| View previous topic :: View next topic |
| Author |
Message |
ReD-BaRoN
Apprentice
Joined: 06 Feb 2004
Posts: 208
|
 Posted: Mon Feb 19, 2007 3:56 pm Post subject: Bind keeps dying, core dumps. |
 |
|
Ever since the upgrade to 9.3.4, bind keeps dying seemingly randomly, with nothing output to any logfile. Is anyone else seeing this behavior?
Thanks!
Edit: After more investigation, I found a bunch or core files in /chroot/dns/var/bind/  .
Do I need to take this upstream? |
|
| Back to top |
|
 |
depontius
Veteran
Joined: 05 May 2004
Posts: 1843
|
| Posted: Mon Feb 19, 2007 4:45 pm Post subject: |
|
|
Lemme guess... You're running hardened and/or SELinux, right?
This problem cropped up late last year, too. There appears to be some sort of problem with BIND and either the hardened compiler or libraries. The answer is to drop back to an earlier version. I believe 9.3.2-r4 was what I was running before the 9.3.4 mess. When it hit again, I didn't realize that at first, and wound up back at 9.2.6-r4, having found that 9.2.8 also fails. One of these days with some spare time I'd like to get back to 9.3.2-r4.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
smoco
n00b
Joined: 19 Feb 2007
Posts: 30
Location: Slovakia
|
| Posted: Mon Feb 19, 2007 4:51 pm Post subject: Bind die |
|
|
| Yes I have same situation , after upgade bind go down after few seconds. Look at my post "Named 9.3.4 falls down" |
|
| Back to top |
|
|
ReD-BaRoN
Apprentice
Joined: 06 Feb 2004
Posts: 208
|
| Posted: Mon Feb 19, 2007 6:15 pm Post subject: |
|
|
| After some help from the folks on the gentoo-hardened list, it turns out this is bug #158664. |
|
| Back to top |
|
|
depontius
Veteran
Joined: 05 May 2004
Posts: 1843
|
| Posted: Mon Feb 19, 2007 8:03 pm Post subject: |
|
|
There's a notice on the Gentoo-hardened mailing list that bind-9.3.4 will work if you use "-O" in your CFLAGS instead of the more common/default "-O2". I have not personally tried this. You can apply CFLAGS changes to just one package or one version of one package with "/etc/portage/env".
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
Herring42
Guru
Joined: 10 Mar 2004
Posts: 334
Location: Buckinghamshire
|
| Posted: Tue Feb 20, 2007 11:32 am Post subject: |
|
|
| depontius wrote: | | You can apply CFLAGS changes to just one package or one version of one package with "/etc/portage/env". |
That doesn't work for me  Is there a good alternative to bind available?
_________________
A camera is spelt with an 'e' and is used to take photographs.
CAMRA is the CAMpaign for Real Ale. |
|
| Back to top |
|
|
depontius
Veteran
Joined: 05 May 2004
Posts: 1843
|
| Posted: Tue Feb 20, 2007 12:53 pm Post subject: |
|
|
Well, I really didn't give the full information, I guess. For my system at home, I would need a file at:
| Code: | | /etc/portage/env/net-dns/bind-9.3.4 |
and the contents would be:
| Code: | | CFLAGS="-march=k6-3 -O -pipe" |
for the full story. I currently run with CFLAGS="-march=k6-3 -O2 -pipe" on that system. Is this what you did, or did you try something else based on the inadequate information I'd posted?
There are numerous people worried about the monoculture of BIND, and some effort to make sure that alternatives exist, if only for that reason. It depends on how large your installation is. For a home network or maybe small office, dnsmasq can carry the whole load and serve dhcp. There's always DJB. Take a look at the whole net-dns category in portage.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
Herring42
Guru
Joined: 10 Mar 2004
Posts: 334
Location: Buckinghamshire
|
| Posted: Tue Feb 20, 2007 2:14 pm Post subject: |
|
|
Ahh! I just modified make.conf while I emerged bind. I'll add those files though.
Currently I'm hosting a few domains, with internal and external views, and updating an external dns server by zone transfer.
I'll have a look...
_________________
A camera is spelt with an 'e' and is used to take photographs.
CAMRA is the CAMpaign for Real Ale. |
|
| Back to top |
|
|
depontius
Veteran
Joined: 05 May 2004
Posts: 1843
|
| Posted: Tue Feb 20, 2007 2:34 pm Post subject: |
|
|
But for you running "-O" (as opposed to "-O2") didn't stop the BIND crashes?
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
Herring42
Guru
Joined: 10 Mar 2004
Posts: 334
Location: Buckinghamshire
|
| Posted: Tue Feb 20, 2007 2:43 pm Post subject: |
|
|
Sorry, I should have said:
bind 9.3.4 works fine (so far! ~3 hours testing) using -O in the cflags and hardened profile
emerge --info
| Code: |
Portage 2.1.2-r9 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.17-hardened-r1 i686)
=================================================================
System uname: 2.6.17-hardened-r1 i686 AMD Athlon(tm) processor
Gentoo Base System release 1.12.9
Timestamp of tree: Tue, 20 Feb 2007 05:50:01 +0000
ccache version 2.4 [disabled]
dev-java/java-config: 1.3.7, 2.0.31-r3
dev-lang/python: 2.3.5-r2, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache: 2.4-r6
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.60
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils: 2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O -march=athlon -pipe -mmmx -m3dnow"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O -march=athlon -pipe -mmmx -m3dnow"
DISTDIR="/home/distfiles"
FEATURES="autoconfig confcache distlocks metadata-transfer parallel-fetch prelink sandbox sfperms strict"
GENTOO_MIRRORS="http://www.mirror.ac.uk/sites/www.ibiblio.org/gentoo/ http://ftp.easynet.nl/mirror/gentoo/ ftp://ftp.easynet.nl/mirror/gentoo/"
LANG="en_GB.UTF-8"
LC_ALL="en_GB.UTF-8"
LINGUAS="en_GB"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://beth/gentoo-portage"
USE="acl apache2 berkdb bzip2 caps chroot crypt curl dlloader expat gd hardened howl idn imagemagick iodbc ipv6 java jce jpeg jpeg2k kerberos logrotate maildir midi ming mmx mysql ncurses nls nptl nptlonly odbc pam perl pic png python readline sasl slang snmp spell ssl tcpd threads tiff truetype unicode userlocales vhosts virus-scan x86 xml xml2 xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB" USERLAND="GNU"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
|
_________________
A camera is spelt with an 'e' and is used to take photographs.
CAMRA is the CAMpaign for Real Ale. |
|
| Back to top |
|
|
depontius
Veteran
Joined: 05 May 2004
Posts: 1843
|
| Posted: Tue Feb 20, 2007 4:26 pm Post subject: |
|
|
Heck, both times this has happened to me, bind would fall over dead on the first local query or within 15 seconds, whichever came first. Compared to that, 3 hours is an eternity. I'll have to give this a try.
Most recently when I had the bind problems, MythTV got into a snit and borked itself somehow. It was down for a week before I had time to sit down and get it working again. I guess I was also busy enough that I wasn't watching that much TV, either.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
|
Networking & Security
