Bug 23009

*** Bug 23040 has been marked as a duplicate of this bug. ***

CC: (none) => mitya

Release announcement:
https://blog.powerdns.com/2018/05/08/authoritative-server-4-1-2-released/

Dmitry already built this update, but I missed it.

pdns-4.1.2-1.mga6

from pdns-4.1.2-1.mga6.src.rpm

Version: Cauldron => 6
Status comment: Fixed upstream in 4.1.2 => (none)
Assignee: mitya => qa-bugs
Whiteboard: MGA6TOO => (none)

 https://bugs.mageia.org/show_bug.cgi?id=20126#c2 gives a test procedure.

BEFORE update: pdns-4.1.0-1.mga6 (+ pdns-recursor-4.1.0-1.mga6)
But I cannot get pdns to work at all (even after re-installing it):
 # systemctl start pdns
Job for pdns.service failed because the control process exited with error code.
 # systemctl -l status pdns
 ● pdns.service - PowerDNS Authoritative Server
   Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Sul 2018-05-20
     Docs: man:pdns_server(1)
           man:pdns_control(1)
           https://doc.powerdns.com
  Process: 15825 ExecStart=/usr/sbin/pdns_server --guardian=no --daemon=no --
 Main PID: 15825 (code=exited, status=1/FAILURE)

Mai 20 08:34:48 localhost.localdomain systemd[1]: pdns.service: Main process exited, code=exited, status=1/FAILURE
Mai 20 08:34:48 localhost.localdomain systemd[1]: Failed to start PowerDNS Authoritative Server.
Mai 20 08:34:48 localhost.localdomain systemd[1]: pdns.service: Unit entered failed state.
Mai 20 08:34:48 localhost.localdomain systemd[1]: pdns.service: Failed with result 'exit-code'.

 I cannot hence test this (yet). Am asking on qa-discuss.

@David: advisory please; otherwise I can make one up from the info in the bug.

CC: (none) => lewyssmith

Advisory:
========================

Updated pdns package fixes security vulnerability:

A stack-based buffer overflow in the dnsreplay tool occurring when replaying a
specially crafted PCAP file with the `--ecs-stamp` option enabled, leading to a
denial of service or potentially arbitrary code execution (CVE-2018-1046).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1046
http://openwall.com/lists/oss-security/2018/05/09/2
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html
https://blog.powerdns.com/2018/05/08/authoritative-server-4-1-2-released/

(In reply to Lewis Smith from comment #3)

Lewis,

Maybe you've got a stale config file from a previous install (with some obsolete/invalid option). Could you please try to uninstall pdns, remove /etc/powerdns completely and reinstall? If that doesn't help, please show us what do "systemctl status pdns" and "journalctl -u pdns" say. Thanks!

@Dimitrri : thanks for your interest.

> uninstall pdns
 # urpme pdns
wrthi'n tynnu pdns-4.1.0-1.mga6.x86_64
...
> remove /etc/powerdns completely
 # rm -rf /etc/powerdns
 # ls -l /etc/powerdns
ls: cannot access '/etc/powerdns': No such file or directory

>  reinstall
 # urpmi pdns
    $MIRRORLIST: media/core/updates/pdns-4.1.0-1.mga6.x86_64.rpm
wrthi'n gosod pdns-4.1.0-1.mga6.x86_64.rpm o /var/cache/urpmi/rpms          
...
----------------------------------------------------------------------
Recursion was removed from the PowerDNS Authoritative Server in version 4.1.0.
Please consult the docs for migration options:
https://doc.powerdns.com/authoritative/guides/recursion.html
----------------------------------------------------------------------
-------------------------
 # systemctl stop dnsmasq
Failed to stop dnsmasq.service: Unit dnsmasq.service not loaded.
 # systemctl start pdns
Job for pdns.service failed because the control process exited with error code.
See "systemctl status pdns.service" and "journalctl -xe" for details.

 # systemctl -l status pdns.service
● pdns.service - PowerDNS Authoritative Server
   Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Sul 2018-05-20 20:09:16 CEST; 106ms ago
     Docs: man:pdns_server(1)
           man:pdns_control(1)
           https://doc.powerdns.com
  Process: 14495 ExecStart=/usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no (code=exited, status=1/FAIURE)L
 Main PID: 14495 (code=exited, status=1/FAILURE)

Mai 20 20:09:17 localhost.localdomain systemd[1]: Starting PowerDNS Authoritative Server...
Mai 20 20:09:18 localhost.localdomain pdns_server[14502]: Reading random entropy from '/dev/urandom'
Mai 20 20:09:18 localhost.localdomain pdns_server[14502]: This is a standalone pdns
Mai 20 20:09:18 localhost.localdomain pdns_server[14502]: Listening on controlsocket in '/run/powerdns/pdns.controlsocket'
Mai 20 20:09:18 localhost.localdomain pdns_server[14502]: Unable to bind UDP socket
Mai 20 20:09:18 localhost.localdomain pdns_server[14502]: Fatal error: Unable to bind to UDP socket
Mai 20 20:09:18 localhost.localdomain systemd[1]: pdns.service: Main process exited, code=exited, status=1/FAILURE
Mai 20 20:09:18 localhost.localdomain systemd[1]: Failed to start PowerDNS Authoritative Server.
Mai 20 20:09:18 localhost.localdomain systemd[1]: pdns.service: Unit entered failed state.
Mai 20 20:09:18 localhost.localdomain systemd[1]: pdns.service: Failed with result 'exit-code'.
Mai 20 20:09:19 localhost.localdomain systemd[1]: pdns.service: Service hold-off time over, scheduling restart.
Mai 20 20:09:19 localhost.localdomain systemd[1]: Stopped PowerDNS Authoritative Server.
Mai 20 20:09:19 localhost.localdomain systemd[1]: Starting PowerDNS Authoritative Server...
Mai 20 20:09:19 localhost.localdomain pdns_server[14507]: Reading random entropy from '/dev/urandom'
Mai 20 20:09:19 localhost.localdomain pdns_server[14507]: This is a standalone pdns
Mai 20 20:09:19 localhost.localdomain pdns_server[14507]: Listening on controlsocket in '/run/powerdns/pdns.controlsocket'
Mai 20 20:09:19 localhost.localdomain pdns_server[14507]: Unable to bind UDP socket to '0.0.0.0:53': Address already in use
Mai 20 20:09:19 localhost.localdomain pdns_server[14507]: Fatal error: Unable to bind to UDP socket
Mai 20 20:09:19 localhost.localdomain systemd[1]: pdns.service: Main process exited, code=exited, status=1/FAILURE
 repeated.
---------------------
 # journalctl -u pdns    [without leading date, time, localhost.localdomain]
systemd[1]: Stopped PowerDNS Authoritative Server.
systemd[1]: Starting PowerDNS Authoritative Server...
systemd[1]: pdns.service: Main process exited, code=exited, status=1/FAILURE
pdns_server[2579]: Reading random entropy from '/dev/urandom'
pdns_server[2579]: This is a standalone pdns
pdns_server[2579]: Listening on controlsocket in '/run/powerdns/pdns.controls
pdns_server[2579]: Unable to bind UDP socket to '0.0.0.0:53': Address already
pdns_server[2579]: Fatal error: Unable to bind to UDP socket
systemd[1]: Failed to start PowerDNS Authoritative Server.
systemd[1]: pdns.service: Unit entered failed state.
systemd[1]: pdns.service: Failed with result 'exit-code'.
systemd[1]: pdns.service: Service hold-off time over, scheduling restart.
systemd[1]: Stopped PowerDNS Authoritative Server.
systemd[1]: Starting PowerDNS Authoritative Server...
pdns_server[2586]: Reading random entropy from '/dev/urandom'
pdns_server[2586]: This is a standalone pdns
pdns_server[2586]: Listening on controlsocket in '/run/powerdns/pdns.controls
pdns_server[2586]: Unable to bind UDP socket to '0.0.0.0:53': Address already
pdns_server[2586]: Fatal error: Unable to bind to UDP socket
systemd[1]: pdns.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: Failed to start PowerDNS Authoritative Server.
systemd[1]: pdns.service: Unit entered failed state.
systemd[1]: pdns.service: Failed with result 'exit-code'.
systemd[1]: pdns.service: Service hold-off time over, scheduling restart.
systemd[1]: Stopped PowerDNS Authoritative Server.
 repeated.

Hope this helps.

MGA6-32 on IBM Thinkpad R50e Xfce
No installation issues. pdns was not installed before in this laptop.
# systemctl start pdns
# systemctl -l status pdns
● pdns.service - PowerDNS Authoritative Server
   Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset: enabled)
   Active: active (running) since ma 2018-05-21 16:13:41 CEST; 20s ago
     Docs: man:pdns_server(1)
           man:pdns_control(1)
           https://doc.powerdns.com
 Main PID: 21319 (pdns_server)
   CGroup: /system.slice/pdns.service
           └─21319 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no 

mei 21 16:13:39 xxx.yyy.zzz pdns_server[21319]: TCP server bound to 0.0.0.0:53
mei 21 16:13:39 xxx.yyy.zzz pdns_server[21319]: TCPv6 server bound to [::]:53
mei 21 16:13:39 xxx.yyy.zzz pdns_server[21319]: PowerDNS Authoritative Server 4.1.2 (C) 2001-20
mei 21 16:13:39 xxx.yyy.zzz pdns_server[21319]: Using 32-bits mode. Built using gcc 5.4.0.
mei 21 16:13:39 xxx.yyy.zzz pdns_server[21319]: PowerDNS comes with ABSOLUTELY NO WARRANTY. Thi
mei 21 16:13:41 xxx.yyy.zzz pdns_server[21319]: Polled security status of version 4.1.2 at star
mei 21 16:13:41 xxx.yyy.zzz pdns_server[21319]: Creating backend connection for TCP
mei 21 16:13:41 xxx.yyy.zzz pdns_server[21319]: About to create 3 backend threads for UDP
mei 21 16:13:41 xxx.yyy.zzz systemd[1]: Started PowerDNS Authoritative Server.
mei 21 16:13:41 xxx.yyy.zzz pdns_server[21319]: Done launching threads, ready to distribute que

And refering to bug 20126 Comment 3
$ dig mageia.org @127.0.0.1 -p 53

; <<>> DiG 9.10.6-P1 <<>> mageia.org @127.0.0.1 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 56058
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;mageia.org.			IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: ma mei 21 16:24:32 CEST 2018
;; MSG SIZE  rcvd: 39

Seems OK to me.

@ Lewis: did you remove this /run/powerdns/pdns.controls when you uninstalled the previous version?

CC: (none) => herman.viaene

(In reply to Lewis Smith from comment #7)

Lewis,

Seems like your port 53 is already bound by another process, which prevents pdns from starting. You can determine the process by running the following command:

netstat -tuln | grep ":53"

and then terminate the process and try starting pdns again.

(In reply to Dimitri Jakov from comment #9)
> Seems like your port 53 is already bound by another process, which prevents
> pdns from starting. You can determine the process by running the following
> command:
> netstat -tuln | grep ":53"
> and then terminate the process and try starting pdns again.
 # netstat -tuln | grep ":53"
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     
tcp6       0      0 ::1:53                  :::*                    LISTEN     
udp        0      0 127.0.0.1:53            0.0.0.0:*                          
udp6       0      0 ::1:53                  :::*                               
Looks a bit radical to kill tcp & udp! Do not know why they have port 53.
 # ps -ax | grep tcp
1782 tty1     Ssl+   0:21 /usr/libexec/Xorg -nolisten tcp -auth /var/run/sdd
 # ps -ax | grep udp
 #

From Herman:
> did you remove this /run/powerdns/pdns.controls when you uninstalled
> the previous version?
I did not, but...
 # ls -l /run/powerdns/pdns.controls
ls: cannot access '/run/powerdns/pdns.controls': No such file or directory
 both before & after trying to start pdns.
However:
 # ls -l /run/powerdns/*
srw-rw---- 1 root powerdns 0 Mai  21 19:15 /run/powerdns/pdns.controlsocket=
 Deleting that had no effect - it gets re-created when next starting pdns.
===================================================================
Re-running the whole lot, abbreviated where O/P same as before:
# systemctl stop pdns
# urpme pdns
# rm -rf /etc/powerdns
# rm -rf /run/powerdns/
# urpmi pdns
# rpm -q pdns
pdns-4.1.0-1.mga6
# netstat -tuln | grep ":53"      (again tcp[6] LISTEN, & udp[6])
# systemctl start pdns
Job for pdns.service failed because the control process exited with error code.

Still blocked!

