Public bug reported: 1) Ubuntu 9.04
2) 1:9.5.1.dfsg.P2-1 3) I have disabled the remote admin capability on my bind9 server using "controls {};" I expected that I would still be able to both stop and to restart the bind9 server using the /etc/init.d/bind9 script. Furthermore I expected that if the init script was unable to do either of these things it would tell me that it had failed. 4) When I executed "/etc/init.d/bind9 stop" the following happened: * Stopping domain name service... bind9 rndc: connect failed: 127.0.0.1#953: connection refused [ OK ] As you can see the init script printed "[ OK ]", which I interpreted to mean that it had successfully stopped bind9. Despite printing "[ OK ]" the bind9 server hadn't actually been stopped: `ps aux|grep named` confirmed this. Ideally I would prefer if you fixed this bug by resorting to an alternative method of killing bind9, e.g. `kill $PID` if the rndc program fails. If you don't want to do that, then could you at least fix the init script so that it doesn't mistakenly print "[ OK ]". (As an aside I discovered this bug when I executed "/etc/init.d/bind9 restart" and the following happened: * Stopping domain name service... bind9 rndc: connect failed: 127.0.0.1#953: connection refused [ OK ] * Starting domain name service... bind9 [ OK ] This led me to believe that my configuration change to bind (enabling DNSSEC) had succeeded (because I saw the two OKs), and therefore I thought that my DNS lookups were now being protected by DNSSEC DLV validation, when they in fact weren't. I therefore consider this issue to be on the borderline of being a security vulnerability, because it led me to be believe that I had enabled a security feature when I had in fact not done so.) ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New -- init script doesn't handle rndc error properly https://bugs.launchpad.net/bugs/380962 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs