I installed Bind9 on a new ubuntu 13.04 server using apt-get install bind9 and am trying to integrate AD into it. Bind starts fine and will resolve my domain and computer names, but when I add the line include "/usr/local/samba/private/named.conf" into /etc/bind/named.conf, Bind9 fails to start. I have edited that file to ensure the correct line is included for Bind 9.9, and I am not getting any apparmor errors in my logs, but it will not start. The last paste to this message is me running named -g -d 9 and you can see where SDLZ failes to load, but no reason is given. I see no useful errors, so don't know where to begin fixing it Thanx for the help Here is some of my configurations named -V BIND 9.9.2-P1 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' using OpenSSL version: OpenSSL 1.0.1c 10 May 2012 using libxml2 version: 2.9.0 cat /etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; include "/usr/local/samba/private/named.conf"; cat /etc/bind/named.conf.options options { directory "/etc/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 8.8.8.8; 8.8.4.4; }; //======================================================================= // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================= dnssec-validation auto; auth-nxdomain yes; # conform to RFC1035 listen-on-v6 { none; }; allow-transfer {none;}; notify no; allow-query { xxx.xxx.xxx.xxx/24; // other networks you want to allow to query your DNS }; allow-recursion { xxx.xxx.xxx.xxx/24; //other networks you want to allow to do recurrsive queries }; tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; }; cat /usr/local/samba/private/named.conf # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support. # # This file should be included in your main BIND configuration file # # For example with # include "/usr/local/samba/private/named.conf"; # # This configures dynamically loadable zones (DLZ) from AD schema # Uncomment only single database line, depending on your BIND version # dlz "AD DNS Zone" { # For BIND 9.8.0 #database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so"; # For BIND 9.9.0 database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so"; }; named -g -d 9 11-Sep-2013 11:29:11.242 starting BIND 9.9.2-P1 -g -d 9 11-Sep-2013 11:29:11.243 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 11-Sep-2013 11:29:11.243 ---------------------------------------------------- 11-Sep-2013 11:29:11.243 BIND 9 is maintained by Internet Systems Consortium, 11-Sep-2013 11:29:11.243 Inc. (ISC), a non-profit 501(c)(3) public-benefit 11-Sep-2013 11:29:11.243 corporation. Support and training for BIND 9 are 11-Sep-2013 11:29:11.243 available at https://www.isc.org/support 11-Sep-2013 11:29:11.243 ---------------------------------------------------- 11-Sep-2013 11:29:11.243 adjusted limit on open files from 4096 to 1048576 11-Sep-2013 11:29:11.243 found 2 CPUs, using 2 worker threads 11-Sep-2013 11:29:11.243 using 2 UDP listeners per interface 11-Sep-2013 11:29:11.243 using up to 4096 sockets 11-Sep-2013 11:29:11.244 Registering DLZ_dlopen driver 11-Sep-2013 11:29:11.244 Registering SDLZ driver 'dlopen' 11-Sep-2013 11:29:11.244 Registering DLZ driver 'dlopen' 11-Sep-2013 11:29:11.245 decrement_reference: delete from rbt: 0x7f916c147068 . 11-Sep-2013 11:29:11.252 loading configuration from '/etc/bind/named.conf' 11-Sep-2013 11:29:11.252 reading built-in trusted keys from file '/etc/bind/bind.keys' 11-Sep-2013 11:29:11.252 set maximum stack size to 18446744073709551615: success 11-Sep-2013 11:29:11.252 set maximum data size to 18446744073709551615: success 11-Sep-2013 11:29:11.252 set maximum core size to 18446744073709551615: success 11-Sep-2013 11:29:11.253 set maximum open files to 18446744073709551615: success 11-Sep-2013 11:29:11.253 using default UDP/IPv4 port range: [1024, 65535] 11-Sep-2013 11:29:11.253 using default UDP/IPv6 port range: [1024, 65535] 11-Sep-2013 11:29:11.255 listening on IPv4 interface lo, 127.0.0.1#53 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: createclients 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: get client 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create new 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: clientmctx 11-Sep-2013 11:29:11.255 client @0x7f9160091b30: create 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: get client 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: create new 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: clientmctx 11-Sep-2013 11:29:11.256 client @0x7f916009fd40: create 11-Sep-2013 11:29:11.256 binding TCP socket: address in use 11-Sep-2013 11:29:11.256 listening on IPv4 interface eth0, 192.168.217.144#53 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: createclients 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: get client 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create new 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx 11-Sep-2013 11:29:11.257 client @0x7f91600af020: create 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: get client 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: create new 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx 11-Sep-2013 11:29:11.257 client @0x7f91600bd230: create 11-Sep-2013 11:29:11.257 binding TCP socket: address in use 11-Sep-2013 11:29:11.258 generating session key for dynamic DNS 11-Sep-2013 11:29:11.258 sizing zone task pool based on 5 zones 11-Sep-2013 11:29:11.259 decrement_reference: delete from rbt: 0x7f916c147850 . 11-Sep-2013 11:29:11.259 Loading 'AD DNS Zone' using driver dlopen 11-Sep-2013 11:29:11.259 Loading SDLZ driver. 11-Sep-2013 11:29:11.277 dlz_dlopen of 'AD DNS Zone' failed 11-Sep-2013 11:29:11.278 SDLZ driver failed to load. 11-Sep-2013 11:29:11.278 DLZ driver failed to load. 11-Sep-2013 11:29:11.278 client @0x7f9160091b30: udprecv 11-Sep-2013 11:29:11.278 client @0x7f916009fd40: udprecv 11-Sep-2013 11:29:11.278 client @0x7f91600af020: udprecv 11-Sep-2013 11:29:11.279 client @0x7f91600bd230: udprecv 11-Sep-2013 11:29:11.279 zone_shutdown: zone 0.in-addr.arpa/IN: shutting down 11-Sep-2013 11:29:11.279 zone_shutdown: zone 127.in-addr.arpa/IN: shutting down 11-Sep-2013 11:29:11.279 zone_shutdown: zone 255.in-addr.arpa/IN: shutting down 11-Sep-2013 11:29:11.279 zone_shutdown: zone localhost/IN: shutting down 11-Sep-2013 11:29:11.279 calling free_rbtdb(.) 11-Sep-2013 11:29:11.279 done free_rbtdb(.) 11-Sep-2013 11:29:11.279 load_configuration: out of memory 11-Sep-2013 11:29:11.279 loading configuration: out of memory 11-Sep-2013 11:29:11.279 exiting (due to fatal error) -- Robert Millott President, Millott and Associates (443) 255-3588
On Wed, 2013-09-11 at 11:32 -0400, Robert Millott wrote:> I installed Bind9 on a new ubuntu 13.04 server using > > apt-get install bind9 > > and am trying to integrate AD into it. Bind starts fine and will resolve my > domain and computer names, but when I add the line > include "/usr/local/samba/private/named.conf" > into /etc/bind/named.conf, Bind9 fails to start.Ho On Ubuntu, I think bind runs as user bind. Can bind read/get into to beable to read the dns partition at /sam.ldb.d, /dns and dns.keytab under /usr/local/samba/private? HTH Steve
You get the error: 11-Sep-2013 11:29:11.277 dlz_dlopen of 'AD DNS Zone' failed Replace "AD DNS Zone" in the file "/usr/local/samba/private/named.conf"; with your dns domain. dlz "AD DNS Zone" {..} -> dlz "example.com" {...} and restart bind. Regards Davor Vusir -------------------------------------------------- From: "Robert Millott" <robm at millottandassociates.com> Sent: Wednesday, September 11, 2013 5:32 PM To: <samba at lists.samba.org> Subject: [Samba] Bind9 AD SDLZ driver failed to load> I installed Bind9 on a new ubuntu 13.04 server using > > apt-get install bind9 > > and am trying to integrate AD into it. Bind starts fine and will resolve > my > domain and computer names, but when I add the line > include "/usr/local/samba/private/named.conf" > into /etc/bind/named.conf, Bind9 fails to start. I have edited that file > to ensure the correct line is included for Bind 9.9, and I am not getting > any apparmor errors in my logs, but it will not start. > The last paste to this message is me running named -g -d 9 and you can see > where SDLZ failes to load, but no reason is given. > > I see no useful errors, so don't know where to begin fixing it > > Thanx for the help > > Here is some of my configurations > > named -V > > BIND 9.9.2-P1 built with '--prefix=/usr' '--mandir=/usr/share/man' > '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' > '--localstatedir=/var' > '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' > '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' > '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' > 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' > using OpenSSL version: OpenSSL 1.0.1c 10 May 2012 > using libxml2 version: 2.9.0 > > > cat /etc/bind/named.conf > // This is the primary configuration file for the BIND DNS server named. > // > // Please read /usr/share/doc/bind9/README.Debian.gz for information on > the > // structure of BIND configuration files in Debian, *BEFORE* you customize > // this configuration file. > // > // If you are just adding zones, please do that in > /etc/bind/named.conf.local > > include "/etc/bind/named.conf.options"; > include "/etc/bind/named.conf.local"; > include "/etc/bind/named.conf.default-zones"; > include "/usr/local/samba/private/named.conf"; > > cat /etc/bind/named.conf.options > options { > directory "/etc/bind"; > > // If there is a firewall between you and nameservers you want > // to talk to, you may need to fix the firewall to allow multiple > // ports to talk. See http://www.kb.cert.org/vuls/id/800113 > > // If your ISP provided one or more IP addresses for stable > // nameservers, you probably want to use them as forwarders. > // Uncomment the following block, and insert the addresses > replacing > // the all-0's placeholder. > > forwarders { > 8.8.8.8; 8.8.4.4; > }; > > > //=======================================================================> // If BIND logs error messages about the root key being expired, > // you will need to update your keys. See > https://www.isc.org/bind-keys > > //=======================================================================> dnssec-validation auto; > > auth-nxdomain yes; # conform to RFC1035 > listen-on-v6 { none; }; > > allow-transfer {none;}; > notify no; > allow-query { > xxx.xxx.xxx.xxx/24; > // other networks you want to allow to query your DNS > }; > allow-recursion { > xxx.xxx.xxx.xxx/24; > //other networks you want to allow to do recurrsive queries > }; > > tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; > }; > > > cat /usr/local/samba/private/named.conf > # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen > support. > # > # This file should be included in your main BIND configuration file > # > # For example with > # include "/usr/local/samba/private/named.conf"; > > # > # This configures dynamically loadable zones (DLZ) from AD schema > # Uncomment only single database line, depending on your BIND version > # > dlz "AD DNS Zone" { > # For BIND 9.8.0 > #database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so"; > > # For BIND 9.9.0 > database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so"; > }; > > > named -g -d 9 > 11-Sep-2013 11:29:11.242 starting BIND 9.9.2-P1 -g -d 9 > 11-Sep-2013 11:29:11.243 built with '--prefix=/usr' > '--mandir=/usr/share/man' '--infodir=/usr/share/info' > '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' > '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' > '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' > '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' > 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' > 11-Sep-2013 11:29:11.243 > ---------------------------------------------------- > 11-Sep-2013 11:29:11.243 BIND 9 is maintained by Internet Systems > Consortium, > 11-Sep-2013 11:29:11.243 Inc. (ISC), a non-profit 501(c)(3) public-benefit > 11-Sep-2013 11:29:11.243 corporation. Support and training for BIND 9 are > 11-Sep-2013 11:29:11.243 available at https://www.isc.org/support > 11-Sep-2013 11:29:11.243 > ---------------------------------------------------- > 11-Sep-2013 11:29:11.243 adjusted limit on open files from 4096 to 1048576 > 11-Sep-2013 11:29:11.243 found 2 CPUs, using 2 worker threads > 11-Sep-2013 11:29:11.243 using 2 UDP listeners per interface > 11-Sep-2013 11:29:11.243 using up to 4096 sockets > 11-Sep-2013 11:29:11.244 Registering DLZ_dlopen driver > 11-Sep-2013 11:29:11.244 Registering SDLZ driver 'dlopen' > 11-Sep-2013 11:29:11.244 Registering DLZ driver 'dlopen' > 11-Sep-2013 11:29:11.245 decrement_reference: delete from rbt: > 0x7f916c147068 . > 11-Sep-2013 11:29:11.252 loading configuration from '/etc/bind/named.conf' > 11-Sep-2013 11:29:11.252 reading built-in trusted keys from file > '/etc/bind/bind.keys' > 11-Sep-2013 11:29:11.252 set maximum stack size to 18446744073709551615: > success > 11-Sep-2013 11:29:11.252 set maximum data size to 18446744073709551615: > success > 11-Sep-2013 11:29:11.252 set maximum core size to 18446744073709551615: > success > 11-Sep-2013 11:29:11.253 set maximum open files to 18446744073709551615: > success > 11-Sep-2013 11:29:11.253 using default UDP/IPv4 port range: [1024, 65535] > 11-Sep-2013 11:29:11.253 using default UDP/IPv6 port range: [1024, 65535] > 11-Sep-2013 11:29:11.255 listening on IPv4 interface lo, 127.0.0.1#53 > 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create > 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: createclients > 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: get client > 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create new > 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: clientmctx > 11-Sep-2013 11:29:11.255 client @0x7f9160091b30: create > 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: get client > 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: create new > 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: clientmctx > 11-Sep-2013 11:29:11.256 client @0x7f916009fd40: create > 11-Sep-2013 11:29:11.256 binding TCP socket: address in use > 11-Sep-2013 11:29:11.256 listening on IPv4 interface eth0, > 192.168.217.144#53 > 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create > 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: createclients > 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: get client > 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create new > 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx > 11-Sep-2013 11:29:11.257 client @0x7f91600af020: create > 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: get client > 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: create new > 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx > 11-Sep-2013 11:29:11.257 client @0x7f91600bd230: create > 11-Sep-2013 11:29:11.257 binding TCP socket: address in use > 11-Sep-2013 11:29:11.258 generating session key for dynamic DNS > 11-Sep-2013 11:29:11.258 sizing zone task pool based on 5 zones > 11-Sep-2013 11:29:11.259 decrement_reference: delete from rbt: > 0x7f916c147850 . > 11-Sep-2013 11:29:11.259 Loading 'AD DNS Zone' using driver dlopen > 11-Sep-2013 11:29:11.259 Loading SDLZ driver. > 11-Sep-2013 11:29:11.277 dlz_dlopen of 'AD DNS Zone' failed > 11-Sep-2013 11:29:11.278 SDLZ driver failed to load. > 11-Sep-2013 11:29:11.278 DLZ driver failed to load. > 11-Sep-2013 11:29:11.278 client @0x7f9160091b30: udprecv > 11-Sep-2013 11:29:11.278 client @0x7f916009fd40: udprecv > 11-Sep-2013 11:29:11.278 client @0x7f91600af020: udprecv > 11-Sep-2013 11:29:11.279 client @0x7f91600bd230: udprecv > 11-Sep-2013 11:29:11.279 zone_shutdown: zone 0.in-addr.arpa/IN: shutting > down > 11-Sep-2013 11:29:11.279 zone_shutdown: zone 127.in-addr.arpa/IN: shutting > down > 11-Sep-2013 11:29:11.279 zone_shutdown: zone 255.in-addr.arpa/IN: shutting > down > 11-Sep-2013 11:29:11.279 zone_shutdown: zone localhost/IN: shutting down > 11-Sep-2013 11:29:11.279 calling free_rbtdb(.) > 11-Sep-2013 11:29:11.279 done free_rbtdb(.) > 11-Sep-2013 11:29:11.279 load_configuration: out of memory > 11-Sep-2013 11:29:11.279 loading configuration: out of memory > 11-Sep-2013 11:29:11.279 exiting (due to fatal error) > -- > Robert Millott > President, Millott and Associates > (443) 255-3588 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
This is mine working on centos 6: [root at s4master ~]# named -V BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 built with '--host=x86_64-redhat-linux-gnu' '--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=/usr/include/gssapi' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS-DDIG_SIGCHASE' using OpenSSL version: OpenSSL 1.0.0 29 Mar 2010 using libxml2 version: 2.7.6 What about "with-dlopen" and your correct path to '--with-geoip=/usr' ----------------------------------------------- EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Robert Millott Gesendet: Mittwoch, 11. September 2013 17:33 An: samba at lists.samba.org Betreff: [Samba] Bind9 AD SDLZ driver failed to load I installed Bind9 on a new ubuntu 13.04 server using apt-get install bind9 and am trying to integrate AD into it. Bind starts fine and will resolve my domain and computer names, but when I add the line include "/usr/local/samba/private/named.conf" into /etc/bind/named.conf, Bind9 fails to start. I have edited that file to ensure the correct line is included for Bind 9.9, and I am not getting any apparmor errors in my logs, but it will not start. The last paste to this message is me running named -g -d 9 and you can see where SDLZ failes to load, but no reason is given. I see no useful errors, so don't know where to begin fixing it Thanx for the help Here is some of my configurations named -V BIND 9.9.2-P1 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' using OpenSSL version: OpenSSL 1.0.1c 10 May 2012 using libxml2 version: 2.9.0 cat /etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; include "/usr/local/samba/private/named.conf"; cat /etc/bind/named.conf.options options { directory "/etc/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 8.8.8.8; 8.8.4.4; }; //======================================================================= // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================= dnssec-validation auto; auth-nxdomain yes; # conform to RFC1035 listen-on-v6 { none; }; allow-transfer {none;}; notify no; allow-query { xxx.xxx.xxx.xxx/24; // other networks you want to allow to query your DNS }; allow-recursion { xxx.xxx.xxx.xxx/24; //other networks you want to allow to do recurrsive queries }; tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; }; cat /usr/local/samba/private/named.conf # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support. # # This file should be included in your main BIND configuration file # # For example with # include "/usr/local/samba/private/named.conf"; # # This configures dynamically loadable zones (DLZ) from AD schema # Uncomment only single database line, depending on your BIND version # dlz "AD DNS Zone" { # For BIND 9.8.0 #database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so"; # For BIND 9.9.0 database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so"; }; named -g -d 9 11-Sep-2013 11:29:11.242 starting BIND 9.9.2-P1 -g -d 9 11-Sep-2013 11:29:11.243 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 11-Sep-2013 11:29:11.243 ---------------------------------------------------- 11-Sep-2013 11:29:11.243 BIND 9 is maintained by Internet Systems Consortium, 11-Sep-2013 11:29:11.243 Inc. (ISC), a non-profit 501(c)(3) public-benefit 11-Sep-2013 11:29:11.243 corporation. Support and training for BIND 9 are 11-Sep-2013 11:29:11.243 available at https://www.isc.org/support 11-Sep-2013 11:29:11.243 ---------------------------------------------------- 11-Sep-2013 11:29:11.243 adjusted limit on open files from 4096 to 1048576 11-Sep-2013 11:29:11.243 found 2 CPUs, using 2 worker threads 11-Sep-2013 11:29:11.243 using 2 UDP listeners per interface 11-Sep-2013 11:29:11.243 using up to 4096 sockets 11-Sep-2013 11:29:11.244 Registering DLZ_dlopen driver 11-Sep-2013 11:29:11.244 Registering SDLZ driver 'dlopen' 11-Sep-2013 11:29:11.244 Registering DLZ driver 'dlopen' 11-Sep-2013 11:29:11.245 decrement_reference: delete from rbt: 0x7f916c147068 . 