[Caution] Information to installing Debian Security Advisory DSA 1172-1 named/bind9 on Skolelinux-Server
Hello Tjeneradmins,
this mail is written to all admins of skolelinux servers because of given
situation that has broken some servers.
Please check _before_ installing the Debian Security Advisory DSA 1172-1
on your server, if the situation explained at the URL's at the end of this
mail is given at your server.
It could happen under given conditions, that the domain name service breaks
during the upgrade. This affects other depending services like squid, ldap and
so on.
If this happens you should do the following steps as user root:
1. check /etc/defaults/bind9 if there is the entry
OPTIONS="-u bind" darin gibt.
If not, create it.
2. check with
tjener:~# ls -l /etc/bind/rndc.key
if you get an output like (rights and owner):
-rw-r----- 1 bind bind 77 2006-04-21 18:42 /etc/bind/rndc.key
If not, correct the rights and the owner
(chown / chmod).
3. check if there is a user bind with
tjener:~# getent passwd | grep bind
bind:x:101:105::/var/cache/bind:/bin/false
( should look like above)
4. (re-) start with
tjener:~# /etc/init.d/bind9 start
the nameserver.
5. check with
tjener:~# ps aux | grep named
bind 2132 0.0 1.1 29436 2852 ? Ss Sep11 0:00 /usr/sbin/named
if the nameserver is running. You should see a similar output like above.
It is always a good idea to check, if the squid, ldap, ... services are
working.
This issue is being tracked at
http://bugs.skolelinux.no/show_bug.cgi?id=1115
and also at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=386791
With best wishes, Jürgen Leibner
Skolelinux-Team, Germany
-- thanks to all who helped investigating this
Reply to: