Writeable file already in use

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

Writeable file already in use

Sathyan Arjunan
Team,

Recently, I updated my bind from 9.9.5 to 9.9.8-P2 from then I seen problems with me named configuration. Interestingly, I seen this problem only on my slaves NOT on Master DNS.

I am using multiple zones pointing to a same file. This configuration has been in place for nearly 10 years with no issues...

Zone config on Master: ###No issues with Master###

 zone "domain1.com." {type master; file "db.file-1"; };
 zone "domain2.com." {type master; file "db.file-1"; };
 zone "domain3.com." {type master; file "db.file-1"; };

Zone config on Slave:

zone "domain1.com." {type slave; file "db.file-1"; masters { x.x.x.x; }; allow-query { any; }; };
zone "domain2.com." { type slave; file "db.file-1"; masters { x.x.x.x; }; allow-query { any; }; };
zone "domain3.com." { type slave; file "db.file-1"; masters{ x.x.x.x; }; allow-query { any; }; };

Below is the errors i seen from named on my slave dns

: named.conf:584: writeable file 'db.file-1': already in use: named.conf:194


Please advise...

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Reindl Harald


Am 05.01.2016 um 01:13 schrieb Sathyan Arjunan:
> Recently, I updated my bind from 9.9.5 to 9.9.8-P2 from then I seen
> problems with me named configuration. Interestingly, I seen this problem
> only on my slaves NOT on Master DNS.
>
> I am using multiple zones pointing to a same file

this is not supported - period


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Evan Hunt
In reply to this post by Sathyan Arjunan
On Mon, Jan 04, 2016 at 05:13:55PM -0700, Sathyan Arjunan wrote:
> Recently, I updated my bind from 9.9.5 to 9.9.8-P2 from then I seen
> problems with me named configuration. Interestingly, I seen this problem
> only on my slaves NOT on Master DNS.
>
> I am using multiple zones pointing to a same file. This configuration has
> been in place for nearly 10 years with no issues...

It's actually an error and always has been.  Having named write to the
same file for multiple zones is risky; they can step on each other and
cause load failures later.  The only change is that named will now
prevent you from making this mistake.

> Zone config on Master: ###No issues with Master###
>
>  zone "domain1.com." {type master; file "db.file-1"; };
>  zone "domain2.com." {type master; file "db.file-1"; };
>  zone "domain3.com." {type master; file "db.file-1"; };

On the master server, named doesn't write to zone files (unless the
zone is dynamically updatable) so this isn't an error.

> zone "domain1.com." {type slave; file "db.file-1"; masters { x.x.x.x; };
> allow-query { any; }; };
> zone "domain2.com." { type slave; file "db.file-1"; masters { x.x.x.x; };
> allow-query { any; }; };
> zone "domain3.com." { type slave; file "db.file-1"; masters{ x.x.x.x; };
> allow-query { any; }; };
>
> Below is the errors i seen from named on my slave dns
>
> : named.conf:584: writeable file 'db.file-1': already in use: named.conf:194

On a slave server, named transfers the zone from elsewhere and writes a
copy into a local file.  These all need to be different files.

> Please advise...

Change the filenames on the slave, or just don't have a "file" option
in the slave zone configuration.

--
Evan Hunt -- [hidden email]
Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Jan-Piet Mens
> Change the filenames on the slave, or just don't have a "file" option
> in the slave zone configuration.

I was going to yell "TIL from Evan, that 'file' is optional for a
slave", but

        /etc/named.conf:545: zone 'example.com': missing 'file' entry

This is on 9.10.3. Did I misunderstand you?

        -JP
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Evan Hunt
> I was going to yell "TIL from Evan, that 'file' is optional for a
> slave", but
>
>         /etc/named.conf:545: zone 'example.com': missing 'file' entry
>
> This is on 9.10.3. Did I misunderstand you?

Do you use inline-signing?  It's mandatory in that case (named needs to
know where to put the .signed file and the journal files), but I believe
it's optional otherwise.

--
Evan Hunt -- [hidden email]
Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Jan-Piet Mens
> but I believe it's optional otherwise.

You are correct (of course). I had inline signing enabled.

For a non-signed zone I note the transfer indeed works without a 'file'
specification, and I note it's not stored on file anywhere (just in
core).

Thanks for clarifying.

        -JP
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Tony Finch
Jan-Piet Mens <[hidden email]> wrote:
>
> For a non-signed zone I note the transfer indeed works without a 'file'
> specification, and I note it's not stored on file anywhere (just in
> core).

Yes, so (as you have probably guessed) the server has to retransfer the
zone from scratch when it is restarted. This might make you sad if you
have lots of zones or large zones.

Tony.
--
f.anthony.n.finch  <[hidden email]>  http://dotat.at/
Hebrides, Bailey, Fair Isle: Easterly or southeasterly 5 to 7, occasionally
gale 8 in Fair Isle, decreasing 4 at times. Moderate or rough, occasionally
very rough in Fair Isle. Showers, wintry in Fair Isle. Good, occasionally poor
in Fair Isle.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Jan-Piet Mens
> This might make you sad if you have lots of zones or large zones.

.. or even just want to look at what was transferred (whitout having to
recurse to a `dig axfr').

I see no reason to omit 'file' (except on a diskless slave ;-)

        -JP
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Timothe Litt
In reply to this post by Sathyan Arjunan
Jan-Piet Mens [hidden email] wrote:
This might make you sad if you have lots of zones or large zones.
.. or even just want to look at what was transferred (whitout having to
recurse to a `dig axfr').

I see no reason to omit 'file' (except on a diskless slave 
Or if you care about availability, which is a strong reason for having a slave in the first place. (Performance is the other.)

If a diskless slave restarts when the master is down, it has no data to serve.  This will also make you (or your clients) sad, even if you only have a few small zones  :-(    

I agree - don't omit 'file', except on a diskless slave.  Don't try to share the file, even when it seems to work.  And think twice about why you have a diskless slave...

The only fault that I find with bind's decision to prohibit shared writable files is that it took so long to arrive.  Instead of complaining, which seems to appear here every few months, the response should be "Thank you - for finally preventing this disastrous misconfiguration."

I've lost count of how many times I've encountered someone who had corruption due to this misconfiguration.   There are many (working) ways to replicate data.  Among them: in-view, dname, external scripts to copy files, external tools that write records to multiple files, replicators triggered by file writes (e.g. inotify) or database update triggers ....

Although I remember when a 1MB ("hard") disk was huge - today disk space is cheap.  Don't trade a few MB (or GB) of space for eventual data corruption.  And the manpower to implement any of the above is far less that that spent on recovering from corruption, which can go undetected for a long time.  [And usually, the folks who run into it haven't tested their backups...]

As for the "I know I'll never have bind update that zone" - that may be true today.  But it changes -- perhaps when your successor discovers it.  Either a tool requires dynamic update, or someone discovers signed zones, or realizes that dnssec maintain saves a lot of work, or the next technology comes along.  To misappropriate a K&R quote - "Your constant is my variable".  Or the ever popular "If you don't take the time to do it right, you'll have to make the time to do it over...and over again".

Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Alan Clegg
In reply to this post by Jan-Piet Mens
On 1/5/16 6:26 AM, Jan-Piet Mens wrote:
>> This might make you sad if you have lots of zones or large zones.
>
> .. or even just want to look at what was transferred (whitout having to
> recurse to a `dig axfr').
>
> I see no reason to omit 'file' (except on a diskless slave ;-)

I ran into one exception to this rule - it seemed that the customer had
security requirements that did not allow "transient data" to be written
to disk.  They had to make sure that if the physical device was stolen,
all of their zone data didn't follow it out the door.

AlanC
--
Why don't we wander and follow la vie dansante.


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (573 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Barry Margolin
In reply to this post by Jan-Piet Mens
In article <[hidden email]>,
 Alan Clegg <[hidden email]> wrote:

> On 1/5/16 6:26 AM, Jan-Piet Mens wrote:
> >> This might make you sad if you have lots of zones or large zones.
> >
> > .. or even just want to look at what was transferred (whitout having to
> > recurse to a `dig axfr').
> >
> > I see no reason to omit 'file' (except on a diskless slave ;-)
>
> I ran into one exception to this rule - it seemed that the customer had
> security requirements that did not allow "transient data" to be written
> to disk.  They had to make sure that if the physical device was stolen,
> all of their zone data didn't follow it out the door.

