- Issued:
- 2012-02-20
- Updated:
- 2012-02-20
RHBA-2012:0254 - bind bug fix and enhancement update
Synopsis
bind bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated bind packages that fix several bugs and add an enhancement are now available for Red Hat Enterprise Linux 5.
Description
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named), a resolver library (routines for applications to use when interfacing with DNS), and tools for verifying that the DNS server is operating correctly.
These updated bind packages provide fixes for the following bugs:
-
Previously, the "named" name service daemon failed to set the max open files limit to "unlimited" by default. Consequently, the error message "max open files (1024) is smaller than max sockets (4096)" was logged. With this update the problem has been fixed, named now sets max open files limit to "unlimited" as documented, and the problem no longer occurs. (BZ#663112)
-
Prior to this update, the code in libdns which sends DNS requests was not robust enough and suffered from a race condition. If a race condition occurred, the "named" name service daemon logged an error message in the format, "zone xxx.xxx.xxx.in-addr.arpa/IN: refresh: failure trying master xxx.xxx.xxx.xxx#53 (source xxx.xxx.xxx.xxx#0): operation canceled", even when zone refresh was successful. This update improves the code to prevent a race condition in libdns and the error no longer occurs in the scenario described. (BZ#676242)
-
A non-writable working directory is a long time feature on all Red Hat systems. Previously, named wrote "the working directory is not writable" as an error to the system log. This update changes the code so that named now writes this information only into the debug log. (BZ#692758)
-
When the "search" option was present in the "/etc/resolv.conf" file but there were no arguments entered for the option, the contents of the following line in the file was interpreted as the missing argument. Consequently, if the following line contained the only "nameserver" option in the file, the system would have no nameservers specified and therefore fail to resolve any hostnames. With this update the code has been improved, the resolv.conf file is parsed correctly, and the problem no longer occurs in the scenario described. (BZ#703451)
-
The "/usr/sbin/bind-chroot-admin" script created symlinks with a double-slash (//) in the paths. This caused logrotate to fail to rotate "/var/log/named.log" correctly. With this update, the bind-chroot-admin utility is fixed and no longer creates symlinks with a double-slash and as a result "/var/log/named.log" is rotated as expected. (BZ#712791)
-
When /etc/resolv.conf contained nameservers with disabled recursion, nslookup failed to resolve certain host names. With this update, nslookup has been patched and now works as expected in the scenario described. (BZ#726120)
-
During a DNS zone transfer, named sometimes terminated unexpectedly with an assertion failure. With this update, a patch has been applied to make the code more robust, and named no longer crashes in the scenario described. (BZ#733698)
-
The named daemon, configured as master server, sometimes failed to transfer an uncompressible zone. The following error message was logged:
transfer of './IN': sending zone data: ran out of space
The code which handles zone transfers has been fixed and this error no longer occurs in the scenario described. (BZ#758873)
In addition, these updated bind packages provide the following enhancement:
- The manpage of the "dig" utility did not document dig's exit status codes. With this update, the "dig" manual page now describes "/usr/bin/dig" exit codes. (BZ#703442)
Users are advised to upgrade to these updated bind packages, which fix these bugs and add this enhancement.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
| Red Hat Enterprise Linux Desktop | 5 | x86_64 |
| Red Hat Enterprise Linux Desktop | 5 | i386 |
Updated Packages
- bind-libs-9.3.6-20.P1.el5.x86_64.rpm
- bind-devel-9.3.6-20.P1.el5.s390x.rpm
- bind-sdb-9.3.6-20.P1.el5.x86_64.rpm
- bind-libs-9.3.6-20.P1.el5.ppc.rpm
- bind-libs-9.3.6-20.P1.el5.i386.rpm
- bind-chroot-9.3.6-20.P1.el5.s390x.rpm
- bind-libs-9.3.6-20.P1.el5.s390x.rpm
- bind-libs-9.3.6-20.P1.el5.ppc64.rpm
- bind-devel-9.3.6-20.P1.el5.i386.rpm
- bind-libbind-devel-9.3.6-20.P1.el5.s390.rpm
- bind-libbind-devel-9.3.6-20.P1.el5.i386.rpm
- bind-9.3.6-20.P1.el5.s390x.rpm
- bind-devel-9.3.6-20.P1.el5.ppc.rpm
- bind-libbind-devel-9.3.6-20.P1.el5.ppc64.rpm
- bind-chroot-9.3.6-20.P1.el5.x86_64.rpm
- caching-nameserver-9.3.6-20.P1.el5.x86_64.rpm
- bind-libbind-devel-9.3.6-20.P1.el5.s390x.rpm
- bind-devel-9.3.6-20.P1.el5.s390.rpm
- bind-utils-9.3.6-20.P1.el5.ia64.rpm
- bind-utils-9.3.6-20.P1.el5.x86_64.rpm
- bind-devel-9.3.6-20.P1.el5.x86_64.rpm
- bind-libbind-devel-9.3.6-20.P1.el5.ppc.rpm
- bind-utils-9.3.6-20.P1.el5.ppc.rpm
- caching-nameserver-9.3.6-20.P1.el5.ppc.rpm
- bind-utils-9.3.6-20.P1.el5.s390x.rpm
- caching-nameserver-9.3.6-20.P1.el5.s390x.rpm
- bind-devel-9.3.6-20.P1.el5.ia64.rpm
- bind-libs-9.3.6-20.P1.el5.ia64.rpm
- bind-sdb-9.3.6-20.P1.el5.ia64.rpm
- bind-9.3.6-20.P1.el5.i386.rpm
- bind-9.3.6-20.P1.el5.x86_64.rpm
- bind-devel-9.3.6-20.P1.el5.ppc64.rpm
- caching-nameserver-9.3.6-20.P1.el5.i386.rpm
- bind-9.3.6-20.P1.el5.ppc.rpm
- bind-9.3.6-20.P1.el5.src.rpm
- bind-sdb-9.3.6-20.P1.el5.ppc.rpm
- bind-sdb-9.3.6-20.P1.el5.s390x.rpm
- bind-chroot-9.3.6-20.P1.el5.ppc.rpm
- bind-9.3.6-20.P1.el5.ia64.rpm
- bind-libbind-devel-9.3.6-20.P1.el5.x86_64.rpm
- bind-chroot-9.3.6-20.P1.el5.i386.rpm
- bind-sdb-9.3.6-20.P1.el5.i386.rpm
- bind-libbind-devel-9.3.6-20.P1.el5.ia64.rpm
- bind-libs-9.3.6-20.P1.el5.s390.rpm
- caching-nameserver-9.3.6-20.P1.el5.ia64.rpm
- bind-chroot-9.3.6-20.P1.el5.ia64.rpm
- bind-utils-9.3.6-20.P1.el5.i386.rpm
Fixes
- This content is not included.BZ - 663112
- This content is not included.BZ - 676242
- This content is not included.BZ - 744141
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.