RHBA-2011:0223 - Bug Fix Advisory

Topic

Updated bind packages that fix various bugs are now available for Red Hat
Enterprise Linux 4.

Description

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name
System (DNS) protocols. BIND includes a DNS server (named), a resolver library
(routines for applications to use when interfacing with DNS), and tools for
verifying that the DNS server is operating correctly.

This update fixes the following bugs:

• The named init script did not wait for proper named termination before

attempting to restart named, which, when the name server was under moderate or
high load, could cause a failure to start. With this update, the named init
script waits for named termination before attempting to restart the name server.
(BZ#455540)

• Under heavy load, the named daemon could fail to respond to a TCP query. If

recursive queries consumed all available UDP sockets, then the opening of a TCP
socket could have failed due to a default limit placed upon the number of open
file descriptors. This default limit has been removed entirely from these
updated packages, which both prevents the possibility of named failing to
respond to a TCP query, and corresponds to the existing documentation.
(BZ#456417)

• Under certain conditions, the named daemon could exit due to an assertion

failure. When this happened, the following message was logged to
/var/log/messages:

named: socket.c:1649: INSIST(!sock->pending_recv) failed named: exiting (due
to assertion failure)

This update provides a fix to the socket module which prevents this assertion
from failing, thus resolving the problem. (BZ#462060)

• The rndc command line utility allows the named daemon to be administered

locally or remotely. Previously, named exited due to an assertion failure when
it received a command via rdnc telling it to reload a subdomain of its
authoritative domain. With this update, when named receives such a command via
rdnc, it logs an error message to the system log and ignores the command.
(BZ#475202)

• When the number of processed queries in BIND was sufficiently high, the

following error message was logged:

internal_accept: fcntl() failed: Too many open files

With this update, timeout queries are aborted in order to reduce the number of
open UDP sockets, and when the accept() function returns an "EMFILE" error
value, that situation is now handled gracefully, thus resolving the issue.
(BZ#476515)

• BIND redundantly bound random UDP ports which might have been used by another

application with the "SO_REUSEADDR" option. As a result of this, the application
which used that port was terminated abnormally. With this update, BIND no longer
bounds random ports with the "SO_REUSEADDR" option. (BZ#480819)

• When running on a system receiving a large number (greater than 4,000) of DNS

requests per second, the named DNS nameserver became unresponsive, and the named
service had to be restarted in order for it to continue serving requests. This
was caused by a deadlock occurring between two threads that led to the inability
of named to continue to service requests. This deadlock has been resolved with
these updated packages so that named no longer becomes unresponsive under heavy
load. (BZ#509975)

• When named received an IPv4-mapped request on an IPv6 interface, an error in

named caused it to stop responding with the following log message:

client.c:1334: unexpected error: failed to get request's destination: failure

This error has been corrected and named no longer freezes and no longer accepts
IPv4-mapped requests on IPv6 interfaces. (BZ#518866)

• Previously, the host command incorrectly returned the status code "0" even

when the nameserver did not respond. With this update, the host command returns
the correct status code for this situation, which is "1". (BZ#559524)

All users of BIND are advised to upgrade to these updated packages, which
resolve these issues.

Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 ia64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 ia64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux for IBM z Systems 4 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390
• Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

• BZ - 455540 - named init script doesn't wait for server terminaton
• BZ - 462060 - named service crashes with an assertion failed message
• BZ - 475202 - named crashes on incorrect usage of rndc reload command
• BZ - 476515 - RHEL4: bind-9.2.4-30.el4 and too many open files
• BZ - 518866 - named stops responding after an unexpected error in client.c
• BZ - 559524 - host should return non-zero status in case of error

CVEs

(none)

References

(none)