The in-memory copy is likely to end up in the swap partition.

--
Barry Margolin
Arlington, MA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Ray Bellis
On 05/01/2016 17:03, Barry Margolin wrote:

> The in-memory copy is likely to end up in the swap partition.

A swap partition?   I don't think I've seen one of those for years...

Ray


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Reindl Harald
In reply to this post by Barry Margolin


Am 05.01.2016 um 18:03 schrieb Barry Margolin:

> In article <[hidden email]>,
>   Alan Clegg <[hidden email]> wrote:
>
>> On 1/5/16 6:26 AM, Jan-Piet Mens wrote:
>>>> This might make you sad if you have lots of zones or large zones.
>>>
>>> .. or even just want to look at what was transferred (whitout having to
>>> recurse to a `dig axfr').
>>>
>>> I see no reason to omit 'file' (except on a diskless slave ;-)
>>
>> I ran into one exception to this rule - it seemed that the customer had
>> security requirements that did not allow "transient data" to be written
>> to disk.  They had to make sure that if the physical device was stolen,
>> all of their zone data didn't follow it out the door.
>
> The in-memory copy is likely to end up in the swap partition
a proper dimensioned server has no swap partition at all, at least no
one od the servers i am responsible since 2008 had one and *for sure*
the memory requirement of a authoritative nameserver is pretty clear to
don#t need it


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Writeable file already in use

Kevin Darcy
http://unix.stackexchange.com/questions/190398/do-i-need-swap-space-if-i-have-more-than-enough-amount-of-ram

                                                                                - Kevin

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Reindl Harald
Sent: Tuesday, January 05, 2016 12:19 PM
To: [hidden email]
Subject: Re: Writeable file already in use



Am 05.01.2016 um 18:03 schrieb Barry Margolin:

> In article <[hidden email]>,
>   Alan Clegg <[hidden email]> wrote:
>
>> On 1/5/16 6:26 AM, Jan-Piet Mens wrote:
>>>> This might make you sad if you have lots of zones or large zones.
>>>
>>> .. or even just want to look at what was transferred (whitout having
>>> to recurse to a `dig axfr').
>>>
>>> I see no reason to omit 'file' (except on a diskless slave ;-)
>>
>> I ran into one exception to this rule - it seemed that the customer
>> had security requirements that did not allow "transient data" to be
>> written to disk.  They had to make sure that if the physical device
>> was stolen, all of their zone data didn't follow it out the door.
>
> The in-memory copy is likely to end up in the swap partition

a proper dimensioned server has no swap partition at all, at least no one od the servers i am responsible since 2008 had one and *for sure* the memory requirement of a authoritative nameserver is pretty clear to don#t need it

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Reindl Harald


Am 05.01.2016 um 19:05 schrieb Darcy Kevin (FCA):
> http://unix.stackexchange.com/questions/190398/do-i-need-swap-space-if-i-have-more-than-enough-amount-of-ram

and the answer is clearly NO if you have *enough* RAM
you just have to define the "enough"

which means your workload and your useful buffercache fits in

when a have a machine (in my case only VMs) running over a full month
with a 1 GB swap file and it's not used with a single MB i do NOT need
stackexchange to answer that question

a dedicated authoritative-only namserver and to utilize the ressources a
containered asterisk with hylafax and even a tiny webserver with a
mysqld for the addressbook are doing that with 1.5 GB RAM:

[root@asterisk:~]$ free
               total        used        free      shared  buff/cache
available
Mem:           1,5G        150M        886M         18M        460M
    1,3G
Swap:            0B          0B          0B

what do you want to swap out there?

the machine has all blocks of the disks it ever accessed, the software
and the data in it's memory and would not come to the idea swap anything
out anyways

> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Reindl Harald
> Sent: Tuesday, January 05, 2016 12:19 PM
> To: [hidden email]
> Subject: Re: Writeable file already in use
>
>
>
> Am 05.01.2016 um 18:03 schrieb Barry Margolin:
>> In article <[hidden email]>,
>>    Alan Clegg <[hidden email]> wrote:
>>
>>> On 1/5/16 6:26 AM, Jan-Piet Mens wrote:
>>>>> This might make you sad if you have lots of zones or large zones.
>>>>
>>>> .. or even just want to look at what was transferred (whitout having
>>>> to recurse to a `dig axfr').
>>>>
>>>> I see no reason to omit 'file' (except on a diskless slave ;-)
>>>
>>> I ran into one exception to this rule - it seemed that the customer
>>> had security requirements that did not allow "transient data" to be
>>> written to disk.  They had to make sure that if the physical device
>>> was stolen, all of their zone data didn't follow it out the door.
>>
>> The in-memory copy is likely to end up in the swap partition
>
> a proper dimensioned server has no swap partition at all, at least no one od the servers i am responsible since 2008 had one and *for sure* the memory requirement of a authoritative nameserver is pretty clear to don#t need it


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Writeable file already in use

Reindl Harald
and to finish that topic:

in days of zram (it's in the mainline kernel for a long time -
https://www.kernel.org/doc/Documentation/blockdev/zram.txt) when you
think you need some swap for whatever reason you use that just because
modern hardware has left so many cpu cycles left that it don't need
measurable ressources and it#s way faster

Am 05.01.2016 um 19:19 schrieb Reindl Harald:

> Am 05.01.2016 um 19:05 schrieb Darcy Kevin (FCA):
>> http://unix.stackexchange.com/questions/190398/do-i-need-swap-space-if-i-have-more-than-enough-amount-of-ram
>>
>
> and the answer is clearly NO if you have *enough* RAM
> you just have to define the "enough"
>
> which means your workload and your useful buffercache fits in
>
> when a have a machine (in my case only VMs) running over a full month
> with a 1 GB swap file and it's not used with a single MB i do NOT need
> stackexchange to answer that question
>
> a dedicated authoritative-only namserver and to utilize the ressources a
> containered asterisk with hylafax and even a tiny webserver with a
> mysqld for the addressbook are doing that with 1.5 GB RAM:
>
> [root@asterisk:~]$ free
>                total        used        free      shared  buff/cache
> available
> Mem:           1,5G        150M        886M         18M        460M    1,3G
> Swap:            0B          0B          0B
>
> what do you want to swap out there?
>
> the machine has all blocks of the disks it ever accessed, the software
> and the data in it's memory and would not come to the idea swap anything
> out anyways
>
>> -----Original Message-----
>> From: [hidden email]
>> [mailto:[hidden email]] On Behalf Of Reindl Harald
>> Sent: Tuesday, January 05, 2016 12:19 PM
>> To: [hidden email]
>> Subject: Re: Writeable file already in use
>>
>>
>>
>> Am 05.01.2016 um 18:03 schrieb Barry Margolin:
>>> In article <[hidden email]>,
>>>    Alan Clegg <[hidden email]> wrote:
>>>
>>>> On 1/5/16 6:26 AM, Jan-Piet Mens wrote:
>>>>>> This might make you sad if you have lots of zones or large zones.
>>>>>
>>>>> .. or even just want to look at what was transferred (whitout having
>>>>> to recurse to a `dig axfr').
>>>>>
>>>>> I see no reason to omit 'file' (except on a diskless slave ;-)
>>>>
>>>> I ran into one exception to this rule - it seemed that the customer
>>>> had security requirements that did not allow "transient data" to be
>>>> written to disk.  They had to make sure that if the physical device
>>>> was stolen, all of their zone data didn't follow it out the door.
>>>
>>> The in-memory copy is likely to end up in the swap partition
>>
>> a proper dimensioned server has no swap partition at all, at least no
>> one od the servers i am responsible since 2008 had one and *for sure*
>> the memory requirement of a authoritative nameserver is pretty clear
>> to don't need it

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (188 bytes) Download Attachment