Slashdot Mirror

← Back to Stories (view on slashdot.org)

RHN Bind Update Brings Down RHEL Named

Posted by kdawson on from the remind-me-of-your-name-again dept.

alexs writes "Red Hat's response to update bind through RHN, patching the DNS hole, made a fatal error which will revert all name servers to caching only servers. This meant that anyone running their own DNS service promptly lost all of their DNS records for which they were acting as primary or secondary name servers. Expect quite a few services provided by servers running RHEL to, errr, die until their system administrators can restore their named.conf. Instead of installing etc/named.conf to etc/named.rpmnew, Red Hat moved the current etc/named.conf to etc/named.conf.rpmsave and replaced etc/named.conf with the default caching only configuration. The fix is easy enough, but this is a schoolboy error which I am surprised Red Hat made. Unfortunately we were hit and our servers went down overnight while RHN dropped its bomb and I am frankly surprised there has not been more of an uproar about this."

3 of 312 comments (clear)

  1. Re:MS by Minwee · · Score: 0, Troll

    If it was a Microsoft product, we'd all be carrying pitchforks and torches....

    If it was a Microsoft product, we'd still be waiting for the patch.

  2. Re:No worries by ettlz · · Score: 0, Troll

    I don't need to worry about that, I run Debian

    Ah, well then, you just keep on rolling them dice, OK?

  3. Re:MS by Sleepy · · Score: 0, Troll

    I'm sorry, this isn't a bug. You just don't understand servers I guess. Let me explain:

    When you customize a server's configuration file, you save the .conf file somewhere safe.
    You might even copy it to another system.

    When you roll out updates, it is ROUTINE for the new software to backup the old conf file and install a new one.
    This is completely standard.

    If you've done ANY customizing in your conf file, you don't want to lose it: you diff the .rpmsave vs the new, and copy in the old settings (or copy the old file over the new, if there are no major additions to the conf). In UNIX, you keep your config just like in Windows you reboot for everything. It's part of the process.

    Even a 1st year novice admin knows this! And my statements here fall WELL SHORT of what some people are suggesting (a pair of upgrade-test servers that soak the release before you go live*).

    I'm sorry, but "alexs" is a DUMMY. He does not know "best practices". He compounds his mistake by complaining and pointing blams on /.
    If alexs /. handle can be associated with his real name, someday he will be embarrassed by this when a job interviewer brings up this episode.

    (BTW, if it were a Microsoft product, you'd have NO WAY of auditing the changes.. so you could never get by without more testing than I outlined here).