[Bug 1086775] Re: bind9 uses high CPU after lucid->precise upgrade

Robie Basak 1086775 at bugs.launchpad.net
Thu Dec 6 11:21:02 UTC 2012 

There are two problems here. First is that the bind9.postinst fails to
set permissions correctly in some circumstances, and second that without
the permissions set correctly, you get 100% CPU usage.

The 100% CPU usage problem is already in bug 1038199, so we can track
that there. That leaves this bug to track the postinst /var/cache/bind
permissions problem.

** Description changed:

- Summary: bind9 uses very high CPU after an upgrade from Lucid to
- Precise. I have traced this to a directory permissions problem as
- /var/cache/bind is not writeable by the bind group after an upgrade, but
- is writeable after a clean install.
+ Affects: 1:9.7.0.dfsg.P1-1ubuntu0.8, 1:9.8.1.dfsg.P1-4ubuntu0.4, 1:9.8.4
+ .dfsg-1ubuntu1.
  
- Ubuntu release:
- root at dev1-kvm-cluster:~# lsb_release -rd
- Description:	Ubuntu 12.04.1 LTS
- Release:	12.04
+ bind9.postinst only sets permissions on
+ /var/cache/bind on a fresh install. When the bind9 package is removed
+ but not purged, /var/cache/bind is removed, but /etc/bind is left alone
+ (as expected). When the bind9 package is reinstalled from this state,
+ the postinst fails to correct the default 755 permissions on
+ /var/cache/bind.
  
- Package version:
- root at dev1-kvm-cluster:~# apt-cache policy bind9
- bind9:
-   Installed: 1:9.8.1.dfsg.P1-4ubuntu0.4
-   Candidate: 1:9.8.1.dfsg.P1-4ubuntu0.4
-   Version table:
-  *** 1:9.8.1.dfsg.P1-4ubuntu0.4 0
-         500 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
-         500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
-         100 /var/lib/dpkg/status
-      1:9.8.1.dfsg.P1-4 0
-         500 http://gb.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
+ This is particularly a problem for users upgrading from Lucid, since this
+ situation causes 100% CPU usage due to bug 695264.
  
- Expected behaviour: Upgrading Lucid->Precise when bind9 is installed
- does not use >100% CPU
+ Steps to reproduce:
  
- Observed behaviour: Upgrading Lucid->Precise when bind9 is installed
- uses >100% CPU
+ 1. Start with a Lucid system
+ 2. apt-get install bind9
+ 3. apt-get remove bind9
+ 4. apt-get install bind9
  
- Root cause:
+ Note broken permissions in /var/cache/bind.
  
- On an upgraded machine:
+ This isn't directly reproducible in Raring because files are now
+ left behind in /var/cache/bind causing /var/cache/bind to not be removed
+ when the package is removed (is this a separate bug?)
  
- root at dev1-kvm-cluster:~# ls -la /var/cache/bind
- total 8
- drwxr-xr-x  2 root bind 4096 Jun  5  2012 .
- drwxr-xr-x 14 root root 4096 Dec  5 10:18 ..
+ However, if from Lucid you then do:
  
- On a clean install of Precise:
+ 5. do-release-upgrade
  
- amb at adamant:~$ ls -la /var/cache/bind
- total 16
- drwxrwxr-x 2 root bind 4096 Dec  4 21:00 .
- drwxr-xr-x 8 root root 4096 Dec  3 20:54 ..
- -rw-r--r-- 1 bind bind  698 Dec  4 21:00 managed-keys.bind
- -rw-r--r-- 1 bind bind  512 Dec  4 21:00 managed-keys.bind.jnl
+ Then the problem propagates to Raring, and you'll see bug 1038199 (100%
+ CPU usage).
  
  Workaround:
  
+ # chown root.bind /var/cache/bind
  # chmod 775 /var/cache/bind
  # service bind9 restart
  
  Logs from the upgraded machine (see 'working directory not writeable'
  and 'permission denied')
  
  05-Dec-2012 12:23:35.719 found 2 CPUs, using 2 worker threads
  05-Dec-2012 12:23:35.720 using up to 4096 sockets
  05-Dec-2012 12:23:35.726 loading configuration from '/etc/bind/named.conf'
  05-Dec-2012 12:23:35.727 reading built-in trusted keys from file '/etc/bind/bind.keys'
  05-Dec-2012 12:23:35.727 using default UDP/IPv4 port range: [1024, 65535]
  05-Dec-2012 12:23:35.728 using default UDP/IPv6 port range: [1024, 65535]
  05-Dec-2012 12:23:35.729 listening on IPv6 interfaces, port 53
  05-Dec-2012 12:23:35.731 listening on IPv4 interface lo, 127.0.0.1#53
  05-Dec-2012 12:23:35.732 listening on IPv4 interface eth0, 10.40.0.5#53
  05-Dec-2012 12:23:35.734 listening on IPv4 interface eth1, 10.157.128.1#53
  05-Dec-2012 12:23:35.735 listening on IPv4 interface eth1, 10.161.208.1#53
  05-Dec-2012 12:23:35.736 listening on IPv4 interface eth0.60, 10.157.16.12#53
  05-Dec-2012 12:23:35.738 generating session key for dynamic DNS
  05-Dec-2012 12:23:35.738 sizing zone task pool based on 7 zones
  05-Dec-2012 12:23:35.744 using built-in root key for view _default
  05-Dec-2012 12:23:35.744 set up managed keys zone for view _default, file 'managed-keys.bind'
  05-Dec-2012 12:23:35.744 Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
  05-Dec-2012 12:23:35.744 automatic empty zone: 254.169.IN-ADDR.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 2.0.192.IN-ADDR.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 100.51.198.IN-ADDR.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 113.0.203.IN-ADDR.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: D.F.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 8.E.F.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 9.E.F.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: A.E.F.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: B.E.F.IP6.ARPA
  05-Dec-2012 12:23:35.744 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
  05-Dec-2012 12:23:35.749 command channel listening on 127.0.0.1#953
  05-Dec-2012 12:23:35.749 command channel listening on ::1#953
  05-Dec-2012 12:23:35.749 the working directory is not writable
  05-Dec-2012 12:23:35.749 ignoring config file logging statement due to -g option
  05-Dec-2012 12:23:35.750 zone 0.in-addr.arpa/IN: loaded serial 1
  05-Dec-2012 12:23:35.750 zone 157.10.in-addr.arpa/IN: loaded serial 1
  05-Dec-2012 12:23:35.751 zone 127.in-addr.arpa/IN: loaded serial 1
  05-Dec-2012 12:23:35.752 zone 255.in-addr.arpa/IN: loaded serial 1
  05-Dec-2012 12:23:35.753 zone extility.install/IN: loaded serial 1300877104
  05-Dec-2012 12:23:35.754 zone localhost/IN: loaded serial 2
  05-Dec-2012 12:23:35.754 managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
  05-Dec-2012 12:23:35.754 managed-keys.bind.jnl: create: permission denied
  05-Dec-2012 12:23:35.754 managed-keys-zone ./IN: sync_keyzone:dns_journal_open -> unexpected error

** Summary changed:

- bind9 uses high CPU after lucid->precise upgrade
+ Maintainer scripts mishandle /var/cache/bind permissions

** Bug watch added: Debian Bug tracker #316241
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316241

** Also affects: bind9 (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316241
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1086775

Title:
  Maintainer scripts mishandle /var/cache/bind permissions

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1086775/+subscriptions

More information about the Ubuntu-server-bugs mailing list