[Bug 380962] [NEW] init script doesn't handle rndc error properly

David david-launchpad at papaya.me.uk
Wed May 27 15:23:16 BST 2009 

Public bug reported:

1) Ubuntu 9.04

2) 1:9.5.1.dfsg.P2-1

3) I have disabled the remote admin capability on my bind9 server using
"controls {};"

I expected that I would still be able to both stop and to restart the
bind9 server using the /etc/init.d/bind9 script.  Furthermore I expected
that if the init script was unable to do either of these things it would
tell me that it had failed.

4) When I executed "/etc/init.d/bind9 stop" the following happened:

 * Stopping domain name service... bind9
rndc: connect failed: 127.0.0.1#953: connection refused
                                                                         [ OK ]

As you can see the init script printed "[ OK ]", which I interpreted to
mean that it had successfully stopped bind9.  Despite printing "[ OK ]"
the bind9 server hadn't actually been stopped: `ps aux|grep named`
confirmed this.

Ideally I would prefer if you fixed this bug by resorting to an
alternative method of killing bind9, e.g. `kill $PID` if the rndc
program fails.  If you don't want to do that, then could you at least
fix the init script so that it doesn't mistakenly print "[ OK ]".


(As an aside I discovered this bug when I executed "/etc/init.d/bind9 restart" and the following happened:

 * Stopping domain name service... bind9
rndc: connect failed: 127.0.0.1#953: connection refused
                                                                         [ OK ]
 * Starting domain name service... bind9        [ OK ] 

This led me to believe that my configuration change to bind (enabling
DNSSEC) had succeeded (because I saw the two OKs), and therefore I
thought that my DNS lookups were now being protected by DNSSEC DLV
validation, when they in fact weren't.  I therefore consider this issue
to be on the borderline of being a security vulnerability, because it
led me to be believe that I had enabled a security feature when I had in
fact not done so.)

** Affects: bind9 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
init script doesn't handle rndc error properly
https://bugs.launchpad.net/bugs/380962
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.

More information about the Ubuntu-server-bugs mailing list