- Issued:
- 2011-05-19
- Updated:
- 2011-05-19
RHBA-2011:0541 - bind bug fix and enhancement update
Synopsis
bind bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated bind packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
Description
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named), a resolver library (routines applications use when interfacing with DNS), and tools for verifying that the DNS server is operating correctly.
This update fixes the following bugs:
-
previously, bind on the 64-bit PowerPC architecture used emulated atomic operations rather than native instructions. In this updated package bind on the 64-bit PowerPC architecture uses the same native atomic operations as the PowerPC architecture. (BZ#623638)
-
previously, the bind package generated the /etc/rndc.key file. However, generating this file used entropy from /dev/random. Consequently, installation of the bind package might have hung. The rndc.key is used by rndc utility for advanced administration commands and is no longer automatically generated during installation of the bind package. Users requiring the rndc utility should generate key themselves, via the "rndc-confgen -a" command. (BZ#677381)
-
under certain circumstances, "named" was entering a deadlock. Consequently, "named" could not be stopped using the "/etc/init.d/named stop". In this updated package, the deadlock no longer occurs, resolving this issue. (BZ#623122)
-
previously, the named_sdb PostgreSQL database backend failed to reconnect to the database when the connection failed during named_sdb startup. With this update, named writes error message to the system log and tries to reconnect during every lookup. (BZ#623190)
-
previously, file conflicts prevented the i686 and x86_64 versions of bind-devel from being installed on the same machine. In this update, the file conflict is resolved and both the i686 and x86_64 bind-devel packages can be installed on the same system. (BZ#658045)
-
previously, initscript killed all processes with the name "named" when stopping the named daemon. With this update, initscript kills only the selected one. (BZ#622785)
-
the return codes of the "dig" utility are documented in the dig man page. (BZ#640538)
-
previously the named.8 manpage mentioned the system-config-bind utility. This utility is not included with Red Hat Enterprise Linux 6. The man page is updated to remove the reference to the system-config-bind utility. (BZ#660676)
-
the "status" action of the named initscript would not complete when bind-sdb package was installed. These updated packages resolve this issue. (BZ#661663, BZ#672777)
-
when resolv.conf contained "search" keyword with no arguments host/nslookup/dig utilities failed to parse it correctly. In these updated packages, such lines are ignored. (BZ#669163)
-
previously, the nsupdate man page incorrectly listed HMAC-MD5 as the only TSIG algorithm. In this updated package, the list of encryption algorithms was removed from the nsupdate man page. The the dnssec-keygen man page contains a complete list of usable encryption algorithms. (BZ#672819)
In addition, this update adds the following enhancements:
-
the bind packages in this update are rebased to version 9.7.3. The References section of this erratum contains a link to the bind release notes. (BZ#653486)
-
the host utility now honors "debug", "attempts" and "timeout" options in resolv.conf. (BZ#622764)
-
a new option, called DISABLE_ZONE_CHECKING, has been added to /etc/sysconfig/named. This option adds the possibility to bypass zone validation via the named-checkzone utility in initscript and allows to start named with misconfigured zones. (BZ#623673)
-
with this update, size, MD5 and the modification time of /etc/sysconfig/named configuration file is no longer checked via the "rpm -V bind" command. (BZ#646932)
-
Root zone DNSKEY is now included in the bind package, in the /etc/named.root.key file. (BZ#667375)
Users are advised to upgrade to these updated bind packages, which resolve these issues and add these enhancements.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- bind-9.7.3-2.el6.x86_64.rpm
- bind-sdb-9.7.3-2.el6.x86_64.rpm
- bind-chroot-9.7.3-2.el6.ppc64.rpm
- bind-utils-9.7.3-2.el6.i686.rpm
- bind-9.7.3-2.el6.i686.rpm
- bind-libs-9.7.3-2.el6.i686.rpm
- bind-sdb-9.7.3-2.el6.ppc64.rpm
- bind-9.7.3-2.el6.s390x.rpm
- bind-debuginfo-9.7.3-2.el6.x86_64.rpm
- bind-libs-9.7.3-2.el6.ppc64.rpm
- bind-sdb-9.7.3-2.el6.s390x.rpm
- bind-devel-9.7.3-2.el6.i686.rpm
- bind-chroot-9.7.3-2.el6.x86_64.rpm
- bind-chroot-9.7.3-2.el6.s390x.rpm
- bind-debuginfo-9.7.3-2.el6.s390x.rpm
- bind-utils-9.7.3-2.el6.ppc64.rpm
- bind-debuginfo-9.7.3-2.el6.i686.rpm
- bind-debuginfo-9.7.3-2.el6.s390.rpm
- bind-devel-9.7.3-2.el6.ppc.rpm
- bind-libs-9.7.3-2.el6.x86_64.rpm
- bind-9.7.3-2.el6.ppc64.rpm
- bind-libs-9.7.3-2.el6.s390x.rpm
- bind-sdb-9.7.3-2.el6.i686.rpm
- bind-libs-9.7.3-2.el6.s390.rpm
- bind-debuginfo-9.7.3-2.el6.ppc64.rpm
- bind-devel-9.7.3-2.el6.ppc64.rpm
- bind-chroot-9.7.3-2.el6.i686.rpm
- bind-devel-9.7.3-2.el6.s390x.rpm
- bind-devel-9.7.3-2.el6.s390.rpm
- bind-libs-9.7.3-2.el6.ppc.rpm
- bind-9.7.3-2.el6.src.rpm
- bind-devel-9.7.3-2.el6.x86_64.rpm
- bind-utils-9.7.3-2.el6.x86_64.rpm
- bind-utils-9.7.3-2.el6.s390x.rpm
- bind-debuginfo-9.7.3-2.el6.ppc.rpm
Fixes
- This content is not included.BZ - 622764
- This content is not included.BZ - 622785
- This content is not included.BZ - 623122
- This content is not included.BZ - 623190
- This content is not included.BZ - 623638
- This content is not included.BZ - 623673
- This content is not included.BZ - 653486
- This content is not included.BZ - 658045
- This content is not included.BZ - 660676
- This content is not included.BZ - 667375
- This content is not included.BZ - 669163
CVEs
(none)
References
- Content from ftp.isc.org is not included.Content from ftp.isc.org is not included.http://ftp.isc.org/isc/bind9/9.7.3/RELEASE-NOTES-BIND-9.7.3.html
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.