Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at

Bug 1465187

Summary: bind-dyndb-ldap needs rebuild against bind 9.11.1
Product: [Fedora] Fedora Reporter: Stephen Gallagher <sgallagh>
Component: bind-dyndb-ldapAssignee: Tomas Krizek <tkrizek>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 26CC: awilliam, kevin, pbrobinson, pemensik, robatino, thozza, tkrizek, vonsch
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: AcceptedBlocker
Fixed In Version: bind-dyndb-ldap-11.1-4.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-28 03:52:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1349188    
Description Flags
Proposed bump and rebuild patch for bind-dyndb-ldap none

Description Stephen Gallagher 2017-06-27 00:00:05 UTC
Created attachment 1292076 [details]
Proposed bump and rebuild patch for bind-dyndb-ldap

Description of problem:
BIND was updated to version 9.11.1 in Fedora 26, which included a soname bump of libdns from to As a result, upgrading bind will conflict with bind-dyndb-ldap and cause failures. Attempts to update with `dnf update --allowerasing --best` will cause bind-dyndb-ldap to be removed, potentially breaking a FreeIPA installation.

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1. Install FreeIPA with DNS support which includes bind-dyndb-ldap
2. Update bind to bind-9.11.1-1.P1.fc26

Actual results:
DNF fails (or, in the case of `--allowerasing --best`, removes bind-dyndb-ldap, breaking FreeIPA)

Expected results:
Packages are updated correctly and the system continues to function as expected.

Additional info:
Proposing as a Final Blocker by the final release criterion: "All functional requirements for all Featured Server Roles must be met, without any workarounds being necessary."

The functional requirements[1] for the domain controller role includes "The Domain Controller must be capable of serving DNS host records on port 53"


Comment 1 Fedora Update System 2017-06-27 11:33:14 UTC
bind-dyndb-ldap-11.1-4.fc26 has been submitted as an update to Fedora 26.

Comment 2 Fedora Update System 2017-06-27 20:26:59 UTC
bind-dyndb-ldap-11.1-4.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See for
instructions on how to install test updates.
You can provide feedback for this update here:

Comment 3 Adam Williamson 2017-06-27 23:27:59 UTC
In fact this is an even more straightforward blocker: deployment of the domain controller (FreeIPA server) role fails with the updates-testing repository disabled (which is how the final release would ship, of course):

+1 blocker. I've asked the person who submitted the BIND update to be mindful of the updates policy rules about interdependent packages in future.

Comment 4 Kevin Fenzi 2017-06-27 23:30:04 UTC
+1 blocker

Comment 5 Adam Williamson 2017-06-27 23:40:24 UTC
That's +3, which seems enough as this one is a very clear and pretty undebatable blocker.

Comment 6 Fedora Update System 2017-06-28 03:52:23 UTC
bind-dyndb-ldap-11.1-4.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.