Skip to navigation

Bug Fix Advisory bind bug fix and enhancement update

Advisory: RHBA-2009:1420-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2009-09-02
Last updated on: 2009-09-02
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Updated bind packages that fix several bugs and add various enhancements are now available for Red
Hat Enterprise Linux 5.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named), a resolver
library (routines for applications to use when interfacing with DNS), and
tools for verifying that the DNS server is operating correctly.

This update upgrades the bind packages to upstream version 9.3.6-P1, which
contains bug fixes and enhancements over the previous version.

Notably, this updated BIND is able to handle a much larger number of
requests simultaneously. (BZ#457036)

These updated bind packages provide fixes for the following bugs:

* named occasionally crashed due to an assertion failure, and logged this
error message to the system log:

named[PID]: socket.c:1649: INSIST(!sock->pending_recv) failed
named[PID]: exiting

This crash was caused by sockets being closed too early. With these updated
packages, this assertion failure no longer occurs. (BZ#455802)

* when using the '-4' option with the "host" and "dig" utilities to force
them to use an IPv4 transport, the order in which IPv4 and IPv6 nameservers
were listed in the /etc/resolv.conf configuration file affected whether the
command would fail or succeed. This has been fixed so that these utilities
continue to look for an IPv4 address, even past listed IPv6 addresses, when
the '-4' option is supplied. (BZ#469441)

* the "named-checkconf" utility ignored the "check-names" option in the
/etc/named.conf configuration file, which caused the named daemon to fail
to start, even if the configuration was valid. With these updated packages,
"named-checkconf" no longer ignores the "check-names" option, and named
starts up as expected. (BZ#491400)

* the named init script did not handle the named_write_master_zones SELinux
boolean or the permissions on the /var/named/ directory as documented.
(BZ#494370)

In addition, these updated packages provide the following enhancements:

* a new configuration directive which informs secondary servers not to send
DNS notify messages, "notify master-only", is now supported. (BZ#477651)

* dynamic loading of database back-ends is now supported with these updated
packages. (BZ#479273)

* the "allow-query-cache" option, which allows control over access to
non-authoritative data (such as cached data and root hints), is now
supported. (BZ#483708)

* the sample /etc/named.conf configuration file provided with these
packages has been improved. (BZ#485393)

Users are advised to upgrade to these updated bind packages, which resolve
these issues and add these enhancements.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
bind-9.3.6-4.P1.el5.src.rpm
File outdated by:  RHBA-2013:0136
    MD5: a8c7bc5ceb606001363723046aca0467
 
IA-32:
bind-chroot-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 04a2feecfd4b1178545d9221ffd56eaf
bind-devel-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 38f09e9d47472b6151e06b56575af969
bind-libbind-devel-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 5fa8670a41c03e474aac9becff788ba9
caching-nameserver-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 91db95f0cdca7e3e24611e1a79a99edb
 
x86_64:
bind-chroot-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: d735c38c3c2c562d0516cdd0ad8e0b2f
bind-devel-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 38f09e9d47472b6151e06b56575af969
bind-devel-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: aec39bdebb6af0362f0949364cdc4ba3
bind-libbind-devel-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 5fa8670a41c03e474aac9becff788ba9
bind-libbind-devel-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: 2b11b66ddbbb8f9c98fd1c728273133b
caching-nameserver-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: a52cf71e22b2c77619fbbcfe6f5c459c
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
bind-9.3.6-4.P1.el5.src.rpm
File outdated by:  RHBA-2013:0136
    MD5: a8c7bc5ceb606001363723046aca0467
 
IA-32:
bind-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 8d5371f494708b492dd2820722f0754a
bind-chroot-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 04a2feecfd4b1178545d9221ffd56eaf
bind-devel-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 38f09e9d47472b6151e06b56575af969
bind-libbind-devel-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 5fa8670a41c03e474aac9becff788ba9
bind-libs-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: e1deca8e40e5c451107f0a9d3b34b749
bind-sdb-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 60fe292b6de61c6220699f95ff727e83
bind-utils-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 6a857a58279d5a48ae1109ad2eb39f09
caching-nameserver-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 91db95f0cdca7e3e24611e1a79a99edb
 
