Bind 9.9.4 DLZ LDAP , error in config file named.conf

Enrico Becchetti Gmail enrico.becchetti at gmail.com
Fri May 5 12:52:37 UTC 2017 

Hi Edda, yes yes yes !!!

Token was the problem , I changed all of them and now Bind works fine !!
Thanks you very much !

Best Regards
Enrico

Il 05/05/2017 14:27, Edda ha scritto:
> Hi Enrico,
>
> I recently ran into this with DLZ MySQL.
>
> The DLZ-tokens are no longer %zone%, %record% etc. but $zone$, 
> $record$ etc.
>
> Newer Bind versions state this in their examples. I don't know when 
> this was changed, sometime between 9.6.1 and 9.9.4. ;-)
>
> Best regards,
> Edda
>
> Am 05.05.17 um 11:53 schrieb Enrico Becchetti Gmail:
>> Dear Petr,
>> as you suggest I change the last lines of named.conf:
>>
>> ....
>> dlz "ldap zone" {
>>                 database "ldap 1 v3 simple {cn=Sync,dc=priv} {XXXXX} 
>> {10.0.99.11}
>> ldap:///dlzZoneName=%zone%,ou=dns,dc=priv???objectClass=dlzZone
>> ldap:///dlzHostName=%record%,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa))) 
>>
>> ldap:///dlzHostName=@,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa)) 
>>
>> ldap:///dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))"; 
>>
>> };
>>
>> but named-sdb  won't start.
>>
>> # systemctl start named-sdb
>> Job for named-sdb.service failed because the control process exited 
>> with error code. See "systemctl status named-sdb.service" and 
>> "journalctl -xe" for details.
>>
>> May  5 09:05:02 privgw named-sdb[31437]: Loading 'ldap zone' using 
>> driver ldap
>> May  5 09:05:02 privgw named-sdb[31437]: all nodes query must specify 
>> a search base
>> May  5 09:05:02 privgw named-sdb[31437]: SDLZ driver failed to load.
>> May  5 09:05:02 privgw named-sdb[31437]: DLZ driver failed to load.
>> May  5 09:05:02 privgw named-sdb[31437]: loading configuration: failure
>> May  5 09:05:02 privgw named-sdb[31437]: exiting (due to fatal error)
>> May  5 09:05:02 privgw systemd: named-sdb.service: control process 
>> exited, code=exited status=1
>> May  5 09:05:02 privgw systemd: Failed to start Berkeley Internet 
>> Name Domain (DNS).
>> May  5 09:05:02 privgw systemd: Unit named-sdb.service entered failed 
>> state.
>> May  5 09:05:02 privgw systemd: named-sdb.service failed.
>>
>> These are the highest level of debug.
>>
>> Have you got any ideas ?
>>
>> Ldap zone is o=Department , dc=priv , os=dns after that there are 
>> some dlzZonename: foo.wired.priv, bar.wired.priv and so on.
>>
>> Thanks a lot !
>> Best Regards
>> Enrico
>>
>> Il 04/05/17 18:50, Petr Mensik ha scritto:
>>> Dear Enrico,
>>>
>>> I have never configured DLZ zone myself.
>>> There is clear error: all nodes query must specify a search base
>>> I think it did not parse some query uri well. Could you add at least 
>>> -d 1 to OPTIONS in /etc/sysconfig/named and retry?
>>> It will provide more details about query before it fails.
>>>
>>> Just to be sure, do you really want ou=dns,dc=priv for lines 1 and 
>>> 2, but ou=dns,o=bind-dlz for lines 3 and 4? Are your data split 
>>> between them?
>>>
>>> Best regards,
>>> Petr
>>> -- 
>>> Petr Menšík
>>> Software Engineer
>>> Red Hat, http://www.redhat.com/
>>> email: pemensik at redhat.com  PGP: 65C6C973
>>>
>>> ----- Original Message -----
>>> From: "Enrico Becchetti Gmail" <enrico.becchetti at gmail.com>
>>> To: bind-users at lists.isc.org
>>> Sent: Wednesday, May 3, 2017 10:16:47 AM
>>> Subject: Bind 9.9.4 DLZ LDAP , error in config file named.conf
>>>
>>> Dear All, let me explain my issue.
>>> I've CentOS 5.5 with Bind version 9.6.1 and the most important item 
>>> for this setup
>>> is the integration with Ldap throught DLZ. So as you can imagine 
>>> I've named.conf
>>> with ldap servers but I haven't any zone file because all informations
>>> about hostname and IP are inside Ldap.
>>> In the following my named.conf file:
>>>
>>> options {
>>> directory "/var/named";
>>>
>>> listen-on-v6 { none; };
>>> listen-on { 127.0.0.1; ......
>>> omissis
>>> ................
>>> pid-file "/var/run/named/named.pid";
>>> };
>>> .....
>>> dlz "ldap zone" {
>>> database "ldap 1 v3 simple {cn=Sync,dc=priv} {PASSWORD} {10.0.0.1}
>>> ldap:///dlzZoneName=%zone%,ou=dns,dc=priv???objectClass=dlzZone
>>> ldap:///dlzHostName=%record%,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa))) 
>>>
>>> ldap:///dlzHostName=@,dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa)) 
>>>
>>> ldap:///dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa))) 
>>> ";
>>> };
>>>
>>> Ldap server is OpenLdap 2.4.11 with DLZ schema, with this setup name 
>>> resolution for zones "*.PRIV" works fine.
>>>
>>> This server is up and running from many years but now I need to 
>>> update to Centos 7, but
>>> with this OS update I also migrate to Bind 9.9.4 included in the 
