Ubuntu
bind9 package

bind9 fails to start after dist-upgrade

Bug #1738179 reported by Zonia Harris
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
New
Undecided
Unassigned

Bug Description

Failing bind9 version: 1:9.10.3.dfsg.P4-8ubuntu1.9
Recovers when downgrading to: 1:9.10.3.dfsg.P4-8ubuntu1.8

After running a dist-upgrade on 16.04.3 LTS, bind9 was upgraded in the process and failed to start with a "crypto failure" after that. Rolling bind9 and its dependencies back to 1:9.10.3.dfsg.P4-8ubuntu1.8 solved the problem. Until this morning I have never had this problem with previous versions after a dist-upgrade.

To get bind9 running again, I had to downgrade all of the following packages with the following command:
apt-get install bind9=1:9.10.3.dfsg.P4-8ubuntu1.8 bind9utils=1:9.10.3.dfsg.P4-8ubuntu1.8 libbind9-140=1:9.10.3.dfsg.P4-8ubuntu1.8 libdns162=1:9.10.3.dfsg.P4-8ubuntu1.8 libisc160=1:9.10.3.dfsg.P4-8ubuntu1.8 libisccc140=1:9.10.3.dfsg.P4-8ubuntu1.8 libisccfg140=1:9.10.3.dfsg.P4-8ubuntu1.8 liblwres141=1:9.10.3.dfsg.P4-8ubuntu1.8

Host info:
# lsb_release -rd
Description: Ubuntu 16.04.3 LTS
Release: 16.04

amd64

# apt-cache policy bind9
bind9:
  Installed: 1:9.10.3.dfsg.P4-8ubuntu1.8
  Candidate: 1:9.10.3.dfsg.P4-8ubuntu1.9
  Version table:
     1:9.10.3.dfsg.P4-8ubuntu1.9 500
        500 http://mirrors.linode.com/ubuntu xenial-updates/main amd64 Packages
 *** 1:9.10.3.dfsg.P4-8ubuntu1.8 500
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1:9.10.3.dfsg.P4-8 500
        500 http://mirrors.linode.com/ubuntu xenial/main amd64 Packages

(was failing on 1:9.10.3.dfsg.P4-8ubuntu1.9, so you are seeing the rolled back policy result)

dpkg.log showing upgrade to 1:9.10.3.dfsg.P4-8ubuntu1.9:
2017-12-14 09:10:27 upgrade bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:27 status half-configured bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:27 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:27 status half-installed bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:27 status half-installed bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:27 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:27 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:28 upgrade bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:28 status half-configured bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status unpacked bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status half-installed bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status half-installed bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status unpacked bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:28 status unpacked bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:28 upgrade bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:28 status half-configured bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status unpacked bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status half-installed bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status half-installed bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status unpacked bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:28 status unpacked bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:28 upgrade libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:28 status half-configured libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status unpacked libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status half-installed libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status half-installed libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:28 status unpacked libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:28 status unpacked libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:30 upgrade bind9-doc:all 1:9.10.3.dfsg.P4-8ubuntu1.8 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:30 status half-configured bind9-doc:all 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:30 status unpacked bind9-doc:all 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:30 status half-installed bind9-doc:all 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:30 status half-installed bind9-doc:all 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 09:10:30 status unpacked bind9-doc:all 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:30 status unpacked bind9-doc:all 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 configure libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9 <none>
2017-12-14 09:10:45 status unpacked libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status half-configured libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status installed libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 configure bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9 <none>
2017-12-14 09:10:45 status unpacked bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status half-configured bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status installed bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 configure bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9 <none>
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:45 status half-configured bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:47 status installed bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:47 configure bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9 <none>
2017-12-14 09:10:47 status unpacked bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:47 status half-configured bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:47 status installed bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:47 configure bind9-doc:all 1:9.10.3.dfsg.P4-8ubuntu1.9 <none>
2017-12-14 09:10:47 status unpacked bind9-doc:all 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:47 status half-configured bind9-doc:all 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 09:10:47 status installed bind9-doc:all 1:9.10.3.dfsg.P4-8ubuntu1.9

