Hi Enrico,
I recently ran into this with DLZ MySQL.
The DLZ-tokens are no longer %zone%, %record% etc. but $zone$, $record$ etc.
Newer Bind versions state this in their examples. I don't know when this
was changed, sometime between 9.6.1 and 9.9.4. ;-)
Best regards,
Edda
Am 05.05.17 um 11:53 schrieb Enrico Becchetti Gmail:
Dear Petr,
as you suggest I change the last lines of named.conf:
....
dlz "ldap zone" {
database "ldap 1 v3 simple {cn=Sync,dc=priv} {XXXXX}
{10.0.99.11}
ldap:///dlzZoneName=%zone%,ou=dns,dc=priv???objectClass=dlzZone
ldap:///dlzHostName=%record%,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa)))
ldap:///dlzHostName=@,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa))
ldap:///dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))";
};
but named-sdb won't start.
# systemctl start named-sdb
Job for named-sdb.service failed because the control process exited
with error code. See "systemctl status named-sdb.service" and
"journalctl -xe" for details.
May 5 09:05:02 privgw named-sdb[31437]: Loading 'ldap zone' using
driver ldap
May 5 09:05:02 privgw named-sdb[31437]: all nodes query must specify
a search base
May 5 09:05:02 privgw named-sdb[31437]: SDLZ driver failed to load.
May 5 09:05:02 privgw named-sdb[31437]: DLZ driver failed to load.
May 5 09:05:02 privgw named-sdb[31437]: loading configuration: failure
May 5 09:05:02 privgw named-sdb[31437]: exiting (due to fatal error)
May 5 09:05:02 privgw systemd: named-sdb.service: control process
exited, code=exited status=1
May 5 09:05:02 privgw systemd: Failed to start Berkeley Internet Name
Domain (DNS).
May 5 09:05:02 privgw systemd: Unit named-sdb.service entered failed
state.
May 5 09:05:02 privgw systemd: named-sdb.service failed.
These are the highest level of debug.
Have you got any ideas ?
Ldap zone is o=Department , dc=priv , os=dns after that there are some
dlzZonename: foo.wired.priv, bar.wired.priv and so on.
Thanks a lot !
Best Regards
Enrico
Il 04/05/17 18:50, Petr Mensik ha scritto:
Dear Enrico,
I have never configured DLZ zone myself.
There is clear error: all nodes query must specify a search base
I think it did not parse some query uri well. Could you add at least
-d 1 to OPTIONS in /etc/sysconfig/named and retry?
It will provide more details about query before it fails.
Just to be sure, do you really want ou=dns,dc=priv for lines 1 and 2,
but ou=dns,o=bind-dlz for lines 3 and 4? Are your data split between
them?
Best regards,
Petr
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com PGP: 65C6C973
----- Original Message -----
From: "Enrico Becchetti Gmail" <enrico.becche...@gmail.com>
To: bind-users@lists.isc.org
Sent: Wednesday, May 3, 2017 10:16:47 AM
Subject: Bind 9.9.4 DLZ LDAP , error in config file named.conf
Dear All, let me explain my issue.
I've CentOS 5.5 with Bind version 9.6.1 and the most important item
for this setup
is the integration with Ldap throught DLZ. So as you can imagine I've
named.conf
with ldap servers but I haven't any zone file because all informations
about hostname and IP are inside Ldap.
In the following my named.conf file:
options {
directory "/var/named";
listen-on-v6 { none; };
listen-on { 127.0.0.1; ......
omissis
................
pid-file "/var/run/named/named.pid";
};
.....
dlz "ldap zone" {
database "ldap 1 v3 simple {cn=Sync,dc=priv} {PASSWORD} {10.0.0.1}
ldap:///dlzZoneName=%zone%,ou=dns,dc=priv???objectClass=dlzZone
ldap:///dlzHostName=%record%,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa)))
ldap:///dlzHostName=@,dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa))
ldap:///dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))
";
};
Ldap server is OpenLdap 2.4.11 with DLZ schema, with this setup name
resolution for zones "*.PRIV" works fine.
This server is up and running from many years but now I need to
update to Centos 7, but
with this OS update I also migrate to Bind 9.9.4 included in the last
Centos and this is my problem !
Bind 9.9.4 with named.conf describe above failed during startup. When
I make "systemctl start named.sdb"
I've this error:
Job for named-sdb.service failed because the control process exited
with error code. See "systemctl status named-sdb.service" and
"journalctl -xe" for details.
/var/log/messages:
May 3 10:11:53 privgw systemd: Starting Generate rndc key for BIND
(DNS)...
May 3 10:11:53 privgw systemd: Started Generate rndc key for BIND (DNS).
May 3 10:11:53 privgw systemd: Starting Berkeley Internet Name Domain
(DNS)...
May 3 10:11:53 privgw bash: zone localhost/IN: loaded serial 2002081601
May 3 10:11:53 privgw bash: zone 127.in-addr.arpa/IN: loaded serial
2002081601
May 3 10:11:53 privgw named-sdb[5307]: starting BIND
9.9.4-RedHat-9.9.4-38.el7_3.3 -u named
May 3 10:11:53 privgw named-sdb[5307]: built with
'--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu'
'--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr'
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
'--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--with-libtool' '--localstatedir=/var' '--enable-threads'
'--with-geoip' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl'
'--with-pic' '--disable-static' '--disable-openssl-version-check'
'--enable-exportlib' '--with-export-libdir=/usr/lib64'
'--with-export-includedir=/usr/include'
'--includedir=/usr/include/bind9' '--enable-native-pkcs11'
'--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes'
'--with-dlz-ldap=yes' '--with-dlz-postgres=yes'
'--with-dlz-mysql=yes' '--with-dlz-filesystem=yes'
'--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego'
'--enable-fixed-rrset'
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'
'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
May 3 10:11:53 privgw named-sdb[5307]:
----------------------------------------------------
May 3 10:11:53 privgw named-sdb[5307]: BIND 9 is maintained by
Internet Systems Consortium,
May 3 10:11:53 privgw named-sdb[5307]: Inc. (ISC), a non-profit
501(c)(3) public-benefit
May 3 10:11:53 privgw named-sdb[5307]: corporation. Support and
training for BIND 9 are
May 3 10:11:53 privgw named-sdb[5307]: available at
https://www.isc.org/support
May 3 10:11:53 privgw named-sdb[5307]:
----------------------------------------------------
May 3 10:11:53 privgw named-sdb[5307]: adjusted limit on open files
from 4096 to 1048576
May 3 10:11:53 privgw named-sdb[5307]: found 1 CPU, using 1 worker
thread
May 3 10:11:53 privgw named-sdb[5307]: using 1 UDP listener per
interface
May 3 10:11:53 privgw named-sdb[5307]: using up to 4096 sockets
May 3 10:11:53 privgw named-sdb[5307]: SDB ldap zone database module
loaded.
May 3 10:11:53 privgw named-sdb[5307]: SDB postgreSQL DB zone
database module loaded.
May 3 10:11:53 privgw named-sdb[5307]: SDB sqlite3 DB zone database
module loaded.
May 3 10:11:53 privgw named-sdb[5307]: SDB directory DB zone database
module loaded.
May 3 10:11:53 privgw named-sdb[5307]: loading configuration from
'/etc/named.conf'
.......
May 3 10:11:53 privgw named-sdb[5307]: Loading 'ldap zone' using
driver ldap
May 3 10:11:53 privgw named-sdb[5307]: all nodes query must specify a
search base
May 3 10:11:53 privgw named-sdb[5307]: SDLZ driver failed to load.
May 3 10:11:53 privgw named-sdb[5307]: DLZ driver failed to load.
May 3 10:11:53 privgw named-sdb[5307]: loading configuration: failure
May 3 10:11:53 privgw named-sdb[5307]: exiting (due to fatal error)
May 3 10:11:53 privgw systemd: named-sdb.service: control process
exited, code=exited status=1
May 3 10:11:53 privgw systemd: Failed to start Berkeley Internet Name
Domain (DNS).
May 3 10:11:53 privgw systemd: Unit named-sdb.service entered failed
state.
May 3 10:11:53 privgw systemd: named-sdb.service failed.
Any ideas ?
Thanks in adavance for your help !
Best Regards
Willy
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
