Ubuntu
bind9 package

postinst should validate config before restarting bind

Bug #1492212 reported by James Troup
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
bind9 (Debian)
New
Unknown
bind9 (Ubuntu)
Triaged
Low
Unassigned

Bug Description

We recently had a bind9 package upgrade take out DNS services for a
production cloud because named failed to come up after the postinst
restarted it. So obviously, a) our DNS shouldn't be a SPOF and b) we
shouldn't let our config files get into a state where named refuses to
start, but, with that said, the bind9 postinst could be more robust
against this kind of failure mode.

Specifically it could run named-checkconf against /etc/bind/named.conf
and, if it returns 1, either:

 a) skip the restart and scream loudly to warn the admin

or

 b) abort the package install by erroring out of the postinst at that point

Revision history for this message
Robie Basak (racb) wrote :

Thanks James.

I think I favour b) since a) would only be noticed by someone watching console output. Though having said that, the situation wouldn't be any worse than before the postinst was run.

This needs to be forwarded to Debian.

Changed in bind9 (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
tags: added: needs-upstream-report
Athos Ribeiro (athos-ribeiro)
tags: removed: needs-upstream-report
Athos Ribeiro (athos-ribeiro)
Changed in bind9 (Ubuntu):
assignee: nobody → Athos Ribeiro (athos-ribeiro)
Bug Watch Updater (bug-watch-updater)
Changed in bind9 (Debian):
status: Unknown → New
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

@Athos - this still is assigned to you, did you have a chance to look at it, was it aborted for some reason, ... ?

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

I did submit a patch (attached) upstream at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995310

The proposal is available in a PPA at

https://launchpad.net/~athos-ribeiro/+archive/ubuntu/bind9-validate-config/+packages

The idea is to run a simple configuration validation before the systemd debhelper hooks run in the postinst script. In case the validation fails, the service will not be restarted and the upgrade will stay in a config failed state. Thoughts?

Note that I did not craete an MP for the git Ubuntu repository yet, since this patch is a draft to start a discussion around the issue. Moreover, it would be nice to hear the thoughts of the Debian maintainer before we proceed with this one.

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

A simple test can be performed with the following steps:

On a jammy machine

- Install bind9
- Upgrade to the proposed version
- Verify the upgrade succeeds and the service is running

On a jammy machine

- Install bind9
- add "foo bar" to the last line of /etc/bind/named.conf
- Upgrade to the proposed version
- Verify the upgrade exits with an error status, such as

/etc/bind/named.conf:13: unknown option 'foo'
/etc/bind/named.conf:14: unexpected token near end of file
dpkg: error processing package bind9 (--configure):
 installed bind9 package post-installation script subprocess returned error exit status 1

- Verify that the service is still running (no disruption).

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "validate-config.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Mathew Hodson (mhodson)
tags: added: patch-forwarded-debian
Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Hi Athos, hope you're still working on this one? :D

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

I unassigned it for now and set the priority to low. A patch has been forwarded to Debian and it would be nice to have their input on this one before creating a delta changing how the service behaves just to (possibly) revert/change it again later.

Changed in bind9 (Ubuntu):
assignee: Athos Ribeiro (athos-ribeiro) → nobody
importance: Medium → Low
Revision history for this message
Julian Andres Klode (juliank) wrote :

Per previous comment the patch does not appear ready for inclusion yet, so I am unsubscribing ubuntu-sponsors.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.