11-Sep-2013 11:29:11.252 loading configuration from '/etc/bind/named.conf' 11-Sep-2013 11:29:11.252 reading built-in trusted keys from file '/etc/bind/bind.keys' 11-Sep-2013 11:29:11.252 set maximum stack size to 18446744073709551615: success 11-Sep-2013 11:29:11.252 set maximum data size to 18446744073709551615: success 11-Sep-2013 11:29:11.252 set maximum core size to 18446744073709551615: success 11-Sep-2013 11:29:11.253 set maximum open files to 18446744073709551615: success 11-Sep-2013 11:29:11.253 using default UDP/IPv4 port range: [1024, 65535] 11-Sep-2013 11:29:11.253 using default UDP/IPv6 port range: [1024, 65535] 11-Sep-2013 11:29:11.255 listening on IPv4 interface lo, 127.0.0.1#53 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: createclients 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: get client 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create new 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: clientmctx 11-Sep-2013 11:29:11.255 client @0x7f9160091b30: create 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: get client 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: create new 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: clientmctx 11-Sep-2013 11:29:11.256 client @0x7f916009fd40: create 11-Sep-2013 11:29:11.256 binding TCP socket: address in use 11-Sep-2013 11:29:11.256 listening on IPv4 interface eth0, 192.168.217.144#53 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: createclients 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: get client 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create new 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx 11-Sep-2013 11:29:11.257 client @0x7f91600af020: create 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: get client 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: create new 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx 11-Sep-2013 11:29:11.257 client @0x7f91600bd230: create 11-Sep-2013 11:29:11.257 binding TCP socket: address in use 11-Sep-2013 11:29:11.258 generating session key for dynamic DNS 11-Sep-2013 11:29:11.258 sizing zone task pool based on 5 zones 11-Sep-2013 11:29:11.259 decrement_reference: delete from rbt: 0x7f916c147850 . 11-Sep-2013 11:29:11.259 Loading 'AD DNS Zone' using driver dlopen 11-Sep-2013 11:29:11.259 Loading SDLZ driver. 11-Sep-2013 11:29:11.277 dlz_dlopen of 'AD DNS Zone' failed 11-Sep-2013 11:29:11.278 SDLZ driver failed to load. 11-Sep-2013 11:29:11.278 DLZ driver failed to load. 11-Sep-2013 11:29:11.278 client @0x7f9160091b30: udprecv 11-Sep-2013 11:29:11.278 client @0x7f916009fd40: udprecv 11-Sep-2013 11:29:11.278 client @0x7f91600af020: udprecv 11-Sep-2013 11:29:11.279 client @0x7f91600bd230: udprecv 11-Sep-2013 11:29:11.279 zone_shutdown: zone 0.in-addr.arpa/IN: shutting down 11-Sep-2013 11:29:11.279 zone_shutdown: zone 127.in-addr.arpa/IN: shutting down 11-Sep-2013 11:29:11.279 zone_shutdown: zone 255.in-addr.arpa/IN: shutting down 11-Sep-2013 11:29:11.279 zone_shutdown: zone localhost/IN: shutting down 11-Sep-2013 11:29:11.279 calling free_rbtdb(.) 11-Sep-2013 11:29:11.279 done free_rbtdb(.) 11-Sep-2013 11:29:11.279 load_configuration: out of memory 11-Sep-2013 11:29:11.279 loading configuration: out of memory 11-Sep-2013 11:29:11.279 exiting (due to fatal error) -- Robert Millott President, Millott and Associates (443) 255-3588 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Seemingly Similar Threads
- BDC Clients Unable to update DNS (PTR/A)
- Please Help! Dynamic DNS just will not work: " failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure"
- FW: Internal DNS migrate to Bind9_DLZ
- help on drawing right colors within a grouped xyplot (Lattice)
- bind9, SELinux, ServFail