syslog showing the failure to start bind9 after the uprade:
Dec 14 09:10:46 [REDACTED] systemd[1]: Stopping BIND Domain Name Server...
Dec 14 09:10:46 [REDACTED] systemd[1]: Stopped BIND Domain Name Server.
Dec 14 09:10:46 [REDACTED] systemd[1]: Started BIND Domain Name Server.
Dec 14 09:10:46 [REDACTED] named[5117]: starting BIND 9.10.3-P4-Ubuntu <id:ebd72b3> -f -u bind -t /chroot/named -c /etc/named.conf
Dec 14 09:10:46 [REDACTED] named[5117]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -DDIG_SIGCHASE'
Dec 14 09:10:46 [REDACTED] named[5117]: ----------------------------------------------------
Dec 14 09:10:46 [REDACTED] named[5117]: BIND 9 is maintained by Internet Systems Consortium,
Dec 14 09:10:46 [REDACTED] named[5117]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Dec 14 09:10:46 [REDACTED] named[5117]: corporation. Support and training for BIND 9 are
Dec 14 09:10:46 [REDACTED] named[5117]: available at https://www.isc.org/support
Dec 14 09:10:46 [REDACTED] named[5117]: ----------------------------------------------------
Dec 14 09:10:46 [REDACTED] named[5117]: adjusted limit on open files from 4096 to 1048576
Dec 14 09:10:46 [REDACTED] named[5117]: found 1 CPU, using 1 worker thread
Dec 14 09:10:46 [REDACTED] named[5117]: using 1 UDP listener per interface
Dec 14 09:10:46 [REDACTED] named[5117]: using up to 4096 sockets
Dec 14 09:10:46 [REDACTED] named[5117]: ENGINE_by_id failed (crypto failure)
Dec 14 09:10:46 [REDACTED] named[5117]: error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:233:
Dec 14 09:10:46 [REDACTED] named[5117]: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:467:
Dec 14 09:10:46 [REDACTED] named[5117]: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:390:id=gost
Dec 14 09:10:46 [REDACTED] named[5117]: initializing DST: crypto failure
Dec 14 09:10:46 [REDACTED] named[5117]: exiting (due to fatal error)
Dec 14 09:10:46 [REDACTED] systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Dec 14 09:10:46 [REDACTED] rndc[5123]: rndc: connect failed: 127.0.0.1#953: connection refused
Dec 14 09:10:46 [REDACTED] systemd[1]: bind9.service: Control process exited, code=exited status=1
Dec 14 09:10:46 [REDACTED] systemd[1]: bind9.service: Unit entered failed state.
Dec 14 09:10:46 [REDACTED] systemd[1]: bind9.service: Failed with result 'exit-code'.
Dec 14 09:10:47 [REDACTED] systemd[1]: Reloading.
Dec 14 09:10:47 [REDACTED] systemd[1]: message repeated 2 times: [ Reloading.]

dpkg.log showing the downgrade back to 1:9.10.3.dfsg.P4-8ubuntu1.8:
2017-12-14 10:07:06 status installed bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:06 remove bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9 <none>
2017-12-14 10:07:06 status half-configured bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:06 status half-installed bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:06 status config-files bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:06 status config-files bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:06 status config-files bind9-host:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:06 status not-installed bind9-host:amd64 <none>
2017-12-14 10:07:07 upgrade bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:07 status half-configured bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:07 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:07 status half-installed bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:07 status half-installed bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:08 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:08 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:08 upgrade bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:08 status half-configured bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:08 status unpacked bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:08 status half-installed bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:08 status half-installed bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:08 status unpacked bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:08 status unpacked bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:08 upgrade libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:08 status half-configured libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:08 status unpacked libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:08 status half-installed libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:08 status half-installed libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.9
2017-12-14 10:07:08 status unpacked libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:08 status unpacked libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 configure libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8 <none>
2017-12-14 10:07:10 status unpacked libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status half-configured libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status installed libbind9-140:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 configure bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8 <none>
2017-12-14 10:07:10 status unpacked bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status half-configured bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status installed bind9utils:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 configure bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8 <none>
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status unpacked bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:10 status half-configured bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8
2017-12-14 10:07:13 status installed bind9:amd64 1:9.10.3.dfsg.P4-8ubuntu1.8

