isc-bind service shutdown after update at 9.20.7-1.2.el8

Ben Scott bscott at isc.org
Wed Mar 26 14:33:48 UTC 2025 

  I have been running BIND chroot'ed since before there was a systemd.  I have a vague memory of having to, at some point, change the systemd unit for named from "Type=notify" to "Type=forking".  My memory is not what it used to be, but I am fairly sure I was running named through Debian's standard systemd unit for some time, before I needed to make that change.  So I think something changed at some point, breaking a configuration that used to work.

  It is possible the change in question was Debian introducing the patch to add systemd-notify support to BIND 9.18.  (That is not in vanilla BIND 9.18.)

  If it helps, this is my /etc/systemd/system/named.service.d/override.conf file (as of Debian 12 bookworm):

[Service]
Type=forking
PrivateTmp=false
ExecStart=
ExecStart=/usr/sbin/named $OPTIONS
PIDFile=/srv/dns/run/named.pid

  The first (blank) ExecStart tells systemd to clear the stock ExecStart declaration, rather than adding to it.  And $OPTIONS is "-u bind -t /srv/dns" per /etc/default/named file.

  -- Ben

-- 
Any opinions expressed in this message are those of the author alone.
All information is provided without warranty of any kind.

----- Original Message -----
> From: "Michal Nowak" 
> To: "bind-users" 
> Sent: Tuesday, March 25, 2025 1:09:36 PM
> Subject: Re: isc-bind service shutdown after update at 9.20.7-1.2.el8