IA-64:
bind-9.3.6-4.P1.el5.ia64.rpm
File outdated by:  RHBA-2013:0136
    MD5: d6ad4504327bdd9c53c45d47aa7b2e1d
bind-chroot-9.3.6-4.P1.el5.ia64.rpm
File outdated by:  RHBA-2013:0136
    MD5: 07320287e66b520c056cab32a885362a
bind-devel-9.3.6-4.P1.el5.ia64.rpm
File outdated by:  RHBA-2013:0136
    MD5: 887bcb7ac733d00995a55c22a73cf745
bind-libbind-devel-9.3.6-4.P1.el5.ia64.rpm
File outdated by:  RHBA-2013:0136
    MD5: 816fa622e2d46e0d457475b90d9bb000
bind-libs-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: e1deca8e40e5c451107f0a9d3b34b749
bind-libs-9.3.6-4.P1.el5.ia64.rpm
File outdated by:  RHBA-2013:0136
    MD5: 6dc91b6120b7c708806a5ee5b385675f
bind-sdb-9.3.6-4.P1.el5.ia64.rpm
File outdated by:  RHBA-2013:0136
    MD5: e97f0d7300e0dac266d3f2b9a903ea9b
bind-utils-9.3.6-4.P1.el5.ia64.rpm
File outdated by:  RHBA-2013:0136
    MD5: 932743e35a9876f2e2c99326d55a425e
caching-nameserver-9.3.6-4.P1.el5.ia64.rpm
File outdated by:  RHBA-2013:0136
    MD5: 8ce92df2079bbbbd9a0b2897f5852639
 
PPC:
bind-9.3.6-4.P1.el5.ppc.rpm
File outdated by:  RHBA-2013:0136
    MD5: e9b66609e29434f9f2e92c3b310f8a05
bind-chroot-9.3.6-4.P1.el5.ppc.rpm
File outdated by:  RHBA-2013:0136
    MD5: 77f1f48c426909effdf5f61828832a32
bind-devel-9.3.6-4.P1.el5.ppc.rpm
File outdated by:  RHBA-2013:0136
    MD5: cb7f6f5eb54d4ecedccb0ad6fb7508bf
bind-devel-9.3.6-4.P1.el5.ppc64.rpm
File outdated by:  RHBA-2013:0136
    MD5: 2d2979a1ac22f4924eb0d3a43cc5a923
bind-libbind-devel-9.3.6-4.P1.el5.ppc.rpm
File outdated by:  RHBA-2013:0136
    MD5: ab05c252759f28259930892088a58ddb
bind-libbind-devel-9.3.6-4.P1.el5.ppc64.rpm
File outdated by:  RHBA-2013:0136
    MD5: f2f01273b1d407defab0e9a2bbdcd1ff
bind-libs-9.3.6-4.P1.el5.ppc.rpm
File outdated by:  RHBA-2013:0136
    MD5: aea847712d830fcc456c5c45de2d720b
bind-libs-9.3.6-4.P1.el5.ppc64.rpm
File outdated by:  RHBA-2013:0136
    MD5: b746cfb18a9b6c8939cbc0190ce6f9a4
bind-sdb-9.3.6-4.P1.el5.ppc.rpm
File outdated by:  RHBA-2013:0136
    MD5: c68b9a6a24dbe13da5c3313db02e97a1
bind-utils-9.3.6-4.P1.el5.ppc.rpm
File outdated by:  RHBA-2013:0136
    MD5: 47f077d97a1c160ac99dac9386ab376c
caching-nameserver-9.3.6-4.P1.el5.ppc.rpm
File outdated by:  RHBA-2013:0136
    MD5: dc50125fab471f68985d023965ddd704
 
s390x:
bind-9.3.6-4.P1.el5.s390x.rpm
File outdated by:  RHBA-2013:0136
    MD5: faceae16b10e38877a81969c956463b1
bind-chroot-9.3.6-4.P1.el5.s390x.rpm
File outdated by:  RHBA-2013:0136
    MD5: b20568841241effe4404b554f8a44588
bind-devel-9.3.6-4.P1.el5.s390.rpm
File outdated by:  RHBA-2013:0136
    MD5: cf83a831af0be20c028dbfaf155be80a
bind-devel-9.3.6-4.P1.el5.s390x.rpm
File outdated by:  RHBA-2013:0136
    MD5: 6f74ffb3580d123d5950e62aceb83c69
bind-libbind-devel-9.3.6-4.P1.el5.s390.rpm
File outdated by:  RHBA-2013:0136
    MD5: 31b01d56f9f842dd4ad2c97255a9fba0
bind-libbind-devel-9.3.6-4.P1.el5.s390x.rpm
File outdated by:  RHBA-2013:0136
    MD5: 007bfdaefc737eac955ff76fbbc51cb4
bind-libs-9.3.6-4.P1.el5.s390.rpm
File outdated by:  RHBA-2013:0136
    MD5: 73bdc0122d245ae35c8b7e74069dffd2
bind-libs-9.3.6-4.P1.el5.s390x.rpm
File outdated by:  RHBA-2013:0136
    MD5: 2c872e041840672cd5534eb3041a394c
bind-sdb-9.3.6-4.P1.el5.s390x.rpm
File outdated by:  RHBA-2013:0136
    MD5: a52432246c749109b7182b8f87907fb0
bind-utils-9.3.6-4.P1.el5.s390x.rpm
File outdated by:  RHBA-2013:0136
    MD5: c12f0e37a1acb8e9dc892ea365a7f379
caching-nameserver-9.3.6-4.P1.el5.s390x.rpm
File outdated by:  RHBA-2013:0136
    MD5: 42fe9016aa083dac907025e2463a8efe
 
x86_64:
bind-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: c645af598799871674921264e8d9d5e0
bind-chroot-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: d735c38c3c2c562d0516cdd0ad8e0b2f
bind-devel-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 38f09e9d47472b6151e06b56575af969
bind-devel-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: aec39bdebb6af0362f0949364cdc4ba3
bind-libbind-devel-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 5fa8670a41c03e474aac9becff788ba9
bind-libbind-devel-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: 2b11b66ddbbb8f9c98fd1c728273133b
bind-libs-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: e1deca8e40e5c451107f0a9d3b34b749
bind-libs-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: 7e0babf3ef116458ec61f7c78138a863
bind-sdb-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: b78f94658f747985d8e0ab532a3cce13
bind-utils-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: cca58508df7bb4217512711b2f6b1e19
caching-nameserver-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: a52cf71e22b2c77619fbbcfe6f5c459c
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
bind-9.3.6-4.P1.el5.src.rpm
File outdated by:  RHBA-2013:0136
    MD5: a8c7bc5ceb606001363723046aca0467
 
IA-32:
bind-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 8d5371f494708b492dd2820722f0754a
bind-libs-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: e1deca8e40e5c451107f0a9d3b34b749
bind-sdb-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 60fe292b6de61c6220699f95ff727e83
bind-utils-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: 6a857a58279d5a48ae1109ad2eb39f09
 
x86_64:
bind-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: c645af598799871674921264e8d9d5e0
bind-libs-9.3.6-4.P1.el5.i386.rpm
File outdated by:  RHBA-2013:0136
    MD5: e1deca8e40e5c451107f0a9d3b34b749
bind-libs-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: 7e0babf3ef116458ec61f7c78138a863
bind-sdb-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: b78f94658f747985d8e0ab532a3cce13
bind-utils-9.3.6-4.P1.el5.x86_64.rpm
File outdated by:  RHBA-2013:0136
    MD5: cca58508df7bb4217512711b2f6b1e19
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

455802 - named service crashes with an assertion failed message
457036 - Latest security patches have downgraded performance on big recursors
469441 - 'host -4 hostname' fails even though ipv4 nameservers are available.
479273 - Add support for dynamic loading of database backends
483708 - bind: backport support for allow-query-cache* configuration directives [RHEL-5]
485393 - Update sample configuration file to address recent "DNS reflector" attack
490837 - poor logging at file read
491655 - bind doesn't handle unknown DLV algorithms well
494370 - bind init script references obsolete SELinux's booleans and points to wrong booleans.local location
496495 - configtest does not catch un-defined ACLs


Keywords

allow-query-cache, crash, DLV, named-checkconf, rebase


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/