undefined symbol: isc_commandline_index??
Initially sent this message to the dhcp-users list by mistake... Successfully building 9.8.3-P2 on a CentOS 5.x system with rpmbuild. I can install the RPMs, but when I try to start the named process, I get the following: /usr/sbin/named-checkconf: symbol lookup error: /usr/sbin/named-checkconf: undefined symbol: isc_commandline_index On the rpmbuild system, the binary seems to run fine and can check the named.conf.default file without the symbol lookup error. Why would it build and package correctly, but when I go to execute, get that error? What package or library am I not bundling in the RPM? Here's the output of ldd: ldd -d -r /usr/sbin/named-checkconf linux-gate.so.1 => (0x0056c000) libbind9.so.80 => /usr/lib/libbind9.so.80 (0x00cc2000) libisccfg.so.82 => /usr/lib/libisccfg.so.82 (0x00bca000) libdns.so.81 => /usr/lib/libdns.so.81 (0x0011) libisccc.so.80 => /usr/lib/libisccc.so.80 (0x007ea000) libisc.so.83 => /usr/lib/libisc.so.83 (0x00f3a000) libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00d4a000) libcrypto.so.6 => /lib/libcrypto.so.6 (0x0023f000) libdl.so.2 => /lib/libdl.so.2 (0x00567000) libcap.so.1 => /lib/libcap.so.1 (0x0066a000) libpthread.so.0 => /lib/libpthread.so.0 (0x005b6000) libxml2.so.2 => /usr/lib/libxml2.so.2 (0x008d4000) libz.so.1 => /usr/lib/libz.so.1 (0x00616000) libm.so.6 => /lib/libm.so.6 (0x005eb000) libc.so.6 => /lib/libc.so.6 (0x0040c000) libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x0066e000) libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00d22000) libcom_err.so.2 => /lib/libcom_err.so.2 (0x00407000) libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00ad1000) libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x0038) libresolv.so.2 => /lib/libresolv.so.2 (0x00383000) /lib/ld-linux.so.2 (0x003e8000) libselinux.so.1 => /lib/libselinux.so.1 (0x00d7a000) libsepol.so.1 => /lib/libsepol.so.1 (0x00cda000) undefined symbol: isc__task_send (/usr/lib/libisccc.so.80) undefined symbol: isc___mem_get (/usr/lib/libisccc.so.80) undefined symbol: isc___mem_put (/usr/lib/libisccc.so.80) undefined symbol: isc__socket_recv (/usr/lib/libisccc.so.80) undefined symbol: isc__socket_cancel (/usr/lib/libisccc.so.80) undefined symbol: cfg_acl_fromconfig (/usr/lib/libbind9.so.80) undefined symbol: isc___mem_free (/usr/lib/libbind9.so.80) undefined symbol: isc_net_probeipv4 (/usr/lib/libbind9.so.80) undefined symbol: isc___mem_strdup (/usr/lib/libbind9.so.80) undefined symbol: isc___mem_get (/usr/lib/libbind9.so.80) undefined symbol: isc_net_probeipv6 (/usr/lib/libbind9.so.80) undefined symbol: cfg_aclconfctx_detach (/usr/lib/libbind9.so.80) undefined symbol: cfg_aclconfctx_create (/usr/lib/libbind9.so.80) undefined symbol: isc___mem_put (/usr/lib/libbind9.so.80) undefined symbol: isc_commandline_index (/usr/sbin/named-checkconf) undefined symbol: isc_commandline_option (/usr/sbin/named-checkconf) undefined symbol: isc_commandline_argument (/usr/sbin/named-checkconf) undefined symbol: cfg_type_namedconf (/usr/sbin/named-checkconf) undefined symbol: isc_commandline_errprint (/usr/sbin/named-checkconf) undefined symbol: dns_zone_load (/usr/sbin/named-checkconf) undefined symbol: isc_entropy_create (/usr/sbin/named-checkconf) undefined symbol: dns_zone_setclass (/usr/sbin/named-checkconf) undefined symbol: dns_zone_setfile2 (/usr/sbin/named-checkconf) undefined symbol: dns_zone_setchecksrv (/usr/sbin/named-checkconf) undefined symbol: isc___mem_free (/usr/sbin/named-checkconf) undefined symbol: dns_zone_dumptostream2 (/usr/sbin/named-checkconf) undefined symbol: dns_zone_setcheckns (/usr/sbin/named-checkconf) undefined symbol: dns_zone_detach (/usr/sbin/named-checkconf) undefined symbol: dns_zone_create (/usr/sbin/named-checkconf) undefined symbol: isc___mem_strdup (/usr/sbin/named-checkconf) undefined symbol: dns_zone_setoption (/usr/sbin/named-checkconf) undefined symbol: dns_zone_setorigin (/usr/sbin/named-checkconf) undefined symbol: dns_zone_log (/usr/sbin/named-checkconf) undefined symbol: isc_commandline_parse (/usr/sbin/named-checkconf) undefined symbol: isc__mem_destroy (/usr/sbin/named-checkconf) undefined symbol: isc_entropy_detach (/usr/sbin/named-checkconf) undefined symbol: dns_zone_setcheckmx (/usr/sbin/named-checkconf) undefined symbol: dns_zone_settype (/usr/sbin/named-checkconf) undefined symbol: isc__mem_create (/usr/sbin/named-checkconf) undefined symbol: dns_zone_setdbtype (/usr/sbin/named-checkconf) Thanks for any tips. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: What does "deleted from unreachable cache" mean?
On 19/07/12 00:49, Peter Olsson wrote: > Hello! > > After my latest bind upgrade our slave server started > occasionally writing these messages to the log: > > master 2a02:::::2#53 (source ::#0) deleted from unreachable cache > > master 62.xxx.xxx.2#53 (source 0.0.0.0#0) deleted from unreachable cache > > DNS seems to work fine anyway, and all zonefiles in the slave > seem to update like they should, so everything seems ok. But I > would like to be certain that there is nothing to worry about, > so I wonder what these messages mean. (I didn't find anything > interesting in the list archives or in Google.) > > Both master and slave are FreeBSD, running port bind97-9.7.6.1. > > Thanks! > There'll be a new KB FAQ published on this early next week (https://kb.isc.org/article/AA-00765). Preview is that it will say something like this: What does named log message "deleted from unreachable cache" mean? An example of the messages being logged is: 02-Aug-2012 07:58:20.601 general: info: master 192.0.2.4#53 (source 192.0.2.8#0) deleted from unreachable cache BIND maintains a cache of unreachable masters to which it refers when handling a zone refresh. If a zone refresh fails with a specific master (either during the query for the SOA or after querying and while attempting a subsequent zone transfer), then this master is cached as 'unreachable' for 10 minutes. As of versions 9.6-ESV-R6, 9.7.5, 9.8.2 and 9.9.0 onwards, the change below implements an earlier removal of a master server from the unreachable cache if a notify is received from it. Note that receipt of a notify (which is a UDP packet travelling from master to slave) doesn't guarantee that the master will be reachable from the slave, but it does ensure quicker recovery in the situation where a master was temporarily unavailable, for example for a reboot. This is the relevant info from the Release Notes: Master servers that had previously been marked as unreachable because of failed zone transfer attempts will now be removed from the "unreachable" list (i.e. considered reachable again) if the slave receives a NOTIFY message from them. [RT #25960] In the CHANGES file, it is described thus: 3204. [bug] When a master server that has been marked as unreachable sends a NOTIFY, mark it reachable again. [RT #25960] ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: What does "deleted from unreachable cache" mean?
