BIND DNS Server uninstalled - chroot issue on 1.999-x update

keerby · August 9, 2022, 1:55pm

Hello

After updating webmin from 1.998-1 to 1.999-1 (i had to redo the same today with 1.999-2), i’ve received alerts like:
→ Service monitor : BIND DNS Server uninstalled
–>The BIND DNS server version 8 or 9 does not appear to be installed on your system, or has not yet been set up properly in Webmin’s …
→ BIND version 9.11, under chroot /var/named/chroot… The primary configuration file for BIND /var/named/chroot/etc/named.conf does not exist, or is not valid. Create it?

To fix this in /etc/webmin/bind8/config
delete or comment lines starting by ‘auto_chroot’, ‘chroot’ and set ‘no_chroot’ to 0 if equal to 1

This issue seems to be regular:
https://archive.virtualmin.com/node/53785#comment-form

|------------------------------|-------------------------------|
| OS type and version | CentOS Linux 7.9.2009 |
| Webmin version | webmin-1.999-2.noarch |

Ilia · August 9, 2022, 2:34pm

Hello,

This is odd, as upgrading Webmin doesn’t touch existing module config files!

jmunjr · August 9, 2022, 3:00pm

Hmm, perhaps this is related to the issues I had with BIND. BIND stopped working three days ago and it caused my Virtualmin backups to fail. I ended up fixing things but I got lucky.

Here is my post
https://forum.virtualmin.com/t/bind-dns-server-suddenly-not-starting-backups-failing-as-a-result-and-more/116404

DonX · August 9, 2022, 9:59pm

Hello,

This also happened to me as well after updating from 1998 to 1999. This was my error message:

Warning : The chroot directory /var/named/chroot that Webmin thinks BIND is using may be incorrect.

I have since fixed the error by disabling using chroot.

Joe · August 9, 2022, 11:24pm

We’re trying to figure it out. It doesn’t happen on our test systems, at least so far. So, we’re still trying to reproduce it. It’s apparently happening to a lot of folks…so, we know something is wrong, we just can’t figure out what.

Ilia · August 9, 2022, 11:28pm

For those it happened – can you please share Webmin Bind config before the breakage? From a backup, for example? The file in question is located at /etc/bind8/config.

Joe · August 9, 2022, 11:29pm

And, after! We need to know if the new one is identical to the one shipped with Webmin, rather than one that’s had the tweaks the Virtualmin install performs.

Ilia · August 9, 2022, 11:38pm

@DonX What is your OS?

DonX · August 10, 2022, 1:10am

@Ilia it is: CentOS Linux 7.9.2009

keerby · August 10, 2022, 1:32pm

Hello Ilia
Thank you for your quick answer. My config file was rewritten just after updating to rev1 and rev2.

Please find a copy of my config file before 1.999:

dnssectools_keydir=/var/named/dtkeys
updserial_man=1
keygen=dnssec-keygen
checkconf=named-checkconf
tmpl_dnssec=1
updserial_def=0
pid_file=/var/run/named.pid /run/named.pid
named_conf=/etc/named.conf
restart_cmd=restart
relative_paths=0
rev_must=0
soa_start=0
records_order=0
reversezonefilename_format=ZONE.rev
no_pid_chroot=0
short_names=0
master_dir=/var/named
master_ttl=1
allow_comments=0
no_chroot=0
force_random=0
tmpl_email=
dnssec_period=21
updserial_on=1
named_path=/usr/sbin/named
whois_cmd=whois
dnssectools_rollmgr_pidfile=/var/run/rollmgr.pid
ndc_cmd=ndc
allow_long=0
checkzone=named-checkzone
tmpl_dnssecsizedef=1
allow_wild=1
spf_record=0
show_list=1
rev_def=0
stop_cmd=service named stop
dnssectools_conf=/etc/dnssec-tools/dnssec-tools.conf
confirm_zone=1
forwardzonefilename_format=ZONE.hosts
tmpl_dnssecsize=
by_view=0
tmpl_dnssec_dt=
rndcconf_cmd=rndc-confgen
start_cmd=service named start
tmpl_dnssecalg=RSASHA1
dnssectools_rollrec=/var/named/system.rollrec
rndc_conf=/etc/rndc.conf
signzone=dnssec-signzone
support_aaaa=1
ipv6_mode=1
slave_dir=/var/named/slaves
confirm_rec=0
soa_style=0
tmpl_dnssecsingle=0
dnssec_info=1
max_zones=50
largezones=0
allow_underscore=1
rndc_cmd=rndc
other_slaves=1