You need to add a p to your netstat options for it to tell you which process has the sicket.  Run it as root.

Thanks; before starting pdns:
 # netstat -ptuln | grep ":53"
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1426/pdns_recursor  
tcp6       0      0 ::1:53                  :::*                    LISTEN      1602/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1426/pdns_recursor  
udp6       0      0 ::1:53                  :::*                                1602/named          
-----------
 # systemctl stop pdns_recursor
Failed to stop pdns_recursor.service: Unit pdns_recursor.service not loaded.
 Using MCC-System-Services, pdns was already stopped, pdns-recursor shown running; both to start at startup. Stopped pdns-recursor.

 # systemctl start pdns
Job for pdns.service failed because the control process exited with error code.
 # netstat -ptuln | grep ":53 "
tcp6       0      0 ::1:53                  :::*                    LISTEN      1602/named          
udp6       0      0 ::1:53                  :::*                                1602/named
 # systemctl status pdns
usual O/P as previously.

Uninstalled, cleaned up, re-installed pdns as in c10.
"Recursion was removed from the PowerDNS Authoritative Server in version 4.1.0"
Does that have a bearing?

 # systemctl status pdns
● pdns.service - PowerDNS Authoritative Server
   Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset:
   Active: inactive (dead) (Result: exit-code) since Mer 2018-05-23 09:14:35 CES
     Docs: man:pdns_server(1)
           man:pdns_control(1)
           https://doc.powerdns.com
 Main PID: 12422 (code=exited, status=1/FAILURE)
Mai 23 09:14:34 localhost.localdomain systemd[1]: pdns.service: Main process exi
Mai 23 09:14:34 localhost.localdomain systemd[1]: Failed to start PowerDNS Autho
Mai 23 09:14:34 localhost.localdomain systemd[1]: pdns.service: Unit entered fai
Mai 23 09:14:34 localhost.localdomain systemd[1]: pdns.service: Failed with resu
Mai 23 09:14:35 localhost.localdomain systemd[1]: Stopped PowerDNS Authoritative 
 so it was started in principle at installation.
And because pdns-recursor was not running, 
 # netstat -ptuln | grep ":53 "
showed just tcp6 & udp6 both for 'named' as above. Nothing for plain port 53.

This must be something stupidly simple. I shall ask another person to try x64.

(In reply to Lewis Smith from comment #12)

Lewis,

Seems like you have BIND installed, which causes port conflict. Could you please stop it with "systemctl stop named" and try pdns again?

Dimitri - that was it! Stopped named, pdns started OK - but NOT at the same time pdns-recursor, which used to work once (now does again after update 22935).

BEFORE update: pdns-4.1.0-1.mga6
 # systemctl start pdns

 # systemctl -l status pdns
● pdns.service - PowerDNS Authoritative Server
   Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset:
   Active: active (running) since Mer 2018-05-23 20:44:26 CEST; 4min 26s ago
     Docs: man:pdns_server(1)
           man:pdns_control(1)
           https://doc.powerdns.com
 Main PID: 5749 (pdns_server)
   CGroup: /system.slice/pdns.service
           └─5749 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-sysl
then just as in comment 8 (except for 64-bit)

 # netstat -pantu | grep pdns
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      5749/pdns_server    
tcp6       0      0 :::53                   :::*                    LISTEN      5749/pdns_server    
udp        0      0 0.0.0.0:53              0.0.0.0:*                           5749/pdns_server    
udp6       0      0 :::53                   :::*                                5749/pdns_server    

 $ dig mageia.org @127.0.0.1 -p 53

; <<>> DiG 9.10.6-P1 <<>> mageia.org @127.0.0.1 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 12557
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;mageia.org.                    IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mer Mai 23 20:51:47 CEST 2018
;; MSG SIZE  rcvd: 39
=======================================
UPDATE to: pdns-4.1.2-1.mga6
which noted "recursion removed".

 # systemctl start pdns
 # systemctl -l status pdns
as before except for process numbers.
 # netstat -pantu | grep pdns
as before except for process numbers.
 $ dig mageia.org @127.0.0.1 -p 53
identical to before except for id number.

Update looks 64-bit OK. Adding a 32-bit OK for Herman c8.
Advisory from comment 5 + RPMs page.

Whiteboard: (none) => MGA6-64-OK MGA6-32-OK
Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0255.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED