I installed Bind9 on a new ubuntu 13.04 server using
apt-get install bind9
and am trying to integrate AD into it. Bind starts fine and will resolve my
domain and computer names, but when I add the line
include "/usr/local/samba/private/named.conf"
into /etc/bind/named.conf, Bind9 fails to start. I have edited that file
to ensure the correct line is included for Bind 9.9, and I am not getting
any apparmor errors in my logs, but it will not start.
The last paste to this message is me running named -g -d 9 and you can see
where SDLZ failes to load, but no reason is given.
I see no useful errors, so don't know where to begin fixing it
Thanx for the help
Here is some of my configurations
named -V
BIND 9.9.2-P1 built with '--prefix=/usr'
'--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--sysconfdir=/etc/bind'
'--localstatedir=/var'
'--enable-threads' '--enable-largefile' '--with-libtool'
'--enable-shared'
'--enable-static' '--with-openssl=/usr'
'--with-gssapi=/usr'
'--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no'
'--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
using OpenSSL version: OpenSSL 1.0.1c 10 May 2012
using libxml2 version: 2.9.0
cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/usr/local/samba/private/named.conf";
cat /etc/bind/named.conf.options
options {
directory "/etc/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8; 8.8.4.4;
};
//=======================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//=======================================================================
dnssec-validation auto;
auth-nxdomain yes; # conform to RFC1035
listen-on-v6 { none; };
allow-transfer {none;};
notify no;
allow-query {
xxx.xxx.xxx.xxx/24;
// other networks you want to allow to query your DNS
};
allow-recursion {
xxx.xxx.xxx.xxx/24;
//other networks you want to allow to do recurrsive queries
};
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};
cat /usr/local/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/usr/local/samba/private/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
# For BIND 9.8.0
#database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so";
# For BIND 9.9.0
database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";
};
named -g -d 9
11-Sep-2013 11:29:11.242 starting BIND 9.9.2-P1 -g -d 9
11-Sep-2013 11:29:11.243 built with '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads'
'--enable-largefile' '--with-libtool' '--enable-shared'
'--enable-static'
'--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld'
'--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
11-Sep-2013 11:29:11.243
----------------------------------------------------
11-Sep-2013 11:29:11.243 BIND 9 is maintained by Internet Systems
Consortium,
11-Sep-2013 11:29:11.243 Inc. (ISC), a non-profit 501(c)(3) public-benefit
11-Sep-2013 11:29:11.243 corporation. Support and training for BIND 9 are
11-Sep-2013 11:29:11.243 available at https://www.isc.org/support
11-Sep-2013 11:29:11.243
----------------------------------------------------
11-Sep-2013 11:29:11.243 adjusted limit on open files from 4096 to 1048576
11-Sep-2013 11:29:11.243 found 2 CPUs, using 2 worker threads
11-Sep-2013 11:29:11.243 using 2 UDP listeners per interface
11-Sep-2013 11:29:11.243 using up to 4096 sockets
11-Sep-2013 11:29:11.244 Registering DLZ_dlopen driver
11-Sep-2013 11:29:11.244 Registering SDLZ driver 'dlopen'
11-Sep-2013 11:29:11.244 Registering DLZ driver 'dlopen'
11-Sep-2013 11:29:11.245 decrement_reference: delete from rbt:
0x7f916c147068 .
11-Sep-2013 11:29:11.252 loading configuration from
'/etc/bind/named.conf'
11-Sep-2013 11:29:11.252 reading built-in trusted keys from file
'/etc/bind/bind.keys'
11-Sep-2013 11:29:11.252 set maximum stack size to 18446744073709551615:
success
11-Sep-2013 11:29:11.252 set maximum data size to 18446744073709551615:
success
11-Sep-2013 11:29:11.252 set maximum core size to 18446744073709551615:
success
11-Sep-2013 11:29:11.253 set maximum open files to 18446744073709551615:
success
11-Sep-2013 11:29:11.253 using default UDP/IPv4 port range: [1024, 65535]
11-Sep-2013 11:29:11.253 using default UDP/IPv6 port range: [1024, 65535]
11-Sep-2013 11:29:11.255 listening on IPv4 interface lo, 127.0.0.1#53
11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create
11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: createclients
11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: get client
11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create new
11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: clientmctx
11-Sep-2013 11:29:11.255 client @0x7f9160091b30: create
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: get client
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: create new
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: clientmctx
11-Sep-2013 11:29:11.256 client @0x7f916009fd40: create
11-Sep-2013 11:29:11.256 binding TCP socket: address in use
11-Sep-2013 11:29:11.256 listening on IPv4 interface eth0,
192.168.217.144#53
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: createclients
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: get client
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create new
11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx
11-Sep-2013 11:29:11.257 client @0x7f91600af020: create
11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: get client
11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: create new
11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx
11-Sep-2013 11:29:11.257 client @0x7f91600bd230: create
11-Sep-2013 11:29:11.257 binding TCP socket: address in use
11-Sep-2013 11:29:11.258 generating session key for dynamic DNS
11-Sep-2013 11:29:11.258 sizing zone task pool based on 5 zones
11-Sep-2013 11:29:11.259 decrement_reference: delete from rbt:
0x7f916c147850 .
11-Sep-2013 11:29:11.259 Loading 'AD DNS Zone' using driver dlopen
11-Sep-2013 11:29:11.259 Loading SDLZ driver.
11-Sep-2013 11:29:11.277 dlz_dlopen of 'AD DNS Zone' failed
11-Sep-2013 11:29:11.278 SDLZ driver failed to load.
11-Sep-2013 11:29:11.278 DLZ driver failed to load.
11-Sep-2013 11:29:11.278 client @0x7f9160091b30: udprecv
11-Sep-2013 11:29:11.278 client @0x7f916009fd40: udprecv
11-Sep-2013 11:29:11.278 client @0x7f91600af020: udprecv
11-Sep-2013 11:29:11.279 client @0x7f91600bd230: udprecv
11-Sep-2013 11:29:11.279 zone_shutdown: zone 0.in-addr.arpa/IN: shutting
down
11-Sep-2013 11:29:11.279 zone_shutdown: zone 127.in-addr.arpa/IN: shutting
down
11-Sep-2013 11:29:11.279 zone_shutdown: zone 255.in-addr.arpa/IN: shutting
down
11-Sep-2013 11:29:11.279 zone_shutdown: zone localhost/IN: shutting down
11-Sep-2013 11:29:11.279 calling free_rbtdb(.)
11-Sep-2013 11:29:11.279 done free_rbtdb(.)
11-Sep-2013 11:29:11.279 load_configuration: out of memory
11-Sep-2013 11:29:11.279 loading configuration: out of memory
11-Sep-2013 11:29:11.279 exiting (due to fatal error)
--
Robert Millott
President, Millott and Associates
(443) 255-3588
On Wed, 2013-09-11 at 11:32 -0400, Robert Millott wrote:> I installed Bind9 on a new ubuntu 13.04 server using > > apt-get install bind9 > > and am trying to integrate AD into it. Bind starts fine and will resolve my > domain and computer names, but when I add the line > include "/usr/local/samba/private/named.conf" > into /etc/bind/named.conf, Bind9 fails to start.Ho On Ubuntu, I think bind runs as user bind. Can bind read/get into to beable to read the dns partition at /sam.ldb.d, /dns and dns.keytab under /usr/local/samba/private? HTH Steve
You get the error: 11-Sep-2013 11:29:11.277 dlz_dlopen of 'AD DNS Zone'
failed
Replace "AD DNS Zone" in the file
"/usr/local/samba/private/named.conf";
with your dns domain.
dlz "AD DNS Zone" {..} -> dlz "example.com" {...}
and restart bind.
Regards
Davor Vusir
--------------------------------------------------
From: "Robert Millott" <robm at millottandassociates.com>
Sent: Wednesday, September 11, 2013 5:32 PM
To: <samba at lists.samba.org>
Subject: [Samba] Bind9 AD SDLZ driver failed to load
> I installed Bind9 on a new ubuntu 13.04 server using
>
> apt-get install bind9
>
> and am trying to integrate AD into it. Bind starts fine and will resolve
> my
> domain and computer names, but when I add the line
> include "/usr/local/samba/private/named.conf"
> into /etc/bind/named.conf, Bind9 fails to start. I have edited that file
> to ensure the correct line is included for Bind 9.9, and I am not getting
> any apparmor errors in my logs, but it will not start.
