Bug 229125

Summary: dns/bind911 fatal error with LMDB and allow-new-zones in chrooted environment
Product: Ports & Packages Reporter: Tomáš Čiernik <tomas>
Component: Individual Port(s)Assignee: Mathieu Arnold <mat>
Status: Closed FIXED    
Severity: Affects Only Me CC: tomas
Priority: --- Flags: bugzilla: maintainer-feedback? (mat)
Version: Latest   
Hardware: amd64   
OS: Any   

Description Tomáš Čiernik 2018-06-18 20:02:12 UTC 
Hello,

I'm unable to start bind 9.11.3 on FreeBSD 10.4-RELEASE-p9 amd64. It is builded with default configuration options.

Steps to reproduce:

# portmaster dns/bind911
# mkdir -p /var/named/usr/local/etc
# cd /usr/local/etc/ && mv mv namedb /var/named/usr/local/etc/
# ln -s /var/named/usr/local/etc/namedb
# sysrc altlog_proglist+=named
# printf 'named_enable="YES"\nnamed_chrootdir="/var/named/"\n' >>/etc/rc.conf

add "allow-new-zones true;" into options section of /var/named/usr/local/etc/namedb/named.conf

# /usr/local/etc/rc.d/named start


Result:
Starting named.
/usr/local/etc/rc.d/named: WARNING: failed to start named

Content of /var/log/messages:
mdb_env_open of '_default.nzd' failed: No such file or directory
loading configuration: failure
exiting (due to fatal error)

Anyway, bind creates file _default.nzd-lock in directory /var/named/usr/local/etc/namedb/working

# ls -l /var/named/usr/local/etc/namedb/working/
total 8
-rw-------  1 root  wheel  8192 18 jún 21:27 _default.nzd-lock


bind has full access to his working directory

# ls -l /var/named/usr/local/etc/namedb/ | grep working
drwxr-xr-x  2 bind  wheel    512 18 jún 21:28 working/


Workaround:
1. remove allow-new-zones from named.conf
or
2. remove named_chrootdir from rc.conf
or
3. disable support for LMDB

With removed named_chrootdir bind creates files _default.nzd and _default.nzd-lock

# ls -l /var/named/usr/local/etc/namedb/working/
total 16
-rw-------  1 bind  wheel  8192 18 jún 21:30 _default.nzd
-rw-------  1 bind  wheel  8192 18 jún 21:30 _default.nzd-lock
Comment 1 Mathieu Arnold freebsd_committer freebsd_triage 2018-06-20 15:03:22 UTC 
If you remove named_chrootdir to create the two files, does it still work when you add it back?
Comment 2 Mathieu Arnold freebsd_committer freebsd_triage 2018-06-20 15:08:29 UTC 
Also, this:

# mkdir -p /var/named/usr/local/etc
# cd /usr/local/etc/ && mv mv namedb /var/named/usr/local/etc/
# ln -s /var/named/usr/local/etc/namedb

is quite strange, the rc script should do that for you automatically upon startup. Do you really require it?
Comment 3 Tomáš Čiernik 2018-06-24 13:17:52 UTC 
(In reply to Mathieu Arnold from comment #1)
No, bind still complains about missing _default.nzd, although it exists in /var/named/usr/local/etc/namedb/working/
Comment 4 Tomáš Čiernik 2018-06-24 13:44:52 UTC 
(In reply to Mathieu Arnold from comment #2)
You are right, running this manually is not necessary, but error remains the same.
Comment 5 Mathieu Arnold freebsd_committer freebsd_triage 2018-08-24 11:49:29 UTC 
Managed to find time today to figure out what was wrong, turns out it was totally not what I was expecting.

Thanks for the bug report.
Comment 6 commit-hook freebsd_committer freebsd_triage 2018-08-24 11:50:39 UTC 
A commit references this bug:

Author: mat
Date: Fri Aug 24 11:49:36 UTC 2018
New revision: 477957
URL: https://svnweb.freebsd.org/changeset/ports/477957

Log:
  Permit using allow-new-zones, LMDB, and a chrooted environment.

  Fixes this obscure and not at all helpful message:
  mdb_env_open of '_default.nzd' failed: No such file or directory

  PR:		229125
  Reported by:	Tom?? ?iernik
  MFH:		2018Q3

Changes:
  head/dns/bind9-devel/Makefile
  head/dns/bind9-devel/files/BIND.chroot.dist
  head/dns/bind911/Makefile
  head/dns/bind911/files/BIND.chroot.dist
  head/dns/bind912/Makefile
  head/dns/bind912/files/BIND.chroot.dist
  head/dns/bind913/Makefile
  head/dns/bind913/files/BIND.chroot.dist
Comment 7 commit-hook freebsd_committer freebsd_triage 2018-08-24 11:50:41 UTC 
A commit references this bug:

Author: mat
Date: Fri Aug 24 11:50:34 UTC 2018
New revision: 477958
URL: https://svnweb.freebsd.org/changeset/ports/477958

Log:
  MFH: r477957

  Permit using allow-new-zones, LMDB, and a chrooted environment.

  Fixes this obscure and not at all helpful message:
  mdb_env_open of '_default.nzd' failed: No such file or directory

  PR:		229125
  Reported by:	Tom?? ?iernik

Changes:
_U  branches/2018Q3/
  branches/2018Q3/dns/bind9-devel/Makefile
  branches/2018Q3/dns/bind9-devel/files/BIND.chroot.dist
  branches/2018Q3/dns/bind911/Makefile
  branches/2018Q3/dns/bind911/files/BIND.chroot.dist
  branches/2018Q3/dns/bind912/Makefile
  branches/2018Q3/dns/bind912/files/BIND.chroot.dist
  branches/2018Q3/dns/bind913/Makefile
  branches/2018Q3/dns/bind913/files/BIND.chroot.dist
Comment 8 Mathieu Arnold freebsd_committer freebsd_triage 2018-08-24 11:52:18 UTC 
All you will have to do is update to one of:

bind9-devel-9.13.1.a0.2018.08.17_1
bind911-9.11.4P1_1
bind912-9.12.2P1_1
bind913-9.13.2_1

and restart the service. (If you edited /usr/local/etc/mtree/BIND.chroot.dist you will have to merge the tmp directory.)
Comment 9 Tomáš Čiernik 2018-08-31 12:30:10 UTC 
I can confirm this bug is solved. Thank you very much for your work!