On Thu, Aug 02, 2012 at 03:26:08PM +0100, Cathy Almond wrote: > On 19/07/12 00:49, Peter Olsson wrote: > > Hello! > > > > After my latest bind upgrade our slave server started > > occasionally writing these messages to the log: > > > > master 2a02:::::2#53 (source ::#0) deleted from unreachable > > cache > > > > master 62.xxx.xxx.2#53 (source 0.0.0.0#0) deleted from unreachable cache > > > > DNS seems to work fine anyway, and all zonefiles in the slave > > seem to update like they should, so everything seems ok. But I > > would like to be certain that there is nothing to worry about, > > so I wonder what these messages mean. (I didn't find anything > > interesting in the list archives or in Google.) > > > > Both master and slave are FreeBSD, running port bind97-9.7.6.1. > > > > Thanks! > > > > There'll be a new KB FAQ published on this early next week > (https://kb.isc.org/article/AA-00765). Preview is that it will say > something like this: > > What does named log message "deleted from unreachable cache" mean? > > An example of the messages being logged is: > > 02-Aug-2012 07:58:20.601 general: info: master 192.0.2.4#53 (source > 192.0.2.8#0) deleted from unreachable cache > > BIND maintains a cache of unreachable masters to which it refers when > handling a zone refresh. If a zone refresh fails with a specific master > (either during the query for the SOA or after querying and while > attempting a subsequent zone transfer), then this master is cached as > 'unreachable' for 10 minutes. > > As of versions 9.6-ESV-R6, 9.7.5, 9.8.2 and 9.9.0 onwards, the change > below implements an earlier removal of a master server from the > unreachable cache if a notify is received from it. > > Note that receipt of a notify (which is a UDP packet travelling from > master to slave) doesn't guarantee that the master will be reachable > from the slave, but it does ensure quicker recovery in the situation > where a master was temporarily unavailable, for example for a reboot. > > This is the relevant info from the Release Notes: > > Master servers that had previously been marked as unreachable because of > failed zone transfer attempts will now be removed from the "unreachable" > list (i.e. considered reachable again) if the slave receives a NOTIFY > message from them. [RT #25960] > > In the CHANGES file, it is described thus: > 3204. [bug] When a master server that has been marked as > unreachable sends a NOTIFY, mark it reachable again. [RT #25960] Excellent information, thanks! However, it is worrying that the master sometimes is unreachable. Is there some way I can make the slave server log, with timestamp, what zone it was trying to refresh when it failed? Thanks! -- Peter Olssonp...@leissner.se ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: What does "deleted from unreachable cache" mean?
-Original Message-
From: Peter Olsson
Date: Thursday, August 2, 2012 10:25 AM
To: Cathy Almond
Cc: "bind-users@lists.isc.org"
Subject: Re: What does "deleted from unreachable cache" mean?
>Excellent information, thanks!
Agreed. I really appreciate the effort ISC has put into the KB.
>However, it is worrying that the master sometimes is unreachable.
>Is there some way I can make the slave server log, with timestamp,
>what zone it was trying to refresh when it failed?
Not sure if you've already tried, but do you have xfer logging enabled?
logging {
channel audit_log {
file "/var/named/bind/named.log";
severity debug;
print-time yes;
};
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category network { audit_log; };
category update { audit_log; };
// might want this to debug...
//category queries { audit_log; };
};
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: undefined symbol: isc_commandline_index??
