Ubuntu
bind9 package

rndc stats: connection to remote host closed. login failed

Bug #2012065 reported by Celtic
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

we have 2 ubuntu servers:
- first: 20.04 LTS
- second first vm cloned and updated to 22.04

Bind is running on both machines. Same config. "rndc-confgen -a" executed on second vm.

first vm:

root@prodsmtp0001l:~# rndc stats
root@prodsmtp0001l:~#

second vm:
root@prodsmtp0002l:/etc/bind# rndc stats
rndc: connection to remote host closed.
* This may indicate that the
* remote server is using an older
* version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized,
* the key signing algorithm is incorrect
* or the key is invalid.
root@prodsmtp0002l:/etc/bind#

strace:

root@prodsmtp0001l:~# cat /etc/bind/20.log
stat("/etc/bind/rndc.conf", 0x7ffc771f1ac0) = -1 ENOENT (No such file or directory)
stat("/etc/bind/rndc.key", {st_mode=S_IFREG|0640, st_size=100, ...}) = 0
openat(AT_FDCWD, "/etc/bind/rndc.key", O_RDONLY) = 8
fstat(8, {st_mode=S_IFREG|0640, st_size=100, ...}) = 0
read(8, "key \"rndc-key\" {\n\talgorithm hmac"..., 4096) = 100
read(8, "", 4096) = 0
close(8) = 0
futex(0x7f647559ca00, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f64755bd1cc, FUTEX_WAKE_PRIVATE, 2147483647) = 0
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 8
close(8) = 0
socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 8
getsockname(8, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, [28]) = 0
close(8) = 0
socket(AF_UNIX, SOCK_STREAM, 0) = 8
close(8) = 0
futex(0x7f647559d034, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f647299f080, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x7f647299f010, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigtimedwait([HUP INT TERM], {si_signo=SIGTERM, si_code=SI_USER, si_pid=3180001, si_uid=0}, NULL, 8) = 15 (SIGTERM)
futex(0x7f647299f080, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x7f647299f010, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x7f647299f084, FUTEX_WAKE_PRIVATE, 2147483647) = 1
futex(0x7f647299f010, FUTEX_WAKE_PRIVATE, 1) = 1
write(6, "\0\0\0\0\377\377\377\377", 8) = 8
futex(0x7f64729719d0, FUTEX_WAIT, 3180002, NULL) = -1 EAGAIN (Resource temporarily unavailable)
epoll_ctl(7, EPOLL_CTL_DEL, 3, 0x7ffc771f1a94) = 0
close(7) = 0
munmap(0x7f6472972000, 172032) = 0
munmap(0x7f647299c000, 266240) = 0
futex(0x7f64751196c4, FUTEX_WAKE_PRIVATE, 2147483647) = 0
exit_group(0) = ?
+++ exited with 0 +++

root@prodsmtp0002l:/etc/bind# cat /etc/bind/22.log
newfstatat(AT_FDCWD, "/etc/bind/rndc.conf", 0x7ffdab829840, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/etc/bind/rndc.key", {st_mode=S_IFREG|0640, st_size=100, ...}, 0) = 0
openat(AT_FDCWD, "/etc/bind/rndc.key", O_RDONLY) = 10
newfstatat(10, "", {st_mode=S_IFREG|0640, st_size=100, ...}, AT_EMPTY_PATH) = 0
read(10, "key \"rndc-key\" {\n\talgorithm hmac"..., 4096) = 100
read(10, "", 4096) = 0
close(10) = 0
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 10
close(10) = 0
socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 10
getsockname(10, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, [28]) = 0
close(10) = 0
socket(AF_UNIX, SOCK_STREAM, 0) = 10
close(10) = 0
futex(0x7fc94d5f0518, FUTEX_WAKE_PRIVATE, 2147483647) = 0
write(8, "\1\0\0\0\0\0\0\0", 8) = 8
rt_sigtimedwait([HUP INT TERM], rndc: connection to remote host closed.
* This may indicate that the
* remote server is using an older
* version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized,
* the key signing algorithm is incorrect
* or the key is invalid.
 <unfinished ...>) = ?
+++ exited with 1 +++
root@prodsmtp0002l:/etc/bind#

Revision history for this message
Celtic (celticxa) wrote :

I'm sorry for the mistake
It's working fine.

(now i examine log files and see, stats.log last modify dat is 03.02 (02. March). dpkg.log - no update.
config:
have another disk (dev/sdb) to log files - and this not ok.

   statistics-file "/store/var/log/named/named.stat" ;
          file "/store//var/log/named/default.log" versions 3 size 20m;
          file "/store//var/log/named/client_security.log" versions 3 size 20m;
          file "/store//var/log/named/queries.log" versions 600 size 20m;

Apparmor diasbled:
/etc/apparmor.d/disable/usr.sbin.named

everything fine - but rndc stat runs into an error

( /var/log is a symlink to /store/var/log )

pls, close the bugreport - it's not bug. Zhanks.

Sergio Durigan Junior (sergiodj)
Changed in bind9 (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.