Re: Unable to build BIND 9.11.1 with dnstap support

2017-05-04 Thread Mark Andrews 

When testing DNSTAP I use the following

PATH=$PATH:$HOME/opt/protobuf-c/bin:$HOME/opt/fstrm/bin ./configure 
--enable-dnstap --enable-developer --with-protobuf-c=$HOME/opt/protobuf-c/ 
--with-libfstrm=$HOME/opt/fstrm CFLAGS=-g


In message <1493932859.31410.8.ca...@ns.five-ten-sg.com>, Carl Byington writes:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On Thu, 2017-05-04 at 18:01 +, greg.ra...@bt.com wrote:
> > I am trying to build BIND 9.11.1 on a CentOS 7 64-bit system,
> > including dnstap support.
> 
> You might try my .spec file, extracted from the source rpm:
> 
> http://www.five-ten-sg.com/util/bind-9.11.1-0.1.el6.src.rpm
> 
> 
> BuildRequires: GeoIP-devel, python-argparse, python-ply, perl-Net-DNS-
> Nameserver, fstrm-devel
> 
> Requires:  portreserve, GeoIP, GeoIP-update, python-argparse,
> python-ply, fstrm
> 
> 
>   --with-tuning=large \
>   --with-geoip \
>   --with-python \
>   --with-dnstap \
> 
> 
> Or just rebuild that source rpm on el7 with:
> 
> rpmbuild --rebuild --define 'dist .el7' \
> bind-9.11.1-0.1.el6.src.rpm
> 
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.14 (GNU/Linux)
> 
> iEYEAREKAAYFAlkLmzQACgkQL6j7milTFsHOzQCaAkDBZ2qWR7eUT8PkkOvV/JjP
> mWwAn08WZp8Pj01t8/DcntrWyWSslywG
> =swBT
> -END PGP SIGNATURE-
> 
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to build BIND 9.11.1 with dnstap support

2017-05-04 Thread Carl Byington 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thu, 2017-05-04 at 18:01 +, greg.ra...@bt.com wrote:
> I am trying to build BIND 9.11.1 on a CentOS 7 64-bit system,
> including dnstap support.

You might try my .spec file, extracted from the source rpm:

http://www.five-ten-sg.com/util/bind-9.11.1-0.1.el6.src.rpm


BuildRequires: GeoIP-devel, python-argparse, python-ply, perl-Net-DNS-
Nameserver, fstrm-devel

Requires:  portreserve, GeoIP, GeoIP-update, python-argparse,
python-ply, fstrm


  --with-tuning=large \
  --with-geoip \
  --with-python \
  --with-dnstap \


Or just rebuild that source rpm on el7 with:

rpmbuild --rebuild --define 'dist .el7' \
bind-9.11.1-0.1.el6.src.rpm


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlkLmzQACgkQL6j7milTFsHOzQCaAkDBZ2qWR7eUT8PkkOvV/JjP
mWwAn08WZp8Pj01t8/DcntrWyWSslywG
=swBT
-END PGP SIGNATURE-


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Unable to build BIND 9.11.1 with dnstap support

2017-05-04 Thread greg.rabil 
Hello Bind Users,
I am trying to build BIND 9.11.1 on a CentOS 7 64-bit system, including dnstap 
support.  I have followed the instructions here - 
https://kb.isc.org/article/AA-01342/0/Using-DNSTAP-with-BIND-9.11.html to build 
protobuf, protobuf-c, and fstrm.  I am also building with support for OpenSSL 
and GeoIP.  Each of the dependent packages have been configured with a 
non-standard location using -prefix in the respective configure scripts.  All 
packages built and installed correctly in the following directories on my build 
machine:

/opt/work/test/protobuf  (v3.3.0)
/opt/work/test/protobuf-c  (v1.2.1)
/opt/work/test/fstrm  (v0.3.2)
/opt/work/test/ssl (v1.0.2k)
/opt/work/test/geoip (v1.6.10)


Here are the configure options I am providing for BIND 9.11.1:

./configure --enable-ipv6 --enable-filter- --enable-largefile 
--enable-fixed-rrset --enable-threads --enable-dnstap --enable-shared=no 
--enable-full-report --with-dlopen=no --with-openssl=/opt/work/test/ssl 
--with-geoip=/opt/work/test/geoip --with-protobuf-c=/opt/work/test/protobuf-c 
--with-libfstrm=/opt/work/test/fstrm --without-gssapi 
--prefix=/opt/work/test/dns

This configure fails with the following:
<...snip...>
checking architecture type for atomic operations... x86_64
checking compiler support for inline assembly code... gcc
checking compiler support for __builtin_expect... yes
checking compiler support for __builtin_clz... yes
checking if asm("rep; nop"); works... yes
checking for fstrm_capture... no
checking for protoc-c... no
configure: error: The protoc-c program was not found.