syslog showing bind9 successfully starting up again after the downgrade:
Dec 14 10:07:10 [REDACTED] systemd[1]: Started BIND Domain Name Server.
Dec 14 10:07:10 [REDACTED] named[8598]: starting BIND 9.10.3-P4-Ubuntu <id:ebd72b3> -f -u bind
Dec 14 10:07:10 [REDACTED] named[8598]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -DDIG_SIGCHASE'
Dec 14 10:07:10 [REDACTED] named[8598]: ----------------------------------------------------
Dec 14 10:07:10 [REDACTED] named[8598]: BIND 9 is maintained by Internet Systems Consortium,
Dec 14 10:07:10 [REDACTED] named[8598]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Dec 14 10:07:10 [REDACTED] named[8598]: corporation. Support and training for BIND 9 are
Dec 14 10:07:10 [REDACTED] named[8598]: available at https://www.isc.org/support
Dec 14 10:07:10 [REDACTED] named[8598]: ----------------------------------------------------
Dec 14 10:07:10 [REDACTED] named[8598]: adjusted limit on open files from 4096 to 1048576
Dec 14 10:07:10 [REDACTED] named[8598]: found 1 CPU, using 1 worker thread
Dec 14 10:07:10 [REDACTED] named[8598]: using 1 UDP listener per interface
Dec 14 10:07:10 [REDACTED] named[8598]: using up to 4096 sockets
Dec 14 10:07:10 [REDACTED] named[8598]: loading configuration from '/etc/bind/named.conf'
Dec 14 10:07:12 [REDACTED] named[8598]: initializing GeoIP Country (IPv4) (type 1) DB
Dec 14 10:07:12 [REDACTED] named[8598]: GEO-106FREE 20160408 Bu
Dec 14 10:07:12 [REDACTED] named[8598]: initializing GeoIP Country (IPv6) (type 12) DB
Dec 14 10:07:12 [REDACTED] named[8598]: GEO-106FREE 20160408 Bu
Dec 14 10:07:12 [REDACTED] named[8598]: GeoIP City (IPv4) (type 2) DB not available
Dec 14 10:07:12 [REDACTED] named[8598]: GeoIP City (IPv4) (type 6) DB not available
Dec 14 10:07:12 [REDACTED] named[8598]: GeoIP City (IPv6) (type 30) DB not available
Dec 14 10:07:12 [REDACTED] named[8598]: GeoIP City (IPv6) (type 31) DB not available
Dec 14 10:07:12 [REDACTED] named[8598]: GeoIP Region (type 3) DB not available
Dec 14 10:07:12 [REDACTED] named[8598]: GeoIP Region (type 7) DB not available
Dec 14 10:07:12 [REDACTED] named[8598]: GeoIP ISP (type 4) DB not available
Dec 14 10:07:12 [REDACTED] named[8598]: GeoIP Org (type 5) DB not available
Dec 14 10:07:12 [REDACTED] named[8598]: GeoIP AS (type 9) DB not available
Dec 14 10:07:12 [REDACTED] named[8598]: GeoIP Domain (type 11) DB not available
Dec 14 10:07:12 [REDACTED] named[8598]: GeoIP NetSpeed (type 10) DB not available
Dec 14 10:07:12 [REDACTED] named[8598]: using default UDP/IPv4 port range: [32768, 60999]
Dec 14 10:07:12 [REDACTED] named[8598]: using default UDP/IPv6 port range: [32768, 60999]
Dec 14 10:07:12 [REDACTED] named[8598]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 14 10:07:12 [REDACTED] named[8598]: listening on IPv4 interface eth0, [REDACTED]#53
Dec 14 10:07:12 [REDACTED] named[8598]: listening on IPv4 interface eth0:1, [REDACTED]#53
Dec 14 10:07:12 [REDACTED] named[8598]: listening on IPv6 interface lo, ::1#53
Dec 14 10:07:12 [REDACTED] named[8598]: listening on IPv6 interface eth0, [REDACTED]#53
Dec 14 10:07:12 [REDACTED] named[8598]: listening on IPv6 interface eth0, [REDACTED]#53
Dec 14 10:07:12 [REDACTED] named[8598]: generating session key for dynamic DNS
Dec 14 10:07:12 [REDACTED] named[8598]: sizing zone task pool based on 46 zones
Dec 14 10:07:12 [REDACTED] named[8598]: set up managed keys zone for view _default, file 'managed-keys.bind'
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 10.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 16.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 17.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 18.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 19.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 20.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 21.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 22.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 23.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 24.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 25.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 26.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 27.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 28.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 29.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 30.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 31.172.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 168.192.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 64.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 65.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 66.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 67.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 68.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 69.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 70.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 71.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 72.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 73.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 74.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 75.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 76.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 77.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 78.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 79.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 80.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 81.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 82.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 83.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 84.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 85.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 86.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 87.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 88.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 89.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 90.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 91.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 92.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 93.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 94.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 95.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 96.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 97.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 98.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 99.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 100.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 101.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 102.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 103.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 104.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 105.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 106.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 107.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 108.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 109.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 110.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 111.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 112.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 113.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 114.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 115.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 116.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 117.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 118.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 119.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 120.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 121.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 122.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 123.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 124.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 125.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 126.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 127.100.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 0.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 254.169.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: D.F.IP6.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 8.E.F.IP6.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 9.E.F.IP6.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: A.E.F.IP6.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: B.E.F.IP6.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: automatic empty zone: EMPTY.AS112.ARPA
Dec 14 10:07:12 [REDACTED] named[8598]: command channel listening on 0.0.0.0#953
Dec 14 10:07:12 [REDACTED] named[8598]: the working directory is not writable
Dec 14 10:07:12 [REDACTED] named[8598]: 14-Dec-2017 10:07:12.506 general: all zones loaded
Dec 14 10:07:12 [REDACTED] named[8598]: 14-Dec-2017 10:07:12.508 general: running

