init script doesn't handle rndc error properly

1) Ubuntu 9.04

2) 1:9.5.1.dfsg.P2-1

3) I have disabled the remote admin capability on my bind9 server using "controls {};"

I expected that I would still be able to both stop and to restart the bind9 server using the /etc/init.d/bind9 script. Furthermore I expected that if the init script was unable to do either of these things it would tell me that it had failed.

4) When I executed "/etc/init.d/bind9 stop" the following happened:

 * Stopping domain name service... bind9
rndc: connect failed: 127.0.0.1#953: connection refused
                                                                         [ OK ]

As you can see the init script printed "[ OK ]", which I interpreted to mean that it had successfully stopped bind9. Despite printing "[ OK ]" the bind9 server hadn't actually been stopped: `ps aux|grep named` confirmed this.

Ideally I would prefer if you fixed this bug by resorting to an alternative method of killing bind9, e.g. `kill $PID` if the rndc program fails. If you don't want to do that, then could you at least fix the init script so that it doesn't mistakenly print "[ OK ]".

(As an aside I discovered this bug when I executed "/etc/init.d/bind9 restart" and the following happened:

 * Stopping domain name service... bind9
rndc: connect failed: 127.0.0.1#953: connection refused
                                                                         [ OK ]
 * Starting domain name service... bind9 [ OK ]

This led me to believe that my configuration change to bind (enabling DNSSEC) had succeeded (because I saw the two OKs), and therefore I thought that my DNS lookups were now being protected by DNSSEC DLV validation, when they in fact weren't. I therefore consider this issue to be on the borderline of being a security vulnerability, because it led me to be believe that I had enabled a security feature when I had in fact not done so.)