Bind 9.16.1 crash on Ubuntu

Ben Bridges bbridges at springnet.net
Fri Dec 9 00:56:27 UTC 2022


Hi Robie (and Marc),

I've never reported a bug to Ubuntu before.  I ran ubuntu-bug against the crash report and told it to send the report.  It appears to have uploaded it to the Ubuntu error tracker (https://errors.ubuntu.com/user/1be5ee847bb6c14eae7458cbbda7ac91a5fd65d5d01f3f9d3dbc4480e44712035ed9c455e3cf04ec7eeadf72dd7f5414771cff9ba752940658ff902749b175e9), but I don't know how to verify that it sent what it was supposed to send.  Please let me know if there's anything else I need to do.

Thanks,
Ben

-----Original Message-----
From: Ben Bridges
Sent: Thursday, December 8, 2022 5:57 PM
To: Robie Basak <robie.basak at ubuntu.com>
Cc: ubuntu-devel-discuss at lists.ubuntu.com
Subject: RE: Bind 9.16.1 crash on Ubuntu

Hi Robie,

I really appreciate the information.  I totally understand your (Ubuntu developers) position on these sorts of matters.  We've been using Ubuntu for at least 10 years now and have never had any issues with it until this BIND assertion failure occurred.  It's been a good platform for us.

Unfortunately, when it comes to BIND, it leaves the users in a bit of a precarious position.  If you run the bind9 package, you incur the ire of ISC and the members of the BIND users forum (who chastise you for "running such an old version of BIND" and just tell you to upgrade BIND) if you post issues there.  If you use the ISC packages in their PPA repository, you can't get any (or only limited) assistance from the Ubuntu developers.  As popular as BIND is, it seems like it would be one of the packages that you would want to update regularly from the upstream minor version releases.  But perhaps BIND isn't run on Ubuntu as much as I think it might be.

Anyway, I'll try to file a bug report, but apport failed to create a core dump (file size too large), and I suspect you won't be able to do much without it.

Thanks again for the information.

Ben

-----Original Message-----
From: Robie Basak <robie.basak at ubuntu.com>
Sent: Thursday, December 8, 2022 2:06 PM
To: Ben Bridges <bbridges at springnet.net>
Cc: ubuntu-devel-discuss at lists.ubuntu.com
Subject: Re: Bind 9.16.1 crash on Ubuntu

Hi,

On Thu, Dec 08, 2022 at 05:22:34PM +0000, Ben Bridges wrote:
> This is bind9 1:9.16.1-0ubuntu2.11 running on Ubuntu 20.04.5 LTS (fully patched).  Has this issue been seen before?  If so, has it been fixed, or is it being fixed?  Is this the right forum for this posting?

This is the right place to ask, but for specific bugs, as Marc said
please make sure a bug exists against the package in Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/bind9 to check existing
reports, and "Report a bug" in the top right if you need to file a new
report.

> More generally ... to what extent do you update the Ubuntu bind9 package?  Is it literally the 9.16.1 base source code (in focal) with no updates other than to patch the CVE security vulnerabilities?  Or are there other patches in it as well?

It varies - we'll patch as we think is appropriate, though that has a
maintenance burden so we try to keep the patching minimal. You can see
the full set of patches currently applied against the Ubuntu 20.04 bind9
package here (the `series` file defines what is applied, as opposed to
simply the contents of the directory):
https://git.launchpad.net/ubuntu/+source/bind9/tree/debian/patches?h=ubuntu/focal-devel

Of course the outcome also depends on how the package is built. You can
see that here:
https://git.launchpad.net/ubuntu/+source/bind9/tree/debian/rules?h=ubuntu/focal-devel

>  For a given Ubuntu LTS version (such as focal), do you ever "start over" with the newest minor release of that branch of BIND (9.16 for focal, 9.18 for jammy)?  Or do you just continue patching the initial release of the branch?

It depends. We'll update to the latest upstream point release on a
case-by-case basis. Upstreams vary in policy and the quality of what
they'll stick in there, and we don't want to regress our users, or
change behaviour on them!

Formally, our policy on what is acceptable to update like this is here:
https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases

And then for an update like this to actually happen, an Ubuntu developer
needs to drive it. The Server Team does update some packages routinely,
but it doesn't look like bind9 is currently in that list.

> Is there a specific version of 9.16 that you can say 1:9.16.1-0ubuntu2.11 is equivalent to in terms of patches (both security and non-security)?

No - you have to study the patches.

> Do you recommend for or against Ubuntu users using the BIND packages in ISC's PPA repository instead of the bind9 package in the Ubuntu repository?

You can of course do what you like on your own system. But Ubuntu can
only reasonably support what it ships, so using only our packages is our
recommendation. If we get a bug report about a problem caused by a third
party package, then we normally have to reject that report since there's
nothing we can do about that third party package!

Most packaging problems our users report are caused by third party
repositories breaking things, especially on future release upgrades.
Fundamentally there are some breakages that even a perfect third party
repository maintainer cannot avoid. The apt/dpkg system wasn't designed
to work this way, even if this kind of use is really common in practice.
People tend to get away with it because our policy on changing as little
as possible in stable releases means that these issues don't show
themselves. Until they try to upgrade to the new release, things explode
and they blame us :-(

So while I don't think it's Ubuntu's official position or anything, I
would avoid using third party repositories as much as possible.

On the other hand, we *do* maintain our own packages, and if there's an
issue, it's our intention to patch it if that's possible and reasonable
against our stable release policies that apply across all of our
packages[1]. So please do make sure that a bug report exists :)

Robie

[1] https://wiki.ubuntu.com/StableReleaseUpdates

[City Utilities]

[SpringNet]<http://www.springnet.net>

Sales 417.575.7000 | Support 417.874.8000 | springnet.net<http://www.springnet.net>



More information about the Ubuntu-devel-discuss mailing list