> The last paste to this message is me running named -g -d 9 and you can see
> where SDLZ failes to load, but no reason is given.
>
> I see no useful errors, so don't know where to begin fixing it
>
> Thanx for the help
>
> Here is some of my configurations
>
> named -V
>
> BIND 9.9.2-P1 built with '--prefix=/usr'
'--mandir=/usr/share/man'
> '--infodir=/usr/share/info' '--sysconfdir=/etc/bind'
> '--localstatedir=/var'
> '--enable-threads' '--enable-largefile'
'--with-libtool' '--enable-shared'
> '--enable-static' '--with-openssl=/usr'
'--with-gssapi=/usr'
> '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no'
'--enable-ipv6'
> 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
> using OpenSSL version: OpenSSL 1.0.1c 10 May 2012
> using libxml2 version: 2.9.0
>
>
> cat /etc/bind/named.conf
> // This is the primary configuration file for the BIND DNS server named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for information on
> the
> // structure of BIND configuration files in Debian, *BEFORE* you customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/usr/local/samba/private/named.conf";
>
> cat /etc/bind/named.conf.options
> options {
> directory "/etc/bind";
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you may need to fix the firewall to allow multiple
> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the addresses
> replacing
> // the all-0's placeholder.
>
> forwarders {
> 8.8.8.8; 8.8.4.4;
> };
>
>
>
//=======================================================================>
// If BIND logs error messages about the root key being expired,
> // you will need to update your keys. See
> https://www.isc.org/bind-keys
>
>
//=======================================================================>
dnssec-validation auto;
>
> auth-nxdomain yes; # conform to RFC1035
> listen-on-v6 { none; };
>
> allow-transfer {none;};
> notify no;
> allow-query {
> xxx.xxx.xxx.xxx/24;
> // other networks you want to allow to query your DNS
> };
> allow-recursion {
> xxx.xxx.xxx.xxx/24;
> //other networks you want to allow to do recurrsive queries
> };
>
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> };
>
>
> cat /usr/local/samba/private/named.conf
> # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen
> support.
> #
> # This file should be included in your main BIND configuration file
> #
> # For example with
> # include "/usr/local/samba/private/named.conf";
>
> #
> # This configures dynamically loadable zones (DLZ) from AD schema
> # Uncomment only single database line, depending on your BIND version
> #
> dlz "AD DNS Zone" {
> # For BIND 9.8.0
> #database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so";
>
> # For BIND 9.9.0
> database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";
> };
>
>
> named -g -d 9
> 11-Sep-2013 11:29:11.242 starting BIND 9.9.2-P1 -g -d 9
> 11-Sep-2013 11:29:11.243 built with '--prefix=/usr'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
> '--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads'
> '--enable-largefile' '--with-libtool'
'--enable-shared' '--enable-static'
> '--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld'
> '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
> 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
> 11-Sep-2013 11:29:11.243
> ----------------------------------------------------
> 11-Sep-2013 11:29:11.243 BIND 9 is maintained by Internet Systems
> Consortium,
> 11-Sep-2013 11:29:11.243 Inc. (ISC), a non-profit 501(c)(3) public-benefit
> 11-Sep-2013 11:29:11.243 corporation. Support and training for BIND 9 are
> 11-Sep-2013 11:29:11.243 available at https://www.isc.org/support
> 11-Sep-2013 11:29:11.243
> ----------------------------------------------------
> 11-Sep-2013 11:29:11.243 adjusted limit on open files from 4096 to 1048576
> 11-Sep-2013 11:29:11.243 found 2 CPUs, using 2 worker threads
> 11-Sep-2013 11:29:11.243 using 2 UDP listeners per interface
> 11-Sep-2013 11:29:11.243 using up to 4096 sockets
> 11-Sep-2013 11:29:11.244 Registering DLZ_dlopen driver
> 11-Sep-2013 11:29:11.244 Registering SDLZ driver 'dlopen'
> 11-Sep-2013 11:29:11.244 Registering DLZ driver 'dlopen'
> 11-Sep-2013 11:29:11.245 decrement_reference: delete from rbt:
> 0x7f916c147068 .
> 11-Sep-2013 11:29:11.252 loading configuration from
'/etc/bind/named.conf'
> 11-Sep-2013 11:29:11.252 reading built-in trusted keys from file
> '/etc/bind/bind.keys'
> 11-Sep-2013 11:29:11.252 set maximum stack size to 18446744073709551615:
> success
> 11-Sep-2013 11:29:11.252 set maximum data size to 18446744073709551615:
> success
> 11-Sep-2013 11:29:11.252 set maximum core size to 18446744073709551615:
> success
> 11-Sep-2013 11:29:11.253 set maximum open files to 18446744073709551615:
> success
> 11-Sep-2013 11:29:11.253 using default UDP/IPv4 port range: [1024, 65535]
> 11-Sep-2013 11:29:11.253 using default UDP/IPv6 port range: [1024, 65535]
> 11-Sep-2013 11:29:11.255 listening on IPv4 interface lo, 127.0.0.1#53
> 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create
> 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: createclients
> 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: get client
> 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create new
> 11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: clientmctx
> 11-Sep-2013 11:29:11.255 client @0x7f9160091b30: create
> 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: get client
> 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: create new
> 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: clientmctx
> 11-Sep-2013 11:29:11.256 client @0x7f916009fd40: create
> 11-Sep-2013 11:29:11.256 binding TCP socket: address in use
> 11-Sep-2013 11:29:11.256 listening on IPv4 interface eth0,
> 192.168.217.144#53
> 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create
> 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: createclients
> 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: get client
> 11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create new
> 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx
> 11-Sep-2013 11:29:11.257 client @0x7f91600af020: create
> 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: get client
> 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: create new
> 11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx
> 11-Sep-2013 11:29:11.257 client @0x7f91600bd230: create
> 11-Sep-2013 11:29:11.257 binding TCP socket: address in use
> 11-Sep-2013 11:29:11.258 generating session key for dynamic DNS
> 11-Sep-2013 11:29:11.258 sizing zone task pool based on 5 zones
> 11-Sep-2013 11:29:11.259 decrement_reference: delete from rbt:
> 0x7f916c147850 .
> 11-Sep-2013 11:29:11.259 Loading 'AD DNS Zone' using driver dlopen
> 11-Sep-2013 11:29:11.259 Loading SDLZ driver.
> 11-Sep-2013 11:29:11.277 dlz_dlopen of 'AD DNS Zone' failed
> 11-Sep-2013 11:29:11.278 SDLZ driver failed to load.
> 11-Sep-2013 11:29:11.278 DLZ driver failed to load.
> 11-Sep-2013 11:29:11.278 client @0x7f9160091b30: udprecv
> 11-Sep-2013 11:29:11.278 client @0x7f916009fd40: udprecv
> 11-Sep-2013 11:29:11.278 client @0x7f91600af020: udprecv
> 11-Sep-2013 11:29:11.279 client @0x7f91600bd230: udprecv
> 11-Sep-2013 11:29:11.279 zone_shutdown: zone 0.in-addr.arpa/IN: shutting
> down
> 11-Sep-2013 11:29:11.279 zone_shutdown: zone 127.in-addr.arpa/IN: shutting
> down
> 11-Sep-2013 11:29:11.279 zone_shutdown: zone 255.in-addr.arpa/IN: shutting
> down
> 11-Sep-2013 11:29:11.279 zone_shutdown: zone localhost/IN: shutting down
> 11-Sep-2013 11:29:11.279 calling free_rbtdb(.)
> 11-Sep-2013 11:29:11.279 done free_rbtdb(.)