Even though I have specified the proper locations for protobuf-c and fstrm, it 
does not seem to find the binaries that exist:

# ls /opt/work/test/fstrm/
bin  include  lib

# ls /opt/work/test/fstrm/bin
fstrm_capture  fstrm_dump

# ls /opt/work/test/protobuf-c
bin  include  lib

# ls /opt/work/test/protobuf-c/bin
protoc-c


Has anyone else been successful building BIND 9.11.1 with dnstap support with 
dependencies installed in non-standard location?  I have tried this on both a 
CentOS 7 and RHEL 7 machine with the same results.  Any suggestions to resolve 
this build problem would be welcome.

Thanks,
Greg
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind 9.9.4 DLZ LDAP , error in config file named.conf

2017-05-04 Thread Petr Mensik 
Dear Enrico,

I have never configured DLZ zone myself.
There is clear error: all nodes query must specify a search base
I think it did not parse some query uri well. Could you add at least -d 1 to 
OPTIONS in /etc/sysconfig/named and retry?
It will provide more details about query before it fails.

Just to be sure, do you really want ou=dns,dc=priv for lines 1 and 2, but 
ou=dns,o=bind-dlz for lines 3 and 4? Are your data split between them?

Best regards,
Petr
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com  PGP: 65C6C973

- Original Message -
From: "Enrico Becchetti Gmail" 
To: bind-users@lists.isc.org
Sent: Wednesday, May 3, 2017 10:16:47 AM
Subject: Bind 9.9.4 DLZ LDAP , error in config file named.conf

Dear All, let me explain my issue. 
I've CentOS 5.5 with Bind version 9.6.1 and the most important item for this 
setup 
is the integration with Ldap throught DLZ. So as you can imagine I've 
named.conf 
with ldap servers but I haven't any zone file because all informations 
about hostname and IP are inside Ldap. 
In the following my named.conf file: 

options { 
directory "/var/named"; 

listen-on-v6 { none; }; 
listen-on { 127.0.0.1; .. 
omissis 
 
pid-file "/var/run/named/named.pid"; 
}; 
. 
dlz "ldap zone" { 
database "ldap 1 v3 simple {cn=Sync,dc=priv} {PASSWORD} {10.0.0.1} 
ldap:///dlzZoneName=%zone%,ou=dns,dc=priv???objectClass=dlzZone 
ldap:///dlzHostName=%record%,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa)))
 
ldap:///dlzHostName=@,dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa))
 
ldap:///dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))
 "; 
}; 

Ldap server is OpenLdap 2.4.11 with DLZ schema, with this setup name resolution 
for zones "*.PRIV" works fine. 

This server is up and running from many years but now I need to update to 
Centos 7, but 
with this OS update I also migrate to Bind 9.9.4 included in the last Centos 
and this is my problem ! 

Bind 9.9.4 with named.conf describe above failed during startup. When I make 
"systemctl start named.sdb" 
I've this error: 

Job for named-sdb.service failed because the control process exited with error 
code. See "systemctl status named-sdb.service" and "journalctl -xe" for 
details. 

/var/log/messages: 

May 3 10:11:53 privgw systemd: Starting Generate rndc key for BIND (DNS)... 
May 3 10:11:53 privgw systemd: Started Generate rndc key for BIND (DNS). 
May 3 10:11:53 privgw systemd: Starting Berkeley Internet Name Domain (DNS)... 
May 3 10:11:53 privgw bash: zone localhost/IN: loaded serial 2002081601 
May 3 10:11:53 privgw bash: zone 127.in-addr.arpa/IN: loaded serial 2002081601 
May 3 10:11:53 privgw named-sdb[5307]: starting BIND 
9.9.4-RedHat-9.9.4-38.el7_3.3 -u named 
May 3 10:11:53 privgw named-sdb[5307]: built with 
'--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' 
'--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' 
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' 
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' 
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' 
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' 
'--localstatedir=/var' '--enable-threads' '--with-geoip' '--enable-ipv6' 
'--enable-filter-' '--enable-rrl' '--with-pic' '--disable-static' 
'--disable-openssl-version-check' '--enable-exportlib' 
'--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' 
'--includedir=/usr/include/bind9' '--enable-native-pkcs11' 
'--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' 
'--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' 
'--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' 
'--disable-isc-spnego' '--enable-fixed-rrset' 
'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 
'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 
'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 
-mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE' 
May 3 10:11:53 privgw named-sdb[5307]: 
 
May 3 10:11:53 privgw named-sdb[5307]: BIND 9 is maintained by Internet Systems 
Consortium, 
May 3 10:11:53 privgw named-sdb[5307]: Inc. (ISC), a non-profit 501(c)(3) 
public-benefit 
May 3 10:11:53 privgw named-sdb[5307]: corporation. Support and training for 
BIND 9 are 
May 3