Bug#1074378: bind9: Bind9 SEGFAULT when enable DLZ with samba

[Cameron Davidson]

On Fri, 26 Jul 2024 14:28:12 +0200 Bernhard Schmidt  
wrote:

...
>
> Can anyone confirm the workaround from the Samba BZ setting
> LDB_MODULES_DISABLE_DEEPBIND=true ?
>
>


yes, the workaround has enabled my system to work again after the 
upgrade to 1:9.18.28-1~deb12u1

Bug#932085: grub-common: Grub can't load initrd for Xen after upgrade to Buster

[Cameron Davidson]

I also had the same problem after upgrading from 9.9 to 10.1. (from
network repos 8 November 2019).

The symptoms were the same, on the video console, the message appeared
(not verbatim as I forgot to transcribe it)

 loading xen-4.11
 then the same old warning about no available console for the kernel
 loading linux-4.19.0-6   
 loading initrd...
 error writing to console (then nothing)

This is just as it appeared when booting Xen from EFI in Stretch, except
that the version numbers were updated.

Neither of the workarounds made any difference. There was no evidence of
HDD activity, no network interfaces were activated, no logs were generated.

Only after trying the workarounds did I noticed that the grub boot menu
screen was displaying the suspicious-looking version 2.02~beta3-5+deb9u1.

The only file in /boot/efi/EFI/debian was (I think) grubx64.efi.

I manually ran grub-install and it seems to have fixed everything.  I
have no idea why it was not run automatically at some stage during the
upgrade.

The system now boots via the file shimx64.efi. 

Bug#927747: [Pkg-samba-maint] Bug#927747: bind9_dlz backend is entirely broken in Debian

[Cameron Davidson]

I would like to add my observations on this bug after upgrading from
stretch to 10.1.

The apparmor fixes seem OK so far.

My samba system was originally created by moving a samba-3 system from
CentOS 6 to Debian 9 and then using the samba tools to migrate to an
ad-dc system. I mention this, because that migration path, while
surprisingly smooth, was not without a need for some manual
intervention.  So some of what I obseved might be specific  to my
situation, since it was not installed on Debian from scratch.

At the end of the Buster upgrade, everything seemed to be running OK,
however once I needed to make some changes to and check the bind9 config
the problems became apparent.

1. the bind config was still pointing at
/var/lib/samba/private/named.conf and that file was still loading the
9.10 library, rather than 9.11.

2. After fixing that, I ran the suggested test of  "samba_dnsupdate 
--verbose --all-names"  and every line reported "failed".

3. I then tried the suggestion from the samba wiki of "samba_upgradedns
--dns-backend=BIND9_DLZ"

That failed due to the non-existence of the /var/lib/samba/bind-dns
directory, which led me to this bug report.

I manually created that directory, gave it what I guessed might be
suitable group ownership and permissions, and reran the samba_upgradedns
script.

The result of that was that there were no errors, and the program
reported that I needed to manually adjust the two entries in the bind9
config files to point to the new directory.


So it seems to me that the problem could be safely fixed by changing the
samba_upgradedns script to check for and create the bind-dns folder if
necessary. (I suppose that is an upstream issue and the full
ramifications would need to be considered)

Running this script in postinst would be appropriate, but you would
somehow need to determine that the user was already using the bind9_dlz
backend.


The result of the upgrade script running is that:

1. the new config file is created, that loads the correct version dlz
library (but "including" that file needs to be manually edited in main
bind9 config (options or local - wiki says .local, but mine was in
.options))

2. the gssapi-key  file is created as a hard link between private and
bind-dns locations, so old config still works, but user is advised to
manually update the bind9 .options file.


Cameorn.