MIME-Version: 1.0 X-RT-Interface: Email Date: Sun, 9 Jul 2017 07:17:00 -0500 Content-Disposition: inline In-Reply-To: Organization: RTFM Message-ID: <20170709121659.GK32555@harrier.slackbuilds.org> Delivered-To: bind9-confidential@bugs.isc.org X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id E9911D78A8E for ; Sun, 9 Jul 2017 12:17:08 +0000 (UTC) Received: from harrier.slackbuilds.org (harrier.slackbuilds.org [207.223.116.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 9235F349315 for ; Sun, 9 Jul 2017 12:17:02 +0000 (UTC) Received: by harrier.slackbuilds.org (Postfix, from userid 1002) id 3x56lw3KXkz5vPL; Sun, 9 Jul 2017 12:17:00 +0000 (UTC) X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.0 References: <8a9f39a61a31c37e93ed7fb7d438846c@nodns4.us> <20170601194236.GA76949@isc.org> <20170602111230.GJ8339@harrier.slackbuilds.org> <20170617002055.GR8339@harrier.slackbuilds.org> X-RT-Original-Encoding: utf-8 From: "Chuck Aurora" User-Agent: Mutt/1.5.23 (2014-03-12) X-RT-Incoming-Encryption: Not encrypted Subject: Re: [ISC-Bugs #45310] BIND 9.11.1 - rndc reconfig wipes out catalog zone slaves To: "Mark Andrews via RT" From ca-isc@nodns4.us Sun Jul 9 12:17:09 2017 X-Original-To: bind9-confidential@bugs.isc.org Return-Path: content-type: text/plain; charset="utf-8" RT-Message-ID: Content-Length: 2153 On Sun, Jul 09, 2017 at 05:28:54AM +0000, Mark Andrews via RT wrote: > On Fri Jul 07 03:28:51 2017, michal wrote: Michal? We haven't met; pleased to "meet" you. Oh, and BTW, I did not get that message from RT on Thu/Fri. I recently enabled DANE on my email, just wondered if that could explain why I didn't get it? > > I managed to reproduce this. I do not think there are any > > extraordinary prerequisites for triggering this bug: AFAICT, all > > it takes is to run "rndc reconfig" on a server that slaves a > > catalog zone. Yep, that's the way it seemed here. > > The problem is caused by a bug in catz code: when named is > > reconfigured, configure_catz_zone() calls dns_catz_add_zone(), > > which should return ISC_R_EXISTS if the catalog zone in question > > already existed before; instead, dns_catz_add_zone() returns > > ISC_R_SUCCESS in such case (due to the result variable being > > inadvertently overwritten after it is set to ISC_R_EXISTS), which > > causes configure_catz_zone() to skip attaching member zones > > present in the catalog zone to the reconfigured view, ultimately > > causing them to be removed from configuration. I was unable to > > come up with any reasonable configuration-level workaround. My only workaround is runtime, to stop and start named rather than reconfig or reload. > > This bug seems to have been present in the code ever since > > catalog zones were initially implemented in 7a00d69909. In fact, > > the catz system test in its current form is causing this bug to > > be triggered, it is just not aware of it. > > > > Furthermore, the relevant code branch in configure_catz_zone() > > contains a reference counting bug which will prevent a slave > > using catalog zones from being properly shut down after it is > > reconfigured. > > > > All the above issues are addressed in branch rt45310, please > > review. Sounds great, thank you! > Looks fine. I have been poking around at the git repo online, but did not find how to get the rt45310 branch. Is it not yet in the public repo? Mark or Michal or someone, can I get a patch to try? Thanks again. -- Chuck