All, After update to Linux 4.10.1-1, Bind9 cannot connect to 127.0.0.1#953. This server has been flawless with Bind for 4 years. Now, for example attempting to sync zones: # rndc -V sync --clean create memory context create socket manager create task manager create task create logging context setting log tag creating log channel enabling log channel create parser get key decode base64 secret allocate data buffer sync post event using server 127.0.0.1 (127.0.0.1#953) create socket bind socket connect rndc: connect failed: 127.0.0.1#953: connection refused This began with the March 10 update. Now attempting to stop named results in a timeout: Mar 12 08:45:18 phoinix systemd[1]: Stopped Internet domain name server. Mar 12 08:45:18 phoinix systemd[1]: named.service: Unit entered failed state. Mar 12 08:45:18 phoinix systemd[1]: named.service: Failed with result 'timeout'. Attempting to start named, named never loads the zone files and never processes the libseccomp sandboxing active command during startup. Now, the total startup for named in the journal is: Mar 10 18:43:53 phoinix named[452]: starting BIND 9.11.0-P3 <id:4801fbc> Mar 10 18:43:53 phoinix named[452]: running on Linux x86_64 4.10.1-1-ARCH #1 SMP PREEMPT Sun Feb 26 21:08:53 UTC 2017 Mar 10 18:43:53 phoinix named[452]: built with '<snip stuff>' Mar 10 18:43:53 phoinix named[452]: running as: named -f -u named Mar 10 18:43:53 phoinix named[452]: ---------------------------------------------------- Mar 10 18:43:53 phoinix named[452]: BIND 9 is maintained by Internet Systems Consortium, Mar 10 18:43:53 phoinix named[452]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Mar 10 18:43:53 phoinix named[452]: corporation. Support and training for BIND 9 are Mar 10 18:43:53 phoinix named[452]: available at https://www.isc.org/support Mar 10 18:43:53 phoinix named[452]: ---------------------------------------------------- Mar 10 18:43:53 phoinix named[452]: adjusted limit on open files from 4096 to 1048576 Mar 10 18:43:53 phoinix named[452]: found 4 CPUs, using 4 worker threads Mar 10 18:43:53 phoinix named[452]: using 3 UDP listeners per interface Mar 10 18:43:53 phoinix named[452]: using up to 4096 sockets Where normally, the startup should continue with, e.g.: Feb 21 14:15:38 phoinix named[442]: libseccomp sandboxing active Feb 21 14:15:38 phoinix named[442]: loading configuration from '/etc/named.conf' Feb 21 14:15:38 phoinix named[442]: reading built-in trusted keys from file '/etc/bind.keys' Feb 21 14:15:38 phoinix named[442]: initializing GeoIP Country (IPv4) (type 1) DB Feb 21 14:15:38 phoinix named[442]: GEO-106FREE 20170207 Build 1 Copy Feb 21 14:15:38 phoinix named[442]: initializing GeoIP Country (IPv6) (type 12) DB Feb 21 14:15:38 phoinix named[442]: GEO-106FREE 20170207 Build 1 C Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv4) (type 2) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv4) (type 6) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv6) (type 30) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP City (IPv6) (type 31) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP Region (type 3) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP Region (type 7) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP ISP (type 4) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP Org (type 5) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP AS (type 9) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP Domain (type 11) DB not available Feb 21 14:15:38 phoinix named[442]: GeoIP NetSpeed (type 10) DB not available Feb 21 14:15:38 phoinix named[442]: using default UDP/IPv4 port range: [32768, 60999] Feb 21 14:15:38 phoinix named[442]: using default UDP/IPv6 port range: [32768, 60999] Feb 21 14:15:38 phoinix named[442]: listening on IPv4 interface lo, 127.0.0.1#53 Feb 21 14:15:38 phoinix named[442]: listening on IPv4 interface enp0s10, 192.168.7.16#53 Feb 21 14:15:38 phoinix named[442]: generating session key for dynamic DNS Feb 21 14:15:38 phoinix named[442]: sizing zone task pool based on 5 zones Feb 21 14:15:38 phoinix named[442]: 'max-cache-size 90%' - setting to 7189MB (out of 7988MB) Feb 21 14:15:38 phoinix named[442]: set up managed keys zone for view _default, file 'managed-keys.bind' Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 10.IN-ADDR.ARPA Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 16.172.IN-ADDR.ARPA Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 17.172.IN-ADDR.ARPA Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 18.172.IN-ADDR.ARPA Feb 21 14:15:38 phoinix named[442]: automatic empty zone: 19.172.IN-ADDR.ARPA For some reason the 'libseccomp sandboxing active' command never issues and /etc/named.conf is never processed. I have not touched the configuration here in a "long long time..." Is this a kernel bug, a libseccomp bug, what? -- David C. Rankin, J.D.,P.E.
