Bug 229125 - dns/bind911 fatal error with LMDB and allow-new-zones in chrooted environment
Summary: dns/bind911 fatal error with LMDB and allow-new-zones in chrooted environment
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Mathieu Arnold
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-18 20:02 UTC by Tomáš Čiernik
Modified: 2018-08-31 12:30 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (mat)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tomáš Čiernik 2018-06-18 20:02:12 UTC
Hello,

I'm unable to start bind 9.11.3 on FreeBSD 10.4-RELEASE-p9 amd64. It is builded with default configuration options.

Steps to reproduce:

# portmaster dns/bind911
# mkdir -p /var/named/usr/local/etc
# cd /usr/local/etc/ && mv mv namedb /var/named/usr/local/etc/
# ln -s /var/named/usr/local/etc/namedb
# sysrc altlog_proglist+=named
# printf 'named_enable="YES"\nnamed_chrootdir="/var/named/"\n' >>/etc/rc.conf

add "allow-new-zones true;" into options section of /var/named/usr/local/etc/namedb/named.conf

# /usr/local/etc/rc.d/named start


Result:
Starting named.
/usr/local/etc/rc.d/named: WARNING: failed to start named

Content of /var/log/messages:
mdb_env_open of '_default.nzd' failed: No such file or directory
loading configuration: failure
exiting (due to fatal error)

Anyway, bind creates file _default.nzd-lock in directory /var/named/usr/local/etc/namedb/working

# ls -l /var/named/usr/local/etc/namedb/working/
total 8
-rw-------  1 root  wheel  8192 18 jún 21:27 _default.nzd-lock


bind has full access to his working directory

# ls -l /var/named/usr/local/etc/namedb/ | grep working
drwxr-xr-x  2 bind  wheel    512 18 jún 21:28 working/


Workaround:
1. remove allow-new-zones from named.conf
or
2. remove named_chrootdir from rc.conf
or
3. disable support for LMDB

With removed named_chrootdir bind creates files _default.nzd and _default.nzd-lock

# ls -l /var/named/usr/local/etc/namedb/working/
total 16
-rw-------  1 bind  wheel  8192 18 jún 21:30 _default.nzd
-rw-------  1 bind  wheel  8192 18 jún 21:30 _default.nzd-lock
Comment 1 Mathieu Arnold freebsd_committer 2018-06-20 15:03:22 UTC
If you remove named_chrootdir to create the two files, does it still work when you add it back?
Comment 2 Mathieu Arnold freebsd_committer 2018-06-20 15:08:29 UTC
Also, this:

# mkdir -p /var/named/usr/local/etc
# cd /usr/local/etc/ && mv mv namedb /var/named/usr/local/etc/
# ln -s /var/named/usr/local/etc/namedb

is quite strange, the rc script should do that for you automatically upon startup. Do you really require it?
Comment 3 Tomáš Čiernik 2018-06-24 13:17:52 UTC
(In reply to Mathieu Arnold from comment #1)
No, bind still complains about missing _default.nzd, although it exists in /var/named/usr/local/etc/namedb/working/
Comment 4 Tomáš Čiernik 2018-06-24 13:44:52 UTC
(In reply to Mathieu Arnold from comment #2)
You are right, running this manually is not necessary, but error remains the same.
Comment 5 Mathieu Arnold freebsd_committer 2018-08-24 11:49:29 UTC
Managed to find time today to figure out what was wrong, turns out it was totally not what I was expecting.

Thanks for the bug report.
Comment 6 commit-hook freebsd_committer 2018-08-24 11:50:39 UTC
A commit references this bug:

Author: mat
Date: Fri Aug 24 11:49:36 UTC 2018
New revision: 477957
URL: https://svnweb.freebsd.org/changeset/ports/477957

Log:
  Permit using allow-new-zones, LMDB, and a chrooted environment.

  Fixes this obscure and not at all helpful message:
  mdb_env_open of '_default.nzd' failed: No such file or directory

  PR:		229125
  Reported by:	Tom?? ?iernik
  MFH:		2018Q3

Changes:
  head/dns/bind9-devel/Makefile
  head/dns/bind9-devel/files/BIND.chroot.dist
  head/dns/bind911/Makefile
  head/dns/bind911/files/BIND.chroot.dist
  head/dns/bind912/Makefile
  head/dns/bind912/files/BIND.chroot.dist
  head/dns/bind913/Makefile
  head/dns/bind913/files/BIND.chroot.dist
Comment 7 commit-hook freebsd_committer 2018-08-24 11:50:41 UTC
A commit references this bug:

Author: mat
Date: Fri Aug 24 11:50:34 UTC 2018
New revision: 477958
URL: https://svnweb.freebsd.org/changeset/ports/477958

Log:
  MFH: r477957

  Permit using allow-new-zones, LMDB, and a chrooted environment.

  Fixes this obscure and not at all helpful message:
  mdb_env_open of '_default.nzd' failed: No such file or directory

  PR:		229125
  Reported by:	Tom?? ?iernik

Changes:
_U  branches/2018Q3/
  branches/2018Q3/dns/bind9-devel/Makefile
  branches/2018Q3/dns/bind9-devel/files/BIND.chroot.dist
  branches/2018Q3/dns/bind911/Makefile
  branches/2018Q3/dns/bind911/files/BIND.chroot.dist
  branches/2018Q3/dns/bind912/Makefile
  branches/2018Q3/dns/bind912/files/BIND.chroot.dist
  branches/2018Q3/dns/bind913/Makefile
  branches/2018Q3/dns/bind913/files/BIND.chroot.dist
Comment 8 Mathieu Arnold freebsd_committer 2018-08-24 11:52:18 UTC
All you will have to do is update to one of:

bind9-devel-9.13.1.a0.2018.08.17_1
bind911-9.11.4P1_1
bind912-9.12.2P1_1
bind913-9.13.2_1

and restart the service. (If you edited /usr/local/etc/mtree/BIND.chroot.dist you will have to merge the tmp directory.)
Comment 9 Tomáš Čiernik 2018-08-31 12:30:10 UTC
I can confirm this bug is solved. Thank you very much for your work!