After update 2 or 3 lines were modified
chroot=/var/named/chroot
auto_chroot=sh -c ‘. /etc/sysconfig/named && echo “$ROOTDIR”’

I’m not sure if “no_chroot=0” were modified in 1.999-1 or not.

in case you ask me: /etc/sysconfig/named

# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# OPTIONS="whatever"     --  These additional options will be passed to named
#                            at startup. Don't add -t here, enable proper
#                            -chroot.service unit file.
#                            Use of parameter -c is not supported here. Extend
#                            systemd named*.service instead. For more
#                            information please read the following KB article:
#                            https://access.redhat.com/articles/2986001
#
# DISABLE_ZONE_CHECKING  --  By default, service file calls named-checkzone
#                            utility for every zone to ensure all zones are
#                            valid before named starts. If you set this option
#                            to 'yes' then service file doesn't perform those
#                            checks.
ulimit -HSn 4096

Ilia · August 10, 2022, 2:28pm

Thanks for the provided info.

By saying this, do you mean after upgrading Webmin 1.999-1 to 1.999-2, correct?

How did you upgrade? Using package manager, like yum update command? Also, do you use Virtualmin on that system?

Ilia · August 10, 2022, 3:01pm

I looked deeper into the code and it seems that theoretically it’s possible to have new directives merged into your existing configs. Although, at the moment I see this is only possible if your actual detected OS on Webmin config is incorrect. What is the output of the following command on your systems @jmunjr @keerby @DonX ?

grep os_ /etc/webmin/config

jmunjr · August 10, 2022, 5:40pm

grep os_ /etc/webmin/config
os_version=15.9
real_os_type=CentOS Linux
os_type=redhat-linux
real_os_version=7.9.2009

Thanks for sorting this out. As I stated, my system corrected itself, I think after I made a change in the module config to how chroot was handled, and then changing back, though I am not 100% sure about that.

Ilia · August 10, 2022, 7:06pm

Alright, I see the cause of this issue. We will fix this on the next Webmin release.

Sorry about that and thanks for reporting!

DonX · August 10, 2022, 7:32pm

@Ilia just to note, I get the same output as jmunjr.

real_os_type=CentOS Linux
os_version=15.9
os_type=redhat-linux
real_os_version=7.9.2009

Jamie · August 11, 2022, 12:55pm

@Ilia how does this patch fix the issue?

Ilia · August 11, 2022, 1:16pm

@Jamie, it adds an empty chroot= and auto_chroot=, preventing copyconfig.pl from adding (merging) those values.

Jamie · August 11, 2022, 1:31pm

Was a bug introduced when newer OS-specific config-* files were added recently?

Ilia · August 11, 2022, 2:57pm

Yes, this issue doesn’t happen with 1.994 and it doesn’t happen with 1.999-3 (locally built). Moreover, it doesn’t happen with 1.999-2 if installed initially, however the issue pops up if you reinstall 1.999-2 using package manager like dnf reinstall webmin …

reshhia · August 13, 2022, 12:51pm

Install Virtualmin on Centos 7 After updating BIND version 9.11, BIND does not start. ERROR : Failed to start BIND : sh: /etc/rc.d/init.d/named: No such file or directory

Output of grep os_ /etc/webmin/config

os_type=redhat-linux
os_version=15.9
real_os_type=CentOS Linux
real_os_version=7.9.2009

@Ilia Please let me know how to fix the issue or when will be updating the software.

Thank you