>>> last Centos and this is my problem !
>>>
>>> Bind 9.9.4 with named.conf describe above failed during startup. 
>>> When I make "systemctl start named.sdb"
>>> I've this error:
>>>
>>> Job for named-sdb.service failed because the control process exited 
>>> with error code. See "systemctl status named-sdb.service" and 
>>> "journalctl -xe" for details.
>>>
>>> /var/log/messages:
>>>
>>> May 3 10:11:53 privgw systemd: Starting Generate rndc key for BIND 
>>> (DNS)...
>>> May 3 10:11:53 privgw systemd: Started Generate rndc key for BIND 
>>> (DNS).
>>> May 3 10:11:53 privgw systemd: Starting Berkeley Internet Name 
>>> Domain (DNS)...
>>> May 3 10:11:53 privgw bash: zone localhost/IN: loaded serial 2002081601
>>> May 3 10:11:53 privgw bash: zone 127.in-addr.arpa/IN: loaded serial 
>>> 2002081601
>>> May 3 10:11:53 privgw named-sdb[5307]: starting BIND 
>>> 9.9.4-RedHat-9.9.4-38.el7_3.3 -u named
>>> May 3 10:11:53 privgw named-sdb[5307]: built with 
>>> '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' 
>>> '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' 
>>> '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' 
>>> '--sysconfdir=/etc' '--datadir=/usr/share' 
>>> '--includedir=/usr/include' '--libdir=/usr/lib64' 
>>> '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' 
>>> '--mandir=/usr/share/man' '--infodir=/usr/share/info' 
>>> '--with-libtool' '--localstatedir=/var' '--enable-threads' 
>>> '--with-geoip' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' 
>>> '--with-pic' '--disable-static' '--disable-openssl-version-check' 
>>> '--enable-exportlib' '--with-export-libdir=/usr/lib64' 
>>> '--with-export-includedir=/usr/include' 
>>> '--includedir=/usr/include/bind9' '--enable-native-pkcs11' 
>>> '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' 
>>> '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' 
>>> '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' 
>>> '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' 
>>> '--enable-fixed-rrset' 
>>> '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 
>>> 'build_alias=x86_64-redhat-linux-gnu' 
>>> 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall 
>>> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong 
>>> --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 
>>> 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
>>> May 3 10:11:53 privgw named-sdb[5307]: 
>>> ----------------------------------------------------
>>> May 3 10:11:53 privgw named-sdb[5307]: BIND 9 is maintained by 
>>> Internet Systems Consortium,
>>> May 3 10:11:53 privgw named-sdb[5307]: Inc. (ISC), a non-profit 
>>> 501(c)(3) public-benefit
>>> May 3 10:11:53 privgw named-sdb[5307]: corporation. Support and 
>>> training for BIND 9 are
>>> May 3 10:11:53 privgw named-sdb[5307]: available at 
>>> https://www.isc.org/support
>>> May 3 10:11:53 privgw named-sdb[5307]: 
>>> ----------------------------------------------------
>>> May 3 10:11:53 privgw named-sdb[5307]: adjusted limit on open files 
>>> from 4096 to 1048576
>>> May 3 10:11:53 privgw named-sdb[5307]: found 1 CPU, using 1 worker 
>>> thread
>>> May 3 10:11:53 privgw named-sdb[5307]: using 1 UDP listener per 
>>> interface
>>> May 3 10:11:53 privgw named-sdb[5307]: using up to 4096 sockets
>>> May 3 10:11:53 privgw named-sdb[5307]: SDB ldap zone database module 
>>> loaded.
>>> May 3 10:11:53 privgw named-sdb[5307]: SDB postgreSQL DB zone 
>>> database module loaded.
>>> May 3 10:11:53 privgw named-sdb[5307]: SDB sqlite3 DB zone database 
>>> module loaded.
>>> May 3 10:11:53 privgw named-sdb[5307]: SDB directory DB zone 
>>> database module loaded.
>>> May 3 10:11:53 privgw named-sdb[5307]: loading configuration from 
>>> '/etc/named.conf'
>>> .......
>>> May 3 10:11:53 privgw named-sdb[5307]: Loading 'ldap zone' using 
>>> driver ldap
>>> May 3 10:11:53 privgw named-sdb[5307]: all nodes query must specify 
>>> a search base
>>> May 3 10:11:53 privgw named-sdb[5307]: SDLZ driver failed to load.
>>> May 3 10:11:53 privgw named-sdb[5307]: DLZ driver failed to load.
>>> May 3 10:11:53 privgw named-sdb[5307]: loading configuration: failure
>>> May 3 10:11:53 privgw named-sdb[5307]: exiting (due to fatal error)
>>> May 3 10:11:53 privgw systemd: named-sdb.service: control process 
>>> exited, code=exited status=1
>>> May 3 10:11:53 privgw systemd: Failed to start Berkeley Internet 
>>> Name Domain (DNS).
>>> May 3 10:11:53 privgw systemd: Unit named-sdb.service entered failed 
>>> state.
>>> May 3 10:11:53 privgw systemd: named-sdb.service failed.
>>>
>>> Any ideas ?
>>> Thanks in adavance for your help !
>>> Best Regards
>>> Willy
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>>> unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list