I built statically linked binaries, and it fixed the problem. - Original Message - > From: Jiann-Ming Su > To: "bind-users@lists.isc.org" > Cc: > Sent: Thursday, August 2, 2012 3:50 AM > Subject: undefined symbol: isc_commandline_index?? > > Initially sent this message to the dhcp-users list by mistake... > > Successfully building 9.8.3-P2 on a CentOS 5.x system with rpmbuild. I > can install the RPMs, but when I try to start the named process, I get > the following: > > /usr/sbin/named-checkconf: symbol lookup error: /usr/sbin/named-checkconf: > undefined symbol: isc_commandline_index > > > On > the rpmbuild system, the binary seems to run fine and can check the > named.conf.default file without the symbol lookup error. > > > Why > would it build and package correctly, but when I go to execute, get > that error? What package or library am I not bundling in the RPM? > > Here's the output of ldd: > > ldd -d -r /usr/sbin/named-checkconf > linux-gate.so.1 => (0x0056c000) > libbind9.so.80 => /usr/lib/libbind9.so.80 (0x00cc2000) > libisccfg.so.82 => /usr/lib/libisccfg.so.82 (0x00bca000) > libdns.so.81 => /usr/lib/libdns.so.81 (0x0011) > libisccc.so.80 => /usr/lib/libisccc.so.80 (0x007ea000) > libisc.so.83 => /usr/lib/libisc.so.83 (0x00f3a000) > libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00d4a000) > libcrypto.so.6 => /lib/libcrypto.so.6 (0x0023f000) > libdl.so.2 => /lib/libdl.so.2 (0x00567000) > libcap.so.1 => /lib/libcap.so.1 (0x0066a000) > libpthread.so.0 => /lib/libpthread.so.0 (0x005b6000) > libxml2.so.2 => /usr/lib/libxml2.so.2 (0x008d4000) > libz.so.1 => /usr/lib/libz.so.1 (0x00616000) > libm.so.6 => /lib/libm.so.6 (0x005eb000) > libc.so.6 => /lib/libc.so.6 (0x0040c000) > libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x0066e000) > libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00d22000) > libcom_err.so.2 => /lib/libcom_err.so.2 (0x00407000) > libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00ad1000) > libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x0038) > libresolv.so.2 => /lib/libresolv.so.2 (0x00383000) > /lib/ld-linux.so.2 (0x003e8000) > libselinux.so.1 => /lib/libselinux.so.1 (0x00d7a000) > libsepol.so.1 => /lib/libsepol.so.1 (0x00cda000) > undefined symbol: isc__task_send (/usr/lib/libisccc.so.80) > undefined symbol: isc___mem_get (/usr/lib/libisccc.so.80) > undefined symbol: isc___mem_put (/usr/lib/libisccc.so.80) > undefined symbol: isc__socket_recv (/usr/lib/libisccc.so.80) > undefined symbol: isc__socket_cancel (/usr/lib/libisccc.so.80) > undefined symbol: cfg_acl_fromconfig (/usr/lib/libbind9.so.80) > undefined symbol: isc___mem_free (/usr/lib/libbind9.so.80) > undefined symbol: isc_net_probeipv4 (/usr/lib/libbind9.so.80) > undefined symbol: isc___mem_strdup (/usr/lib/libbind9.so.80) > undefined symbol: isc___mem_get (/usr/lib/libbind9.so.80) > undefined symbol: isc_net_probeipv6 (/usr/lib/libbind9.so.80) > undefined symbol: cfg_aclconfctx_detach (/usr/lib/libbind9.so.80) > undefined symbol: cfg_aclconfctx_create (/usr/lib/libbind9.so.80) > undefined symbol: isc___mem_put (/usr/lib/libbind9.so.80) > undefined symbol: isc_commandline_index (/usr/sbin/named-checkconf) > undefined symbol: isc_commandline_option (/usr/sbin/named-checkconf) > undefined symbol: isc_commandline_argument (/usr/sbin/named-checkconf) > undefined symbol: cfg_type_namedconf (/usr/sbin/named-checkconf) > undefined symbol: isc_commandline_errprint (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_load (/usr/sbin/named-checkconf) > undefined symbol: isc_entropy_create (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_setclass (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_setfile2 (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_setchecksrv (/usr/sbin/named-checkconf) > undefined symbol: isc___mem_free (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_dumptostream2 (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_setcheckns (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_detach (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_create (/usr/sbin/named-checkconf) > undefined symbol: isc___mem_strdup (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_setoption (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_setorigin (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_log (/usr/sbin/named-checkconf) > undefined symbol: isc_commandline_parse (/usr/sbin/named-checkconf) > undefined symbol: isc__mem_destroy (/usr/sbin/named-checkconf) > undefined symbol: isc_entropy_detach (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_setcheckmx (/usr/sbin/named-checkconf) > undefined symbol: dns_zone_settype (/usr/sbin/named-checkconf) > undefined symbol: isc__mem_create (/usr/sbin/named-checkco
Delayed Zone Transfers?