> Hi,
> 
> I can reproduce your problem when I setup chroot.
> 
> Tho, I think this is the expected behaviour unless you setup the systemd
> notify socket inside the chroot. See the following guide for how to do
> it https://kb.leuxner.net/article/bind-sd_notify-chroot/ (haven't tried
> it myself), or resort to what already works for you, i.e., Type=forking
> and the removal of the "-f" option from the unit file.
> 
> > What is the impact of not using the " Type=notify" and »"-f" on my
> system?
> 
> There's no impact. It works.
> 
> Michal
> 
> On 24/03/2025 16:44, Langlois Joël wrote:
>> Hello,
>> 
>>      Thanks for your reply, this help me to point in the good direction! The problem
>>      is in the startup file for the service
>>      /usr/lib/systemd/system/isc-bind-named.service  (this file is modify by the
>>      9.20.7 update). When i try to use the option "Type=notify" or the option "-f"
>>      (ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u named -f) the service
>>      "isc-bind-named" does not want to start and i have the same error like in my
>>      fisrt email (netmgr 0x7f741ea7b1e0: Shutting down network manager etc....).
>>      When i put back the old option (Type=forking) and no "-f" in the ExcStart line,
>>      everything work like a charm!
>> 
>> I am using "selinux" (i tried to desactivate it with no success for bind)  and i
>> have a chroot (/var/named/chroot) environement on my system since many years
>> and i never had that kind of trouble before.  What is the impact of not using
>> the " Type=notify" and »"-f" on my system?
>> 
>> Config file that is running well:
>> =========================
>> [root at sdns_server]# cat /usr/lib/systemd/system/isc-bind-named.service
>> [Unit]
>> After=network.target
>> Wants=nss-lookup.target
>> Before=nss-lookup.target
>> 
>> [Service]
>> Type=notify
>> EnvironmentFile=-/etc/opt/isc/scls/isc-bind/sysconfig/named
>> PIDFile=/var/named/chroot/run/named/named.pid
>> ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u named $OPTIONS
>> ExecReload=/bin/kill -HUP $MAINPID
>> ExecStop=/bin/kill -TERM $MAINPID
>> PrivateTmp=true
>> 
>> [Install]
>> WantedBy=multi-user.target
>> 
>> 
>> [root at dns_server]# cat /etc/opt/isc/scls/isc-bind/sysconfig/named
>> # Command line options passed to named
>> OPTIONS="-4 -t /var/named/chroot"
>> 
>> 
>> Thanks a lot for your help!
>> 
>> --
>> Joel Langlois
>> 
>> 
>> -----Message d'origine-----
>> De : bind-users  De la part de Michal Nowak
>> Envoyé : 24 mars 2025 09:06
>> À : bind-users at lists.isc.org
>> Objet : Re: isc-bind service shutdown after update at 9.20.7-1.2.el8
>> 
>> ATTENTION : Ce courriel provient d'une source externe. Assurez-vous que cette
>> dernière est sûre avant d'ouvrir une pièce jointe ou de cliquer sur un lien.
>> Dans le doute, signalez le message.
>> 
>> 
>> For BIND 9.20.7 and 9.21.6 we changed the service type from "forking" to
>> "notify", also ExecStart now has the "-f" option:
>> 
>> -[Service]
>> -Type=forking
>> -ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u named
>> +[Service]
>> +Type=notify
>> +ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u named -f
>> 
>> Could you please give us the output of "systemctl status isc-bind-named.service"
>> a few seconds after the service started? I'd be surprised to find it in the
>> "Active: active (running)" state.
>> 
>> I failed to reproduce your problem on a clean Rocky Linux 8.10.
>> 
>> Michal
>> 
>> On 21/03/2025 20:43, Langlois Joël via bind-users wrote:
>>> Hi everyone,
>>>
>>>         After updating my isc-bind packages from 9.20.6-1.2 to
>>> 9.20.7-1.2, i try to start the service but it always « shutdown » by
>>> himself. My server is a Rocky Linux 8.10 and with the old version
>>> (9.20.6)  everything is working fine since many mounths. Here is a the
>>> part of the output log (with debug enable) where i saw the service
>>> going down (see netmgr ans shutting down below)! Any idea someone?
>>>
>>> Thanks in advance
>>>
>>> .
>>>
>>> .
>>>
>>> .
>>>
>>> fetch: ultradns.info/NS
>>>
>>> fetch: ultradns.co.uk/NS
>>>
>>> fetch: ultradns.co.uk/NS
>>>
>>> fetch: rds.ca/A
>>>
>>> fetch: rds.ca/A
>>>
>>> zone_maintenance: managed-keys-zone: enter
>>>
>>> zone_dump: managed-keys-zone: enter
>>>
>>> zone__settimer: managed-keys-zone: enter
>>>
>>> dump_done: managed-keys-zone: enter
>>>
>>> zone_journal_compact: managed-keys-zone: target journal size 0
>>>
>>> journal file managed-keys.bind.jnw does not exist, creating it
>>>
>>> fetch: rds.ca/A
>>>
>>> fetch: rds.ca/A
>>>
>>> fetch: rds.ca/A
>>>
>>> fetch: rds.ca/A
>>>
>>> netmgr 0x7fa151a7b1e0: Shutting down network manager
>>>
>>> netmgr 0x7fa151a7b1e0: Shutting down network manager worker on loop
>>> 0x7fa151a39000(0)
>>>
>>> no longer listening on 127.0.0.1#53
>>>
>>> no longer listening on X.X.X.60#53
>>>
>>> stopping command channel on 127.0.0.1#953
>>>
>>> loop exclusive mode: starting
>>>
>>> loop exclusive mode: started
>>>
>>> shutting down
>>>
>>> managed-keys-zone: final reference detached
>>>
>>> .
>>>
>>> .
>>>
>>> ================================
>>>
>>> # systemctl status isc-bind-named.service
>>>
>>> ● isc-bind-named.service
>>>
>>>      Loaded: loaded (/usr/lib/systemd/system/isc-bind-named.service;
>>> enabled; vendor preset: disabled)
>>>
>>>      Active: failed (Result: timeout) since Fri 2025-03-21 14:47:08
>>> EDT; 51min ago
>>>
>>>     Process: 1531 ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u
>>> named -f $OPTIONS (code=exited, status=0/SUCCESS)
>>>
>>> Main PID: 1531 (code=exited, status=0/SUCCESS)
>>>
>>> Mar 21 14:45:37 dns_server named[1531]: checkhints:
>>> b.root-servers.net/ AAAA (2801:1b8:10::b) missing from hints
>>>
>>> Mar 21 14:45:37  dns_server  named[1531]: checkhints: b.root-
>>> servers.net/AAAA (2001:500:200::b) extra record in hints
>>>
>>> Mar 21 14:47:07 dns_server  systemd[1]: isc-bind-named.service: start
>>> operation timed out. Terminating.
>>>
>>> Mar 21 14:47:07 dns_server  named[1531]: no longer listening on
>>> 127.0.0.1#53
>>>
>>> Mar 21 14:47:07 dns_server  named[1531]: no longer listening on
>>> X.X.X.60#53
>>>
>>> Mar 21 14:47:07 dns_server  named[1531]: stopping command channel on
>>> 127.0.0.1#953
>>>
>>> Mar 21 14:47:07 dns_server  named[1531]: shutting down
>>>
>>> Mar 21 14:47:08 dns_server   named[1531]: exiting
>>>
>>> Mar 21 14:47:08 dns_server   systemd[1]: isc-bind-named.service: Failed
>>> with result 'timeout'.
>>>
>>> Mar 21 14:47:08 dns_server  systemd[1]: Failed to start isc-bind-
>>> named.service.
>>>
>>> #
>>>
>>> ------
>>>
>>> Joe
>>>
>>>
>> 
>> --
>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this
>> list
>> 
>> ISC funds the development of this software with paid support subscriptions.
>> Contact us at https://www.isc.org/contact/ for more information.
>> 
>> 
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
> 
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this
> list
> 
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list