BIND ignores nanoseconds field in timestamps, fails to load newer versions of zones on reload

Bug #1553176 reported by LaMont Jones on 2016-03-04
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
BIND
Undecided
Unassigned
MAAS
Undecided
Unassigned
1.9
High
Unassigned
bind9 (Ubuntu)
High
LaMont Jones
Trusty
Undecided
LaMont Jones
Xenial
Undecided
Unassigned

Bug Description

Since 2.6, linux has supported nanosecond granular time in stat(2) returns. BIND has a comment in the code that it might use it, but continues to ignore it.

As of 9.9.3b2, named checks the time of (at least) zone files on disk (expanding to include include files in 9.10.0a2). Because the check is only done to a granularity of seconds, changing the zone file twice in the same second can cause BIND to decide that it need not reload the zone, even though it is out of date.

[Impact]

 * If a zone file is changed (generally by automated processes) more than once in a second, bind9 happily thinks it has already loaded the zone. A trivial demonstration of the bug can be seen at paste.ubuntu.com/23921121/ -- http://paste.ubuntu.com/23921176/ is the same test with the fixed code. Making this a test case is somewhat problematic in that it needs to make sure that they happen inside of the same second.

 * MAAS is exactly the sort of use case that hits this bug.

 * The upload changes BIND's utility function to actual use the st_mtim.tv_nsec instead of '0'.

[Test Case]

 * See the pastebin above. (Change a zone file and reload it, and then do it again less than a second later.)

[Regression Potential]

 * Ignoring the whole "rebuilds sometimes break things", the most likely regression would be one where something was either relying on BIND not reloading the dozone (unlikely), or otherwise relying on the modify time on a zone file to some arbitrary value.

[Other Info]

  This bug was fixed in 1:9.10.3.dfsg.P2-5, which landed in xenial March 2016.

Related branches

LaMont Jones (lamont) wrote :
LaMont Jones (lamont) wrote :

Fixed in 1:9.10.3.dfsg.P2-5

Changed in bind9 (Ubuntu):
importance: Undecided → High
status: New → Fix Released
LaMont Jones (lamont) wrote :

This also affects 9.9.5 in trusty and later.

Changed in bind9 (Ubuntu):
milestone: none → trusty-updates
status: Fix Released → Confirmed
tags: added: patch
LaMont Jones (lamont) wrote :

Fixed in alpha2

Changed in maas:
milestone: none → 2.0.0
status: New → Fix Committed
LaMont Jones (lamont) wrote :

The Ubuntu (and Debian) tree for BIND includes a patch in 9.10 that fixes this, and the bug has been filed upstream.

Changed in bind:
status: New → Fix Committed
Changed in bind9 (Ubuntu):
assignee: nobody → LaMont Jones (lamont)
Changed in bind:
status: Fix Committed → Fix Released
Changed in maas:
status: Fix Committed → Fix Released
LaMont Jones (lamont) on 2017-02-03
description: updated
LaMont Jones (lamont) on 2017-02-03
description: updated
Changed in bind9 (Ubuntu Xenial):
status: New → Fix Released

Hello LaMont, or anyone else affected,

Accepted bind9 into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.12 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in bind9 (Ubuntu Trusty):
status: New → Fix Committed
tags: added: verification-needed
Changed in bind9 (Ubuntu):
status: Confirmed → Fix Released
Changed in bind9 (Ubuntu Trusty):
assignee: nobody → LaMont Jones (lamont)
LaMont Jones (lamont) wrote :

Verified trusty using the same test as found in http://paste.ubuntu.com/23921176/

tags: added: verification-done
removed: verification-needed
Changed in bind9 (Ubuntu Trusty):
milestone: none → trusty-updates

The verification of the Stable Release Update for bind9 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.9.5.dfsg-3ubuntu0.12

---------------
bind9 (1:9.9.5.dfsg-3ubuntu0.12) trusty; urgency=medium

  * Backport (70_precise_mtime.diff) 18b87b2a58d422fe4d3073540bf89b5a812ed2e5
    to trusty. LP: #1553176

 -- LaMont Jones <email address hidden> Fri, 03 Feb 2017 13:13:21 -0700

Changed in bind9 (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers