbld-freebsd11.1'
'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector -isystem
/usr/local/include -fno-strict-aliasing' 'LDFLAGS= -fstack-protector'
'LIBS=-L/usr/l
Nov 24 15:49:53 g1fw1 named[26422]: running as: named -t /var/named -u bind -c
/usr/local/etc/namedb/named.conf
Nov 24 15:49:53 g1fw1 named[26422]:
----------------------------------------------------
Nov 24 15:49:53 g1fw1 named[26422]: BIND 9 is maintained by Internet Systems
Consortium,
Nov 24 15:49:53 g1fw1 named[26422]: Inc. (ISC), a non-profit 501(c)(3)
public-benefit 
Nov 24 15:49:53 g1fw1 named[26422]: corporation.  Support and training for BIND
9 are 
Nov 24 15:49:53 g1fw1 named[26422]: available at https://www.isc.org/support
Nov 24 15:49:53 g1fw1 named[26422]:
----------------------------------------------------
Nov 24 15:49:53 g1fw1 named[26422]: found 8 CPUs, using 8 worker threads
Nov 24 15:49:53 g1fw1 named[26422]: using 7 UDP listeners per interface
Nov 24 15:49:53 g1fw1 named[26422]: using up to 4096 sockets
Nov 24 15:49:53 g1fw1 named[26422]: loading configuration from
'/usr/local/etc/namedb/named.conf'
Nov 24 15:49:53 g1fw1 named[26422]: reading built-in trusted keys from file
'/usr/local/etc/namedb/bind.keys'
Nov 24 15:49:53 g1fw1 named[26422]: using default UDP/IPv4 port range: [49152,
65535]
Nov 24 15:49:53 g1fw1 named[26422]: using default UDP/IPv6 port range: [49152,
65535]
Nov 24 15:49:53 g1fw1 named[26422]: listening on IPv4 interface ix0,
10.0.4.2#53
Nov 24 15:49:53 g1fw1 named[26422]: listening on IPv4 interface ix0,
10.0.4.1#53
Nov 24 15:49:53 g1fw1 named[26422]: listening on IPv4 interface ix1,
92.223.102.252#53
Nov 24 15:49:53 g1fw1 named[26422]: listening on IPv4 interface ix1,
92.223.102.251#53
Nov 24 15:49:53 g1fw1 named[26422]: listening on IPv6 interface lo0, ::1#53
Nov 24 15:49:53 g1fw1 named[26422]: listening on IPv6 interface lo0,
fe80::1%5#53
Nov 24 15:49:53 g1fw1 named[26422]: listening on IPv4 interface lo0,
127.0.0.1#53
Nov 24 15:49:53 g1fw1 named[26422]: listening on IPv4 interface gre0,
172.16.0.7#53
Nov 24 15:49:53 g1fw1 named[26422]: generating session key for dynamic DNS
Nov 24 15:49:53 g1fw1 named[26422]: sizing zone task pool based on 6 zones
Nov 24 15:49:53 g1fw1 named[26422]: none:102: 'max-cache-size 90%' - setting to
14553MB (out of 16170MB)
Nov 24 15:49:53 g1fw1 named[26422]: set up managed keys zone for view internal,
file 'internal.mkeys'
Nov 24 15:49:53 g1fw1 named[26422]: none:102: 'max-cache-size 90%' - setting to
14553MB (out of 16170MB)
Nov 24 15:49:53 g1fw1 named[26422]: set up managed keys zone for view external,
file 'external.mkeys'
Nov 24 15:49:53 g1fw1 named[26422]: none:102: 'max-cache-size 90%' - setting to
14553MB (out of 16170MB)
Nov 24 15:49:53 g1fw1 named[26422]: command channel listening on 127.0.0.1#953
Nov 24 15:49:53 g1fw1 named[26422]: the working directory is not writable
Nov 24 15:49:53 g1fw1 named[26422]: loading configuration: permission denied
Nov 24 15:49:53 g1fw1 named[26422]: exiting (due to fatal error)
===Cut===

Yup, I know what it looks like. It looks like it cannot load the named.conf or
zones. But the fact is he can - ktrace shows it loads the named.conf
(furthermore, when it cannot load named.conf it gives explicit error about
inability to load named.conf), but not the zones. Sources search doesn't give
the reason, I even failed to locate the source file saying "loading
configuration:" (only "loading configuration from '%s" and "reloading
configuration"), and I've tested named.conf opening under bind user temporarily
given a login shell - it's clear that he can read this file.

Furthermore running bind912 without the chroot and under the root user also
doesn't resolve this, thus so far I failed to determine the reason, so I'm
sending this PR.

Also a minor bug: dns/bind911 also requires /var/named directory, and it's not
created automatically inside a chroot. In this case it complains about: 

error writing NTA file for view %VIEVNAME: permission denied

Btw I've tested whether this is the reason of a fatal error - nope, creating
/var/named inside a chroot doesn't resolve this.

Workaround: use dns/bind911 or dns/bin910 or dns/bind99, - all of them work
just fine on the same set of configuration files.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list