What would cause a delay in zone transfers? The notify go out immediately when the serial number changes on the master, but some of the secondaries can take up to 10 minutes before initiating the zone transfer. Also, even after the zone has been transferred, the secondary will not immediately serve out the new data. I'm running 9.8.1-P1, soon to be 9.8.3-P2. Thanks for any insights. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Delayed Zone Transfers?
On 8/2/2012 2:38 PM, Jiann-Ming Su wrote: > What would cause a delay in zone transfers? The notify go out immediately > when the serial number changes on the master, but some of the secondaries can > take up to 10 minutes before initiating the zone transfer. Also, even after > the zone has been transferred, the secondary will not immediately serve out > the new data. I'm running 9.8.1-P1, soon to be 9.8.3-P2. Thanks for any > insights. Many, many possible answers to this. The best way to find out for sure is to crank up logging for zone transfers to a high debug level on the master and the slaves. -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Delayed Zone Transfers?
Jiann-Ming Su wrote: > What would cause a delay in zone transfers? The notify go out > immediately when the serial number changes on the master, but some of the > secondaries can take up to 10 minutes before initiating the zone > transfer. Also, even after the zone has been transferred, the secondary > will not immediately serve out the new data. I'm running 9.8.1-P1, soon > to be 9.8.3-P2. Thanks for any insights. A large backlog of zone transfers on the slave? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
dnssec-signzone, dsset files and deleted KSK's
Context: BIND 9.8.3-P2 If dnssec-signzone is invoked with -S (smart signing), it examines keys in the key repository directory (-K) and selects only current keys for inclusion in the zone. That works well. It also generates DS records for the parent zone and lands them in a dsset file in (-d). The behaviour of the dsset file generation appears to be unaffected by the smart signing switch (-S). The generated dsset file includes all KSK's found in the key repository (-K) irrespective of any timing metadata (e.g. deleted). The dnssec-settime(8) manual says that deleted keys may remain in the key repository but the only way to exclude deleted KSK's from the dsset file seems to be to remove them from the key repository directory. Am I not driving this properly? Thank you. -- John Marshall ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't receive emails from another machine
> To check whether BIND is your problem simply run "dig -t MX " on > the host that is trying to send the email to your mail host. If it returns > the right IP address for your mail host then BIND isn't the problem. I can't do this because I tried to send it from gmail. > As Jeff Lightner said, this really isn't the right forum, but you need to > check what the sending server is failing on. Check the logs there. Is it > unable to resolve the domain for the message? Is it unable to connect? > Find the disease before asking for a cure. This is an error message from gmail's mail delivery subsystem: "DNS Error: Domain name not found" For some reason I overlooked it. Is it connected with my zone file settings (which are specified on the side of my registrar) or with BIND? Thanks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Dig 9.9.1 AD-bit
Hi, Dig 9.9.1 is setting the AD-bit in queries by default. Does anyone know why? Took me a while to figure out, among other things because Wireshark has a little bug that prevents the AD-bit being shown in queries. (reported as bug 2472 and 7555 on https://bugs.wireshark.org/bugzilla/) Thanks. Regards, -- Marco ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dig 9.9.1 AD-bit
On Thu, 2 Aug 2012, Marco Davids (SIDN) wrote: > Dig 9.9.1 is setting the AD-bit in queries by default. > > Does anyone know why? 3205. [func] Upgrade dig's defaults to better reflect modern nameserver behaviour. Enable "dig +adflag" and "dig +edns=0" by default. Enable "+dnssec" when running "dig +trace". [RT #23497] > Took me a while to figure out, among other things because Wireshark has > a little bug that prevents the AD-bit being shown in queries. > > (reported as bug 2472 and 7555 on https://bugs.wireshark.org/bugzilla/) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
