Hi Rowland, I found this on an ubuntu forum site (https://askubuntu.com/questions/630875/how-to-install-bind9-with-dlz-ubuntu-server-14-04). I verified it with Google Gemini. It is not supported out of the box. I've spent a week trying to get bind9 to work with dlz but it seems to crash every time I put in DLZ config on named.local.conf as it does not recognize the configs. Only workaround is to compile bind with dlz. I don't plan to compile it on my own as I need to be wary of any patching that can impact it.
Jose -----Original Message----- From: Rowland Penny <rpenny241...@gmail.com> Sent: Monday, September 23, 2024 4:33 AM To: lam-public@lists.sourceforge.net Subject: Re: [Lam-public] LDAP DNS issue Could I ask where Jose found the information that Ubuntu had dropped support for DLZ ? This worried me, I had heard nothing of this, so I did some checking, Samba with Bind9 relies on DLZ. I can find nothing that says Ubuntu (or Bind) have dropped DLZ, what I did find was that Ubuntu have removed the bind-dyndb-ldap package as it appears to be broken: https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2078003 Rowland Penny Samba team member On 21/09/2024 20:15, Jose Antonio Baduria Jr via Lam-public wrote: > Hi, > > I just found out that that bind9 in ubuntu dropped support for DLZ. Could > be the same thing with redhat. It now uses dyndb. Would LDAP manager support > it? I tried power dns but I am facing the same issue. The documentation for > powerdns for LAM is very scant? How can I create a zone for powerdns? I can > do it with Bind DNS with New Zone. > > Thanks, > Jose > > -----Original Message----- > From: Roland Gruber <p...@rolandgruber.de> > Sent: Friday, September 20, 2024 1:35 PM > To: lam-public@lists.sourceforge.net > Subject: Re: [Lam-public] LDAP DNS issue > > Hi Jose, > > is nslookup contacting your server at all? You should see its IP address in > the output. > I suggest to continue investigation on the Bind user mailinglist as this goes > more into direction of configuring Bind itself. Here you will find more > experts for this topic: > > https://lists.isc.org/mailman/listinfo/bind-users > > > Best regards > Roland > > > Am 20.09.24 um 14:43 schrieb Jose Antonio Baduria Jr via Lam-public: >> Hi, >> >> I activated logging. I do see some slapd messages but when I do the >> nslookup, I don't see any slapd logs. It is not communicating to ldap? >> >> # ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" "(olcLogLevel=*)" >> SASL/EXTERNAL authentication started >> SASL username: >> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >> SASL SSF: 0 >> # extended LDIF >> # >> # LDAPv3 >> # base <cn=config> with scope subtree # filter: (olcLogLevel=*) # >> requesting: ALL # >> >> # config >> dn: cn=config >> objectClass: olcGlobal >> cn: config >> olcArgsFile: /var/run/slapd/slapd.args >> olcLogLevel: stats >> olcPidFile: /var/run/slapd/slapd.pid >> olcToolThreads: 1 >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 2 >> # numEntries: 1 >> >> -----Original Message----- >> From: Roland Gruber <p...@rolandgruber.de> >> Sent: Friday, September 20, 2024 1:38 AM >> To: lam-public@lists.sourceforge.net >> Subject: Re: [Lam-public] LDAP DNS issue >> >> Hi Jose, >> >> please activate logging on LDAP server side to see which queries are >> performed on LDAP-side. Then you can check why they do not return results. >> >> Log level (olcLogLevel in /etc/ldap/slapd.d/cn=config.ldif) for OpenLDAP >> should be e.g. "stats". >> >> >> Best regards >> Roland >> >> >> >> Am 20.09.24 um 01:08 schrieb Jose Antonio Baduria Jr via Lam-public: >>> Hi, >>> >>> I have setup openldap as a dns server. I have set up a ldap backend >>> using bind9-dyndb-ldap. dig works but somehow nslookup fails. >>> >>> I do see the following issue on the logs: >>> >>> Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master zones >>> from LDAP instance 'ldap' loaded (0 zones defined, 0 inactive, 0 >>> failed to >>> load) Sep 19 22:32:25 sdc-ops-openldap01 named[260087]: 0 master >>> zones is suspicious number, please check access control instructions >>> on LDAP server >>> >>> root@sdc-ops-openldap01:/etc/bind# nslookup >>> sdc-ops-for01.bd.internal ;; Got SERVFAIL reply from 10.32.183.11, >>> trying next server >>> >>> ** server can't find sdc-ops-for01.bd.internal: NXDOMAIN >>> >>> root@sdc-ops-openldap01:/etc/bind# dig @10.32.183.11 sdc-ops-for01 >>> >>> ; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> @10.32.183.11 >>> sdc-ops-for01 ; (1 server found) ;; global options: +cmd ;; Got >>> answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27733 ;; flags: >>> qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >>> >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: >>> 89af8b62d831e3d70100000066ecae50cc3e47461128b789 (good) ;; QUESTION >>> SECTION: >>> ;sdc-ops-for01. IN A >>> >>> ;; Query time: 324 msec >>> ;; SERVER: 10.32.183.11#53(10.32.183.11) (UDP) ;; WHEN: Thu Sep 19 >>> 23:05:52 UTC 2024 ;; MSG SIZE rcvd: 70 >>> >>> >>> root@sdc-ops-openldap01:/etc/bind# ldapsearch -x -H ldap://10.32.183.11 -P >>> 3 -LLL -b "dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc=internal" >>> "(objectClass=dlzSOARecord)" >>> dn: >>> dlzRecordID=1,dlzHostName=@,dlzZoneName=bd.internal,ou=dns,dc=bd,dc= >>> i >>> ntern >>> al >>> objectClass: top >>> objectClass: dlzSOARecord >>> dlzRecordID: 1 >>> dlzHostName: @ >>> dlzType: SOA >>> dlzSerial: 1 >>> dlzRefresh: 2800 >>> dlzRetry: 7200 >>> dlzExpire: 604800 >>> dlzMinimum: 86400 >>> dlzAdminEmail: root.example.com. >>> dlzTTL: 1209600 >>> dlzPrimaryNS: sdc-ops-openldap01.bd.internal. >>> >>> >>> /etc/bind/named.conf >>> >>> dyndb "ldap" "/usr/lib/bind/ldap.so" { >>> uri "ldap://10.32.183.11";; >>> base "ou=dns,dc=bd,dc=internal"; >>> auth_method "simple"; >>> bind_dn "cn=admin,dc=bd,dc=internal"; >>> password "PASSWORD"; >>> }; >>> >>> Not sure what the issue is. Any ideas? >>> >>> Thanks, >>> Jose >>> >>> >>> >>> _______________________________________________ >>> Lam-public mailing list >>> Lam-public@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/lam-public >> >> _______________________________________________ >> Lam-public mailing list >> Lam-public@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/lam-public >> >> >> _______________________________________________ >> Lam-public mailing list >> Lam-public@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/lam-public > > _______________________________________________ > Lam-public mailing list > Lam-public@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lam-public > > > _______________________________________________ > Lam-public mailing list > Lam-public@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lam-public _______________________________________________ Lam-public mailing list Lam-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lam-public _______________________________________________ Lam-public mailing list Lam-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lam-public