> 11-Sep-2013 11:29:11.279 load_configuration: out of memory
> 11-Sep-2013 11:29:11.279 loading configuration: out of memory
> 11-Sep-2013 11:29:11.279 exiting (due to fatal error)
> --
> Robert Millott
> President, Millott and Associates
> (443) 255-3588
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
This is mine working on centos 6:
[root at s4master ~]# named -V
BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 built with
'--host=x86_64-redhat-linux-gnu'
'--build=x86_64-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--with-libtool'
'--localstatedir=/var' '--enable-threads'
'--enable-ipv6' '--with-pic'
'--disable-static' '--disable-openssl-version-check'
'--with-dlopen=yes'
'--with-dlz-ldap=yes' '--with-dlz-postgres=yes'
'--with-dlz-mysql=yes'
'--with-dlz-filesystem=yes' '--with-gssapi=/usr/include/gssapi'
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
'--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g'
'CPPFLAGS-DDIG_SIGCHASE'
using OpenSSL version: OpenSSL 1.0.0 29 Mar 2010
using libxml2 version: 2.7.6
What about "with-dlopen" and your correct path to
'--with-geoip=/usr'
-----------------------------------------------
EDV Daniel M?ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Robert Millott
Gesendet: Mittwoch, 11. September 2013 17:33
An: samba at lists.samba.org
Betreff: [Samba] Bind9 AD SDLZ driver failed to load
I installed Bind9 on a new ubuntu 13.04 server using
apt-get install bind9
and am trying to integrate AD into it. Bind starts fine and will resolve my
domain and computer names, but when I add the line include
"/usr/local/samba/private/named.conf"
into /etc/bind/named.conf, Bind9 fails to start. I have edited that file to
ensure the correct line is included for Bind 9.9, and I am not getting any
apparmor errors in my logs, but it will not start.
The last paste to this message is me running named -g -d 9 and you can see
where SDLZ failes to load, but no reason is given.
I see no useful errors, so don't know where to begin fixing it
Thanx for the help
Here is some of my configurations
named -V
BIND 9.9.2-P1 built with '--prefix=/usr'
'--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--sysconfdir=/etc/bind'
'--localstatedir=/var'
'--enable-threads' '--enable-largefile' '--with-libtool'
'--enable-shared'
'--enable-static' '--with-openssl=/usr'
'--with-gssapi=/usr'
'--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no'
'--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
using OpenSSL version: OpenSSL 1.0.1c 10 May 2012 using libxml2 version:
2.9.0
cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/usr/local/samba/private/named.conf";
cat /etc/bind/named.conf.options
options {
directory "/etc/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8; 8.8.4.4;
};
//=======================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//=======================================================================
dnssec-validation auto;
auth-nxdomain yes; # conform to RFC1035
listen-on-v6 { none; };
allow-transfer {none;};
notify no;
allow-query {
xxx.xxx.xxx.xxx/24;
// other networks you want to allow to query your DNS
};
allow-recursion {
xxx.xxx.xxx.xxx/24;
//other networks you want to allow to do recurrsive queries
};
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};
cat /usr/local/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file # # For
example with # include "/usr/local/samba/private/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema #
Uncomment only single database line, depending on your BIND version # dlz
"AD DNS Zone" {
# For BIND 9.8.0
#database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so";
# For BIND 9.9.0
database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";
};
named -g -d 9
11-Sep-2013 11:29:11.242 starting BIND 9.9.2-P1 -g -d 9
11-Sep-2013 11:29:11.243 built with '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads'
'--enable-largefile' '--with-libtool' '--enable-shared'
'--enable-static'
'--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld'
'--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
11-Sep-2013 11:29:11.243
----------------------------------------------------
11-Sep-2013 11:29:11.243 BIND 9 is maintained by Internet Systems
Consortium,
11-Sep-2013 11:29:11.243 Inc. (ISC), a non-profit 501(c)(3) public-benefit
11-Sep-2013 11:29:11.243 corporation. Support and training for BIND 9 are
11-Sep-2013 11:29:11.243 available at https://www.isc.org/support
11-Sep-2013 11:29:11.243
----------------------------------------------------
11-Sep-2013 11:29:11.243 adjusted limit on open files from 4096 to 1048576
11-Sep-2013 11:29:11.243 found 2 CPUs, using 2 worker threads
11-Sep-2013 11:29:11.243 using 2 UDP listeners per interface
11-Sep-2013 11:29:11.243 using up to 4096 sockets
11-Sep-2013 11:29:11.244 Registering DLZ_dlopen driver
11-Sep-2013 11:29:11.244 Registering SDLZ driver 'dlopen'
11-Sep-2013 11:29:11.244 Registering DLZ driver 'dlopen'
11-Sep-2013 11:29:11.245 decrement_reference: delete from rbt:
0x7f916c147068 .
