defaults file is ignored

Bug #1565060 reported by ben thielsen on 2016-04-01
72
This bug affects 12 people
Affects Status Importance Assigned to Milestone
bind9 (Debian)
New
Unknown
bind9 (Ubuntu)
High
Unassigned
Xenial
Medium
Andreas Hasenack
Yakkety
Undecided
Unassigned
Zesty
Medium
Andreas Hasenack

Bug Description

[Impact]

Server start up options set in /etc/default/bind9 via the OPTIONS variable are ignored.

The fix is to have the systemd service file source that file and use the given OPTIONS value. This is already being done in Ubuntu Artful and higher. The fix here is the same.

[Test Case]

# install bind9
$ sudo apt install bind9

# start it up
$ sudo service bind9 start

# inspect the command line of the process:
$ ps fxaw|grep named|grep -v grep
  396 ? Ssl 0:00 /usr/sbin/named -f -u bind

# edit /etc/default/bind9 and include "-4" to the OPTIONS value so it looks like this:
# startup options for the server
OPTIONS="-4 -u bind"

# restart bind9
sudo service bind9 restart

# inspect the process command line again. Only the fixed version of the package will include the newly added "-4" parameter:
$ ps fxaw|grep named|grep -v grep
17891 ? Ssl 0:00 /usr/sbin/named -f -4 -u bind

[Regression Potential]
Administrators who have for some reason altered the defaults file with an incorrect value for OPTIONS might be surprised after this update, since now that file is actually parsed and if it's indeed incorrect, the service may fail to start.

[Other Info]
None at this time.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in bind9 (Ubuntu):
status: New → Confirmed
Thomas (t.c) wrote :

same problem in 16.04 :(

defaults are ignored, so no RESOLVCONF and no OPTIONS possible!

Pls, pls ..... fix this :)

Thanks

tags: added: regression-release xenial
tags: added: wily
tags: added: systemd
Thomas (t.c) wrote :

for those who need a workaround, I share my working config:

root@proxy:~# cat /lib/systemd/system/bind9.service
[Unit]
Description=BIND Domain Name Server
Documentation=man:named(8)
After=network.target

[Service]
ExecStart=/usr/sbin/named -f -4 -u bind
ExecStartPre=/bin/sh -ec 'echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.named'
ExecReload=/usr/sbin/rndc reload
ExecStop=/usr/sbin/rndc stop
ExecStopPost=/sbin/resolvconf -d lo.named

[Install]
WantedBy=multi-user.target

Changed in bind9 (Ubuntu):
importance: Undecided → High
Thomas (t.c) wrote :

the resolution from debian is okay, but skips the RESOLVCONF problem.

Changed in bind9 (Debian):
status: Unknown → New
LaMont Jones (lamont) on 2016-12-07
Changed in bind9 (Ubuntu):
status: Confirmed → Fix Committed
Changed in bind9 (Debian):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in bind9 (Ubuntu Xenial):
status: New → Confirmed
Changed in bind9 (Ubuntu Yakkety):
status: New → Confirmed
Per Heldal (heldal) wrote :

This bug affects among others anyone with intermittent or permanent ipv6 routing problems. Most documented workarounds for ipv6-problems in dual-stack configurations hint at disabling ipv6 in /etc/default/bind9, but that won't work when the file is ignored when systemd is in control of the processes. My suggestion is thus to edit the service-file for bind9 to include the defaults-file, and thus maintain backward compatibility with most of the published documentation. The following service-section in /lib/systemd/system/bind9.service seems to do the job:

[Service]
EnvironmentFile=-/etc/default/bind9
ExecStart=/usr/sbin/named -f $OPTIONS
ExecReload=/usr/sbin/rndc reload
ExecStop=/usr/sbin/rndc stop

Fleish (lasnchpad) wrote :

Is the debian fix ever going to get released to jessie (a.k.a. current oldstable)?

Changed in bind9 (Ubuntu Yakkety):
status: Confirmed → Won't Fix
Andreas Hasenack (ahasenack) wrote :

Confirmed also for zesty. Artful and higher are fixed.

Yakkety is end of life.

Changed in bind9 (Ubuntu Xenial):
status: Confirmed → In Progress
Changed in bind9 (Ubuntu Zesty):
status: New → In Progress
Changed in bind9 (Ubuntu Xenial):
assignee: nobody → Andreas Hasenack (ahasenack)
Changed in bind9 (Ubuntu Zesty):
assignee: nobody → Andreas Hasenack (ahasenack)
Changed in bind9 (Ubuntu Zesty):
importance: Undecided → Low
Changed in bind9 (Ubuntu Xenial):
importance: Undecided → Low
Changed in bind9 (Ubuntu Zesty):
importance: Low → Medium
Changed in bind9 (Ubuntu Xenial):
importance: Low → Medium
description: updated

Checked the MPs - all LGTM.
I had one off-topic question for ahasenack there, but this doesn't affect these fixes.
Sponsored into the SRU -unapproved queue.

Andreas Hasenack (ahasenack) wrote :

For the RESOLVCONF issue, let's please continue the discussion in this other bug: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1600210

Hello ben, or anyone else affected,

Accepted bind9 into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-10.1ubuntu5.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in bind9 (Ubuntu Zesty):
status: In Progress → Fix Committed
Changed in bind9 (Ubuntu):
status: Fix Committed → Fix Released
tags: added: verification-needed verification-needed-zesty
Changed in bind9 (Ubuntu Xenial):
status: In Progress → Fix Committed
Chris J Arges (arges) wrote :

Hello ben, or anyone else affected,

Accepted bind9 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed-xenial
Simon Déziel (sdeziel) wrote :

On Xenial, I added "-n1" to the OPTIONS in /etc/default/bind9 then restart bind9 and didn't see the new argument:

# ps aux| grep named
bind 667 0.1 15.3 206588 27156 ? Ssl 12:20 0:00 /usr/sbin/named -f -u bind

Upgraded:

The following packages will be upgraded:
   bind9 (1:9.10.3.dfsg.P4-8ubuntu1.8 => 1:9.10.3.dfsg.P4-8ubuntu1.9)

Then the arg is now showing up as expected:

# ps aux| grep named
bind 10720 0.0 15.0 206328 26584 ? Ssl 12:24 0:00 /usr/sbin/named -f -n1 -u bind

tags: added: verification-done-xenial
removed: verification-needed-xenial
Andreas Hasenack (ahasenack) wrote :

Zesty verification.

Service running:
 1951 ? Ssl 0:00 /usr/sbin/named -f -u bind

Adding -4 to OPTIONS in /etc/default/bind9 and restarting, the option is ignored:

ubuntu@zesty-bind9-defaults-1565060:~$ sudo vi /etc/default/bind9
ubuntu@zesty-bind9-defaults-1565060:~$ sudo service bind9 restart
ubuntu@zesty-bind9-defaults-1565060:~$ ps fxaw|grep named|grep -v grep
 1989 ? Ssl 0:00 /usr/sbin/named -f -u bind

Installing package from proposed:
  Version table:
 *** 1:9.10.3.dfsg.P4-10.1ubuntu5.3 500
        500 http://br.archive.ubuntu.com/ubuntu zesty-proposed/main amd64 Packages

Just installing it is enough, since the service is restarted in postinst:
ubuntu@zesty-bind9-defaults-1565060:~$ ps faxw|grep named|grep -v grep
 3208 ? Ssl 0:00 /usr/sbin/named -f -4 -u bind

Verification for zesty completed successfully.

tags: added: verification-done-zesty
removed: verification-needed-zesty
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.9

---------------
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.9) xenial; urgency=medium

  * d/bind9.service: source the defaults file and start the daemon with the
    options set there (LP: #1565060).

 -- Andreas Hasenack <email address hidden> Mon, 06 Nov 2017 17:26:27 -0200

Changed in bind9 (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for bind9 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.10.3.dfsg.P4-10.1ubuntu5.3

---------------
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu5.3) zesty; urgency=medium

  * d/bind9.service: source the defaults file and start the daemon with the
    options set there (LP: #1565060).

 -- Andreas Hasenack <email address hidden> Mon, 06 Nov 2017 17:41:19 -0200

Changed in bind9 (Ubuntu Zesty):
status: Fix Committed → Fix Released
Changed in bind9 (Debian):
status: Fix Committed → New
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.