Bind 9.9.4 DLZ LDAP , error in config file named.conf

Enrico Becchetti Gmail enrico.becchetti at gmail.com
Fri May 5 09:53:43 UTC 2017 

Dear Petr,
as you suggest I change the last lines of named.conf:

....
dlz "ldap zone" {
                 database "ldap 1 v3 simple {cn=Sync,dc=priv} {XXXXX} 
{10.0.99.11}
ldap:///dlzZoneName=%zone%,ou=dns,dc=priv???objectClass=dlzZone
ldap:///dlzHostName=%record%,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa)))
ldap:///dlzHostName=@,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa))
ldap:///dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))";
};

but named-sdb  won't start.

# systemctl start named-sdb
Job for named-sdb.service failed because the control process exited with 
error code. See "systemctl status named-sdb.service" and "journalctl 
-xe" for details.

May  5 09:05:02 privgw named-sdb[31437]: Loading 'ldap zone' using 
driver ldap
May  5 09:05:02 privgw named-sdb[31437]: all nodes query must specify a 
search base
May  5 09:05:02 privgw named-sdb[31437]: SDLZ driver failed to load.
May  5 09:05:02 privgw named-sdb[31437]: DLZ driver failed to load.
May  5 09:05:02 privgw named-sdb[31437]: loading configuration: failure
May  5 09:05:02 privgw named-sdb[31437]: exiting (due to fatal error)
May  5 09:05:02 privgw systemd: named-sdb.service: control process 
exited, code=exited status=1
May  5 09:05:02 privgw systemd: Failed to start Berkeley Internet Name 
Domain (DNS).
May  5 09:05:02 privgw systemd: Unit named-sdb.service entered failed state.
May  5 09:05:02 privgw systemd: named-sdb.service failed.

These are the highest level of debug.

Have you got any ideas ?

Ldap zone is o=Department , dc=priv , os=dns after that there are some 
dlzZonename: foo.wired.priv, bar.wired.priv and so on.

Thanks a lot !
Best Regards
Enrico

Il 04/05/17 18:50, Petr Mensik ha scritto:
> Dear Enrico,
>
> I have never configured DLZ zone myself.
> There is clear error: all nodes query must specify a search base
> I think it did not parse some query uri well. Could you add at least -d 1 to OPTIONS in /etc/sysconfig/named and retry?
> It will provide more details about query before it fails.
>
> Just to be sure, do you really want ou=dns,dc=priv for lines 1 and 2, but ou=dns,o=bind-dlz for lines 3 and 4? Are your data split between them?
>
> Best regards,
> Petr
> --
> Petr Menšík
> Software Engineer
> Red Hat, http://www.redhat.com/
> email: pemensik at redhat.com  PGP: 65C6C973
>
> ----- Original Message -----
> From: "Enrico Becchetti Gmail" <enrico.becchetti at gmail.com>
> To: bind-users at lists.isc.org
> Sent: Wednesday, May 3, 2017 10:16:47 AM
> Subject: Bind 9.9.4 DLZ LDAP , error in config file named.conf
>
> Dear All, let me explain my issue.
> I've CentOS 5.5 with Bind version 9.6.1 and the most important item for this setup
> is the integration with Ldap throught DLZ. So as you can imagine I've named.conf
> with ldap servers but I haven't any zone file because all informations
> about hostname and IP are inside Ldap.
> In the following my named.conf file:
>
> options {
> directory "/var/named";
>
> listen-on-v6 { none; };
> listen-on { 127.0.0.1; ......
> omissis
> ................
> pid-file "/var/run/named/named.pid";
> };
> .....
> dlz "ldap zone" {
> database "ldap 1 v3 simple {cn=Sync,dc=priv} {PASSWORD} {10.0.0.1}
> ldap:///dlzZoneName=%zone%,ou=dns,dc=priv???objectClass=dlzZone
> ldap:///dlzHostName=%record%,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa)))
> ldap:///dlzHostName=@,dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa))
> ldap:///dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa))) ";
> };
>
> Ldap server is OpenLdap 2.4.11 with DLZ schema, with this setup name resolution for zones "*.PRIV" works fine.
>
> This server is up and running from many years but now I need to update to Centos 7, but
> with this OS update I also migrate to Bind 9.9.4 included in the last Centos and this is my problem !
>
> Bind 9.9.4 with named.conf describe above failed during startup. When I make "systemctl start named.sdb"
> I've this error:
>
> Job for named-sdb.service failed because the control process exited with error code. See "systemctl status named-sdb.service" and "journalctl -xe" for details.
>
> /var/log/messages:
>
> May 3 10:11:53 privgw systemd: Starting Generate rndc key for BIND (DNS)...
> May 3 10:11:53 privgw systemd: Started Generate rndc key for BIND (DNS).
> May 3 10:11:53 privgw systemd: Starting Berkeley Internet Name Domain (DNS)...
> May 3 10:11:53 privgw bash: zone localhost/IN: loaded serial 2002081601
> May 3 10:11:53 privgw bash: zone 127.in-addr.arpa/IN: loaded serial 2002081601
> May 3 10:11:53 privgw named-sdb[5307]: starting BIND 9.9.4-RedHat-9.9.4-38.el7_3.3 -u named
> May 3 10:11:53 privgw named-sdb[5307]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--with-geoip' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--enable-fixed-rrset' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
> May 3 10:11:53 privgw named-sdb[5307]: ----------------------------------------------------
> May 3 10:11:53 privgw named-sdb[5307]: BIND 9 is maintained by Internet Systems Consortium,
> May 3 10:11:53 privgw named-sdb[5307]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
> May 3 10:11:53 privgw named-sdb[5307]: corporation. Support and training for BIND 9 are
> May 3 10:11:53 privgw named-sdb[5307]: available at https://www.isc.org/support
> May 3 10:11:53 privgw named-sdb[5307]: ----------------------------------------------------
> May 3 10:11:53 privgw named-sdb[5307]: adjusted limit on open files from 4096 to 1048576
> May 3 10:11:53 privgw named-sdb[5307]: found 1 CPU, using 1 worker thread
> May 3 10:11:53 privgw named-sdb[5307]: using 1 UDP listener per interface
> May 3 10:11:53 privgw named-sdb[5307]: using up to 4096 sockets
> May 3 10:11:53 privgw named-sdb[5307]: SDB ldap zone database module loaded.
> May 3 10:11:53 privgw named-sdb[5307]: SDB postgreSQL DB zone database module loaded.
> May 3 10:11:53 privgw named-sdb[5307]: SDB sqlite3 DB zone database module loaded.
> May 3 10:11:53 privgw named-sdb[5307]: SDB directory DB zone database module loaded.
> May 3 10:11:53 privgw named-sdb[5307]: loading configuration from '/etc/named.conf'
> .......
> May 3 10:11:53 privgw named-sdb[5307]: Loading 'ldap zone' using driver ldap
> May 3 10:11:53 privgw named-sdb[5307]: all nodes query must specify a search base
> May 3 10:11:53 privgw named-sdb[5307]: SDLZ driver failed to load.
> May 3 10:11:53 privgw named-sdb[5307]: DLZ driver failed to load.
> May 3 10:11:53 privgw named-sdb[5307]: loading configuration: failure
> May 3 10:11:53 privgw named-sdb[5307]: exiting (due to fatal error)
> May 3 10:11:53 privgw systemd: named-sdb.service: control process exited, code=exited status=1
> May 3 10:11:53 privgw systemd: Failed to start Berkeley Internet Name Domain (DNS).
> May 3 10:11:53 privgw systemd: Unit named-sdb.service entered failed state.
> May 3 10:11:53 privgw systemd: named-sdb.service failed.
>
> Any ideas ?
> Thanks in adavance for your help !
> Best Regards
> Willy
>
>
>
>
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list