Bind 9.9.4 DLZ LDAP , error in config file named.conf

Enrico Becchetti Gmail enrico.becchetti at gmail.com
Wed May 3 08:16:47 UTC 2017 

   Dear All, let me explain my issue.
I've CentOS 5.5 with Bind version 9.6.1 and the most important item for 
this setup
is the integration with Ldap throught DLZ. So as you can imagine I've 
named.conf
with ldap servers but I haven't any zone file because all informations
about hostname and IP are inside Ldap.
In the following my named.conf file:

options {
     directory "/var/named";

     listen-on-v6 { none; };
         listen-on { 127.0.0.1; ......
                         omissis
                         ................
     pid-file "/var/run/named/named.pid";
};
.....
dlz "ldap zone" {
         database "ldap 1 v3 simple {cn=Sync,dc=priv} {PASSWORD} {10.0.0.1}
ldap:///dlzZoneName=%zone%,ou=dns,dc=priv???objectClass=dlzZone
ldap:///dlzHostName=%record%,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa)))
ldap:///dlzHostName=@,dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa))
ldap:///dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))";
};

Ldap server is OpenLdap 2.4.11 with DLZ schema, with this setup name 
resolution for zones "*.PRIV" works fine.

This server is up and running from many years but now I need to update 
to Centos 7, but
with this OS update I also migrate to Bind 9.9.4 included in the last 
Centos and this is my problem !

Bind 9.9.4 with named.conf describe above failed during startup. When I 
make "systemctl start named.sdb"
I've this error:

/Job for named-sdb.service failed because the control process exited 
with error code. See "systemctl status named-sdb.service" and 
"journalctl -xe" for details./

/var/log/messages:

/May  3 10:11:53 privgw systemd: Starting Generate rndc key for BIND 
(DNS)...//
//May  3 10:11:53 privgw systemd: Started Generate rndc key for BIND 
(DNS).//
//May  3 10:11:53 privgw systemd: Starting Berkeley Internet Name Domain 
(DNS)...//
//May  3 10:11:53 privgw bash: zone localhost/IN: loaded serial 2002081601//
//May  3 10:11:53 privgw bash: zone 127.in-addr.arpa/IN: loaded serial 
2002081601//
//May  3 10:11:53 privgw named-sdb[5307]: starting BIND 
9.9.4-RedHat-9.9.4-38.el7_3.3 -u named//
//May  3 10:11:53 privgw named-sdb[5307]: built with 
'--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' 
'--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' 
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' 
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' 
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec' 
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man' 
'--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' 
'--enable-threads' '--with-geoip' '--enable-ipv6' '--enable-filter-aaaa' 
'--enable-rrl' '--with-pic' '--disable-static' 
'--disable-openssl-version-check' '--enable-exportlib' 
'--with-export-libdir=/usr/lib64' 
'--with-export-includedir=/usr/include' 
'--includedir=/usr/include/bind9' '--enable-native-pkcs11' 
'--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' 
'--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' 
'--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' 
'--disable-isc-spnego' '--enable-fixed-rrset' 
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 
'build_alias=x86_64-redhat-linux-gnu' 
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong 
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 
'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'//
//May  3 10:11:53 privgw named-sdb[5307]: 
----------------------------------------------------//
//May  3 10:11:53 privgw named-sdb[5307]: BIND 9 is maintained by 
Internet Systems Consortium,//
//May  3 10:11:53 privgw named-sdb[5307]: Inc. (ISC), a non-profit 
501(c)(3) public-benefit//
//May  3 10:11:53 privgw named-sdb[5307]: corporation.  Support and 
training for BIND 9 are//
//May  3 10:11:53 privgw named-sdb[5307]: available at 
https://www.isc.org/support//
//May  3 10:11:53 privgw named-sdb[5307]: 
----------------------------------------------------//
//May  3 10:11:53 privgw named-sdb[5307]: adjusted limit on open files 
from 4096 to 1048576//
//May  3 10:11:53 privgw named-sdb[5307]: found 1 CPU, using 1 worker 
thread//
//May  3 10:11:53 privgw named-sdb[5307]: using 1 UDP listener per 
interface//
//May  3 10:11:53 privgw named-sdb[5307]: using up to 4096 sockets//
//May  3 10:11:53 privgw named-sdb[5307]: SDB ldap zone database module 
loaded.//
//May  3 10:11:53 privgw named-sdb[5307]: SDB postgreSQL DB zone 
database module loaded.//
//May  3 10:11:53 privgw named-sdb[5307]: SDB sqlite3 DB zone database 
module loaded.//
//May  3 10:11:53 privgw named-sdb[5307]: SDB directory DB zone database 
module loaded.//
//May  3 10:11:53 privgw named-sdb[5307]: loading configuration from 
'/etc/named.conf'//
//.......//
//May  3 10:11:53 privgw named-sdb[5307]: Loading 'ldap zone' using 
driver ldap//
//May  3 10:11:53 privgw named-sdb[5307]: all nodes query must specify a 
search base//
//May  3 10:11:53 privgw named-sdb[5307]: SDLZ driver failed to load.//
//May  3 10:11:53 privgw named-sdb[5307]: DLZ driver failed to load.//
//May  3 10:11:53 privgw named-sdb[5307]: loading configuration: failure//
//May  3 10:11:53 privgw named-sdb[5307]: exiting (due to fatal error)//
//May  3 10:11:53 privgw systemd: named-sdb.service: control process 
exited, code=exited status=1//
//May  3 10:11:53 privgw systemd: Failed to start Berkeley Internet Name 
Domain (DNS).//
//May  3 10:11:53 privgw systemd: Unit named-sdb.service entered failed 
state.//
//May  3 10:11:53 privgw systemd: named-sdb.service failed.//
/
Any ideas ?
Thanks in adavance for your help !
Best Regards
Willy





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170503/0a802ed4/attachment.html>

More information about the bind-users mailing list