I had to get the host recovered, as I have only one other master available right now and I am in the middle of a lot of overhauling of my infrastructure. If you want more debugging details, I could snapshot the same host and clone it to a new host, then do the upgrade again and get it back into the same bad state so as to gather more info for you.

Tags: bind9 crypto
Revision history for this message
Zonia Harris (stotch) wrote :
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Are you running it in a chroot? Could it be bug #1630025?

Also, could you share your /etc/default/bind9? The only thing that update did was source that file before starting the service. The previous version was ignoring that file entirely, and now it's not, so you might have been running bind9 with an assumption that those options were being applied and they were not.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Yep, see from your log:
working: Dec 14 10:07:10 [REDACTED] named[8598]: starting BIND 9.10.3-P4-Ubuntu <id:ebd72b3> -f -u bind

failing: Dec 14 09:10:46 [REDACTED] named[5117]: starting BIND 9.10.3-P4-Ubuntu <id:ebd72b3> -f -u bind -t /chroot/named -c /etc/named.conf

See the different command line options?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

It's a duplicate indeed, it can't load the gost engine id:
Dec 14 09:10:46 [REDACTED] named[5117]: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:390:id=gost

Revision history for this message
Zonia Harris (stotch) wrote :

Oh, yeah. Good catch. Yeah, I've never had bind chrooted work for me on Ubuntu since I migrated to Ubuntu last year. I just lock it down on isolated VMs firewalled off from the rest, instead. Would be nice to go back to chrooted bind, though.

I see, so the new package tries to chroot it and that is failing due to another known bug that is in the process of being fixed. Thanks for the info. I'll track that one.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.