Re: Unable to build BIND 9.11.1 with dnstap support
When testing DNSTAP I use the following PATH=$PATH:$HOME/opt/protobuf-c/bin:$HOME/opt/fstrm/bin ./configure --enable-dnstap --enable-developer --with-protobuf-c=$HOME/opt/protobuf-c/ --with-libfstrm=$HOME/opt/fstrm CFLAGS=-g In message <1493932859.31410.8.ca...@ns.five-ten-sg.com>, Carl Byington writes: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Thu, 2017-05-04 at 18:01 +, greg.ra...@bt.com wrote: > > I am trying to build BIND 9.11.1 on a CentOS 7 64-bit system, > > including dnstap support. > > You might try my .spec file, extracted from the source rpm: > > http://www.five-ten-sg.com/util/bind-9.11.1-0.1.el6.src.rpm > > > BuildRequires: GeoIP-devel, python-argparse, python-ply, perl-Net-DNS- > Nameserver, fstrm-devel > > Requires: portreserve, GeoIP, GeoIP-update, python-argparse, > python-ply, fstrm > > > --with-tuning=large \ > --with-geoip \ > --with-python \ > --with-dnstap \ > > > Or just rebuild that source rpm on el7 with: > > rpmbuild --rebuild --define 'dist .el7' \ > bind-9.11.1-0.1.el6.src.rpm > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.14 (GNU/Linux) > > iEYEAREKAAYFAlkLmzQACgkQL6j7milTFsHOzQCaAkDBZ2qWR7eUT8PkkOvV/JjP > mWwAn08WZp8Pj01t8/DcntrWyWSslywG > =swBT > -END PGP SIGNATURE- > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Unable to build BIND 9.11.1 with dnstap support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2017-05-04 at 18:01 +, greg.ra...@bt.com wrote: > I am trying to build BIND 9.11.1 on a CentOS 7 64-bit system, > including dnstap support. You might try my .spec file, extracted from the source rpm: http://www.five-ten-sg.com/util/bind-9.11.1-0.1.el6.src.rpm BuildRequires: GeoIP-devel, python-argparse, python-ply, perl-Net-DNS- Nameserver, fstrm-devel Requires: portreserve, GeoIP, GeoIP-update, python-argparse, python-ply, fstrm --with-tuning=large \ --with-geoip \ --with-python \ --with-dnstap \ Or just rebuild that source rpm on el7 with: rpmbuild --rebuild --define 'dist .el7' \ bind-9.11.1-0.1.el6.src.rpm -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlkLmzQACgkQL6j7milTFsHOzQCaAkDBZ2qWR7eUT8PkkOvV/JjP mWwAn08WZp8Pj01t8/DcntrWyWSslywG =swBT -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Unable to build BIND 9.11.1 with dnstap support
Hello Bind Users, I am trying to build BIND 9.11.1 on a CentOS 7 64-bit system, including dnstap support. I have followed the instructions here - https://kb.isc.org/article/AA-01342/0/Using-DNSTAP-with-BIND-9.11.html to build protobuf, protobuf-c, and fstrm. I am also building with support for OpenSSL and GeoIP. Each of the dependent packages have been configured with a non-standard location using -prefix in the respective configure scripts. All packages built and installed correctly in the following directories on my build machine: /opt/work/test/protobuf (v3.3.0) /opt/work/test/protobuf-c (v1.2.1) /opt/work/test/fstrm (v0.3.2) /opt/work/test/ssl (v1.0.2k) /opt/work/test/geoip (v1.6.10) Here are the configure options I am providing for BIND 9.11.1: ./configure --enable-ipv6 --enable-filter- --enable-largefile --enable-fixed-rrset --enable-threads --enable-dnstap --enable-shared=no --enable-full-report --with-dlopen=no --with-openssl=/opt/work/test/ssl --with-geoip=/opt/work/test/geoip --with-protobuf-c=/opt/work/test/protobuf-c --with-libfstrm=/opt/work/test/fstrm --without-gssapi --prefix=/opt/work/test/dns This configure fails with the following: <...snip...