11-Sep-2013 11:29:11.252 loading configuration from
'/etc/bind/named.conf'
11-Sep-2013 11:29:11.252 reading built-in trusted keys from file
'/etc/bind/bind.keys'
11-Sep-2013 11:29:11.252 set maximum stack size to 18446744073709551615:
success
11-Sep-2013 11:29:11.252 set maximum data size to 18446744073709551615:
success
11-Sep-2013 11:29:11.252 set maximum core size to 18446744073709551615:
success
11-Sep-2013 11:29:11.253 set maximum open files to 18446744073709551615:
success
11-Sep-2013 11:29:11.253 using default UDP/IPv4 port range: [1024, 65535]
11-Sep-2013 11:29:11.253 using default UDP/IPv6 port range: [1024, 65535]
11-Sep-2013 11:29:11.255 listening on IPv4 interface lo, 127.0.0.1#53
11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create
11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: createclients
11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: get client
11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: create new
11-Sep-2013 11:29:11.255 clientmgr @0x7f916c16b010: clientmctx
11-Sep-2013 11:29:11.255 client @0x7f9160091b30: create
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: get client
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: create new
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b010: clientmctx
11-Sep-2013 11:29:11.256 client @0x7f916009fd40: create
11-Sep-2013 11:29:11.256 binding TCP socket: address in use
11-Sep-2013 11:29:11.256 listening on IPv4 interface eth0,
192.168.217.144#53
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: createclients
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: get client
11-Sep-2013 11:29:11.256 clientmgr @0x7f916c16b458: create new
11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx
11-Sep-2013 11:29:11.257 client @0x7f91600af020: create
11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: get client
11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: create new
11-Sep-2013 11:29:11.257 clientmgr @0x7f916c16b458: clientmctx
11-Sep-2013 11:29:11.257 client @0x7f91600bd230: create
11-Sep-2013 11:29:11.257 binding TCP socket: address in use
11-Sep-2013 11:29:11.258 generating session key for dynamic DNS
11-Sep-2013 11:29:11.258 sizing zone task pool based on 5 zones
11-Sep-2013 11:29:11.259 decrement_reference: delete from rbt:
0x7f916c147850 .
11-Sep-2013 11:29:11.259 Loading 'AD DNS Zone' using driver dlopen
11-Sep-2013 11:29:11.259 Loading SDLZ driver.
11-Sep-2013 11:29:11.277 dlz_dlopen of 'AD DNS Zone' failed
11-Sep-2013 11:29:11.278 SDLZ driver failed to load.
11-Sep-2013 11:29:11.278 DLZ driver failed to load.
11-Sep-2013 11:29:11.278 client @0x7f9160091b30: udprecv
11-Sep-2013 11:29:11.278 client @0x7f916009fd40: udprecv
11-Sep-2013 11:29:11.278 client @0x7f91600af020: udprecv
11-Sep-2013 11:29:11.279 client @0x7f91600bd230: udprecv
11-Sep-2013 11:29:11.279 zone_shutdown: zone 0.in-addr.arpa/IN: shutting
down
11-Sep-2013 11:29:11.279 zone_shutdown: zone 127.in-addr.arpa/IN: shutting
down
11-Sep-2013 11:29:11.279 zone_shutdown: zone 255.in-addr.arpa/IN: shutting
down
11-Sep-2013 11:29:11.279 zone_shutdown: zone localhost/IN: shutting down
11-Sep-2013 11:29:11.279 calling free_rbtdb(.)
11-Sep-2013 11:29:11.279 done free_rbtdb(.)
11-Sep-2013 11:29:11.279 load_configuration: out of memory
11-Sep-2013 11:29:11.279 loading configuration: out of memory
11-Sep-2013 11:29:11.279 exiting (due to fatal error)
--
Robert Millott
President, Millott and Associates
(443) 255-3588
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Reasonably Related Threads
- BDC Clients Unable to update DNS (PTR/A)
- Please Help! Dynamic DNS just will not work: " failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure"
- FW: Internal DNS migrate to Bind9_DLZ
- help on drawing right colors within a grouped xyplot (Lattice)
- bind9, SELinux, ServFail