bind9-resolvconf service doesn't work

Bug #1536181 reported by Jonathan Kamens
30
This bug affects 4 people
Affects Status Importance Assigned to Milestone
bind9 (Debian)
Fix Released
Unknown
bind9 (Ubuntu)
Fix Released
High
Unassigned
Xenial
Fix Released
High
Unassigned
Yakkety
Fix Released
High
Nish Aravamudan

Bug Description

[Impact]

 * If using the bind9-resolvconf service to have the local named managed resolv.conf, the service exits after running starting, and the system resolv.conf ends up reverting to the default content.

 * The user is effectively prevented from using bind9-resolvconf to manage their local resolv.conf.

 * The issue is that the bind9-resolvconf service needs to detected as still running even after the /etc/resolv.conf modification occurs. As per Debian Bug 744304: "RemainAfterExit tells systemd that a service should be considered running even after it exited. Currently, systemd thinks the service went inactive after the ExecStart command exits, and then immediately calls the ExecStop command, thus removing 127.0.0.1 from resolvconf."

[Test Case]

 * Install bind9-resolvconf with a local bind9 configuration. Start the bind9-resolvconf service and the prior content of /etc/resolv.conf will remain even if it differs from bind9's configuration.

[Regression Potential]

 * I believe the regression potential to be very low for this change. The bind9-resolvconf service currently does not work as expected. Users may have made manual changes locally, as suggested in this bug, but those seem to generally not be permanent solutions and should not collide with the change to the service.

---

I enabled the bind9-resolvconf service and restarted my system, because I want to use the named running on localhost as my nameserver.

Even after the restart, however, the nameservers in /etc/resolv.conf (actually /var/run/resolvconf/resolv.conf) were still the ones provided by DHCP. This, despite the fact that the logs claim that bind9-resolvconf ran successfully during boot.

I tried manually running "sudo systemctl start bind9-resolv.conf", and again, the logs claim it ran, but /etc/resolv.conf was unmodified.

Finally, I manually ran "sudo /bin/sh -c 'echo nameserver 127.0.0.1 | /sbin/resolvconf -a lo.named'", i.e., the command listed in /lib/systemd/system/bind9-resolv.conf.service, and _that_ successfully updated /etc/resolv.conf.

After doing that, interestingly, "sudo systemctl stop bind9-resolv.conf" _also_ doesn't change /etc/resolv.conf, i.e., it still retains the 127.0.0.1 line which I added by running the resolvconf command manually.

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: bind9 1:9.9.5.dfsg-11ubuntu1.2
ProcVersionSignature: Ubuntu 4.2.0-25.30-generic 4.2.6
Uname: Linux 4.2.0-25-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.19.1-0ubuntu5
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Jan 20 08:03:35 2016
InstallationDate: Installed on 2016-01-16 (4 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
RelatedPackageVersions:
 bind9utils 1:9.9.5.dfsg-11ubuntu1.2
 apparmor 2.10-0ubuntu6
SourcePackage: bind9
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.bind.named.conf: [modified]
modified.conffile..etc.bind.named.conf.local: [modified]
mtime.conffile..etc.bind.named.conf: 2016-01-16T19:01:39.827033
mtime.conffile..etc.bind.named.conf.local: 2016-01-16T21:13:51.991632

Revision history for this message
Jonathan Kamens (jik) wrote :
Revision history for this message
Thomas Hood (jdthood) wrote :

The service is called "bind9-resolvconf" but you said you ran "sudo systemctl start bind9-resolv.conf" and "sudo systemctl stop bind9-resolv.conf". Look carefully at the spelling.

Changed in bind9 (Ubuntu):
status: New → Incomplete
Revision history for this message
Jonathan Kamens (jik) wrote :

So sue me, I accidentally typed bind9-resolv.conf instead of bind9-resolvconf in my bug report. Obviously I would have noticed systemctl tell me I typed an invalid service if I had actually typed bind9-resolv.conf in the systemctl commands. I'm not an idiot. The bug report is correct; I just confirmed that "systemctl restart bind9-resolvconf" (see, no period this time!) is ineffective.

Changed in bind9 (Ubuntu):
status: Incomplete → New
Revision history for this message
ilia (ilia) wrote :

The bug is still present in 16.04 xenial, bind9-1:9.10.3.dfsg.P4-8ubuntu1 package.
It is described well in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744304
The fix is to edit /lib/systemd/system/bind9-resolvconf.service and add "RemainAfterExit=yes" at [Service] section. A patch is attached. Please, integrate the fix.