> checking architecture type for atomic operations... x86_64 checking compiler support for inline assembly code... gcc checking compiler support for __builtin_expect... yes checking compiler support for __builtin_clz... yes checking if asm("rep; nop"); works... yes checking for fstrm_capture... no checking for protoc-c... no configure: error: The protoc-c program was not found. Even though I have specified the proper locations for protobuf-c and fstrm, it does not seem to find the binaries that exist: # ls /opt/work/test/fstrm/ bin include lib # ls /opt/work/test/fstrm/bin fstrm_capture fstrm_dump # ls /opt/work/test/protobuf-c bin include lib # ls /opt/work/test/protobuf-c/bin protoc-c Has anyone else been successful building BIND 9.11.1 with dnstap support with dependencies installed in non-standard location? I have tried this on both a CentOS 7 and RHEL 7 machine with the same results. Any suggestions to resolve this build problem would be welcome. Thanks, Greg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind 9.9.4 DLZ LDAP , error in config file named.conf
Dear Enrico, I have never configured DLZ zone myself. There is clear error: all nodes query must specify a search base I think it did not parse some query uri well. Could you add at least -d 1 to OPTIONS in /etc/sysconfig/named and retry? It will provide more details about query before it fails. Just to be sure, do you really want ou=dns,dc=priv for lines 1 and 2, but ou=dns,o=bind-dlz for lines 3 and 4? Are your data split between them? Best regards, Petr -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: 65C6C973 - Original Message - From: "Enrico Becchetti Gmail"To: bind-users@lists.isc.org Sent: Wednesday, May 3, 2017 10:16:47 AM Subject: Bind 9.9.4 DLZ LDAP , error in config file named.conf Dear All, let me explain my issue. I've CentOS 5.5 with Bind version 9.6.1 and the most important item for this setup is the integration with Ldap throught DLZ. So as you can imagine I've named.conf with ldap servers but I haven't any zone file because all informations about hostname and IP are inside Ldap. In the following my named.conf file: options { directory "/var/named"; listen-on-v6 { none; }; listen-on { 127.0.0.1; .. omissis pid-file "/var/run/named/named.pid"; }; . dlz "ldap zone" { database "ldap 1 v3 simple {cn=Sync,dc=priv} {PASSWORD} {10.0.0.1} ldap:///dlzZoneName=%zone%,ou=dns,dc=priv???objectClass=dlzZone ldap:///dlzHostName=%record%,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa))) ldap:///dlzHostName=@,dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa)) ldap:///dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa))) "; }; Ldap server is OpenLdap 2.4.11 with DLZ schema, with this setup name resolution for zones "*.PRIV" works fine. This server is up and running from many years but now I need to update to Centos 7, but with this OS update I also migrate to Bind 9.9.4 included in the last Centos and this is my problem ! Bind 9.9.4 with named.conf describe above failed during startup. When I make "systemctl start named.sdb" I've this error: Job for named-sdb.service failed because the control process exited with error code. See "systemctl status named-sdb.service" and "journalctl -xe" for details. /var/log/messages: May 3 10:11:53 privgw systemd: Starting Generate rndc key for BIND (DNS)... May 3 10:11:53 privgw systemd: Started Generate rndc key for BIND (DNS). May 3 10:11:53 privgw systemd: Starting Berkeley Internet Name Domain (DNS)... May 3 10:11:53 privgw bash: zone localhost/IN: loaded serial 2002081601 May 3 10:11:53 privgw bash: zone 127.in-addr.arpa/IN: loaded serial 2002081601 May 3 10:11:53 privgw named-sdb[5307]: starting BIND 9.9.4-RedHat-9.9.4-38.el7_3.3 -u named May 3 10:11:53 privgw named-sdb[5307]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--with-geoip' '--enable-ipv6' '--enable-filter-' '--enable-rrl' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--enable-fixed-rrset' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE' May 3 10:11:53 privgw named-sdb[5307]: May 3 10:11:53 privgw named-sdb[5307]: BIND 9 is maintained by Internet Systems Consortium, May 3 10:11:53 privgw named-sdb[5307]: Inc. (ISC), a non-profit 501(c)(3) public-benefit May 3 10:11:53 privgw named-sdb[5307]: corporation. Support and training for BIND 9 are May 3