On Sun, Jul 09, 2017 at 05:28:54AM +0000, Mark Andrews via RT wrote:
> On Fri Jul 07 03:28:51 2017, michal wrote:

Michal?  We haven't met; pleased to "meet" you.  Oh, and BTW, I did 
not get that message from RT on Thu/Fri.  I recently enabled DANE on 
my email, just wondered if that could explain why I didn't get it?

> > I managed to reproduce this.  I do not think there are any 
> > extraordinary prerequisites for triggering this bug: AFAICT, all 
> > it takes is to run "rndc reconfig" on a server that slaves a 
> > catalog zone.

Yep, that's the way it seemed here.

> > The problem is caused by a bug in catz code: when named is 
> > reconfigured, configure_catz_zone() calls dns_catz_add_zone(), 
> > which should return ISC_R_EXISTS if the catalog zone in question 
> > already existed before; instead, dns_catz_add_zone() returns 
> > ISC_R_SUCCESS in such case (due to the result variable being 
> > inadvertently overwritten after it is set to ISC_R_EXISTS), which 
> > causes configure_catz_zone() to skip attaching member zones 
> > present in the catalog zone to the reconfigured view, ultimately 
> > causing them to be removed from configuration.  I was unable to 
> > come up with any reasonable configuration-level workaround.

My only workaround is runtime, to stop and start named rather than 
reconfig or reload.

> > This bug seems to have been present in the code ever since 
> > catalog zones were initially implemented in 7a00d69909.  In fact, 
> > the catz system test in its current form is causing this bug to 
> > be triggered, it is just not aware of it.
> > 
> > Furthermore, the relevant code branch in configure_catz_zone() 
> > contains a reference counting bug which will prevent a slave 
> > using catalog zones from being properly shut down after it is 
> > reconfigured.
> > 
> > All the above issues are addressed in branch rt45310, please 
> > review.

Sounds great, thank you!

> Looks fine.

I have been poking around at the git repo online, but did not find 
how to get the rt45310 branch.  Is it not yet in the public repo?
Mark or Michal or someone, can I get a patch to try?

Thanks again.
-- 
Chuck