Changed in bind9 (Debian):
status: Unknown → New
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "bind9-resolvconf.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in bind9 (Ubuntu):
status: New → Confirmed
Revision history for this message
dino99 (9d9) wrote :

Glancing at bind's bugs, i've opened that one to read it; and have checked the yakkety status about it: so i've edited the file proposed in #4 above, to looks like:

 [Unit]
Description=local BIND via resolvconf
Documentation=man:named(8) man:resolvconf(8)
Requires=bind9.service
After=bind9.service
ConditionFileIsExecutable=/sbin/resolvconf

[Service]
ExecStart=/bin/sh -c 'echo nameserver 127.0.0.1 | /sbin/resolvconf -a lo.named'
ExecStop=/sbin/resolvconf -d lo.named
RemainAfterExit=yes # added as per #4 comment

[Install]
WantedBy=bind9.service

next i will check the logs again after a reboot to know if it help.

note: bind has a new stable version with many Security Fixes & bugs fixes. Hopes both Debian & Ubuntu will upgrade asap
ftp://ftp.isc.org/isc/bind9/9.10.4/RELEASE-NOTES-bind-9.10.4.txt

tags: added: xenial yakkety
Changed in bind9 (Ubuntu):
importance: Undecided → High
Robie Basak (racb)
tags: added: server-next
Revision history for this message
Nish Aravamudan (nacc) wrote :

Hello, I have provided test builds with the updated systemd unit configuration file at: https://launchpad.net/~nacc/+archive/ubuntu/lp1536181.

Please test and report back!

Changed in bind9 (Ubuntu):
assignee: nobody → Nish Aravamudan (nacc)
Changed in bind9 (Ubuntu Xenial):
assignee: nobody → Nish Aravamudan (nacc)
importance: Undecided → High
Nish Aravamudan (nacc)
Changed in bind9 (Ubuntu):
status: Confirmed → In Progress
Changed in bind9 (Ubuntu Xenial):
status: New → In Progress
Revision history for this message
Jason B. Alonso (jalonso-hackorp) wrote :

There have been security updates to bind9 since the builds in your PPA, which are conflicting with my ability to test it (please pardon me for being reluctant to fight apt to rewind the security update).

Revision history for this message
Nish Aravamudan (nacc) wrote : Re: [Bug 1536181] Re: bind9-resolvconf service doesn't work

On Nov 6, 2016 14:29, "Jason B. Alonso" <email address hidden> wrote:
>
> There have been security updates to bind9 since the builds in your PPA,
> which are conflicting with my ability to test it (please pardon me for
> being reluctant to fight apt to rewind the security update).

Absolutely the right choice, I'll provide an updated build tomorrow.

Revision history for this message
Jason B. Alonso (jalonso-hackorp) wrote :

While waiting for the PPA to update, I'll note for the record: I was able to deploy a less invasive workaround by applying a service override.

sudo systemctl edit bind9-resolvconf

In the provided editor (which is empty unless you have overrides already), add:

[Service]
RemainAfterExit=yes

Revision history for this message
Jason B. Alonso (jalonso-hackorp) wrote :

Oh, and to put the service override into effect:

sudo systemctl restart bind9-resolvconf.service

Revision history for this message
Nish Aravamudan (nacc) wrote :

@Jason, the PPA updates should be building now.

Changed in bind9 (Ubuntu Yakkety):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Nish Aravamudan (nacc)
Revision history for this message
Jason B. Alonso (jalonso-hackorp) wrote :

After removing my workaround (and confirming things were broken again), I can confirm that the package in your PPA resolves the issue!

Nish Aravamudan (nacc)
description: updated
Nish Aravamudan (nacc)
Changed in bind9 (Ubuntu):
status: In Progress → Fix Committed
Changed in bind9 (Ubuntu Yakkety):
status: In Progress → Fix Committed
status: Fix Committed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.10.3.dfsg.P4-10.1ubuntu2

---------------
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu2) zesty; urgency=medium

  * Add RemainAfterExit to bind9-resolvconf unit configuration file
    (LP: #1536181).

 -- Nishanth Aravamudan <email address hidden> Tue, 15 Nov 2016 08:24:58 -0800

Changed in bind9 (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Jonathan, or anyone else affected,

Accepted bind9 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in bind9 (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Jonathan Kamens (jik) wrote :

Tested successfully:

Package: bind9
Version: 1:9.10.3.dfsg.P4-8ubuntu1.3

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.10.3.dfsg.P4-8ubuntu1.3

---------------
bind9 (1:9.10.3.dfsg.P4-8ubuntu1.3) xenial; urgency=medium

  * Add RemainAfterExit to bind9-resolvconf unit configuration file
    (LP: #1536181).

 -- Nishanth Aravamudan <email address hidden> Tue, 15 Nov 2016 08:30:31 -0800

Changed in bind9 (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for bind9 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Nish Aravamudan (nacc)
Changed in bind9 (Ubuntu Xenial):
assignee: Nish Aravamudan (nacc) → nobody
Changed in bind9 (Ubuntu):
assignee: Nish Aravamudan (nacc) → nobody
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Jonathan, or anyone else affected,

Accepted bind9 into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-10.1ubuntu1.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in bind9 (Ubuntu Yakkety):
status: In Progress → Fix Committed
tags: removed: verification-done
tags: added: verification-needed
Revision history for this message
Jonathan Kamens (jik) wrote :

bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.4 seems to solve the problem.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.10.3.dfsg.P4-10.1ubuntu1.4

---------------
bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1.4) yakkety; urgency=medium

  * Add RemainAfterExit to bind9-resolvconf unit configuration file
    (LP: #1536181).

 -- Nishanth Aravamudan <email address hidden> Wed, 22 Mar 2017 10:09:25 -0700

Changed in bind9 (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Changed in bind9 (Debian):
status: New → Fix Released
Changed in bind9 (Debian):
status: Fix Released → New
Changed in bind9 (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.