Hello Kishore, It is not so simple. What was merged into BIND 9.11 is only dynamic database API, that is bind-dyndb-ldap using. That dynamic database does not store any permanent data, it is only interface other plugins can use. That means dynamic_db provided by custom patch for RHEL and Fedora was merged upstream WITH changes. It changed name and syntax of configuration, so you have to modify it.
But you still have to use bind-dyndb-ldap plugin to use LDAP backend in BIND. And that plugin is not supported by ISC, see https://fedorahosted.org/bind-dyndb-ldap/. Unfortunately there is plugin in rawhide with support for new API of BIND 9.11, but it requires OpenSSL 1.1 as well. There is not yet bind-dyndb-ldap that supports both current dyndb and older OpenSSL. I suggest to use older BIND server now with custom patches for dynamic_db. You would have to backport some code to run last release. Correct path on Fedora is /usr/lib64/bind/ldap.so (bind-dyndb-ldap package). /usr/lib64/libldap.so is something completely different, that will never work in BIND. -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: 65C6C973 ----- Original Message ----- From: "ramkishore b" <ramkishor...@gmail.com> To: comp-protocols-dns-b...@isc.org Sent: Tuesday, December 13, 2016 6:22:09 PM Subject: Re: ISC Bind 9.11 and dyndb-ldap On Monday, October 17, 2016 at 7:23:34 AM UTC+5:30, Pallissard, Matt wrote: > Has anyone successfully used LDAP as a dynamic back-end for bind 9.11? > > > > Unless I'm reading the release notes/new features pages incorrectly the > bind-dyndb-ldap plugin has been rolled into ISC's official release and I > shouldn't have to mess around with patching/building it from source. > > > > > Yet I get the following errors upon startup; > > > > named[9937]: loading configuration from '/etc/named.conf' > named[9937]: /etc/named.conf:23: unknown option 'dynamic-db' > named[9937]: loading configuration: failure > named[9937]: exiting (due to fatal error) > systemd[1]: named.service: Main process exited, code=exited, status=1/FAILURE > > > > > I'm using the package provided by Arch Linux and can provide the flags the > bind package was compiled with if those are relevant. > > > > Any advice would be greatly appreciated. > > > > > > Matt Pallissard Hello Matt Pallissard , Have you succeeded in using LDAP as a dynamic back-end for bind 9.11? We are getting below errors while trying to make bind initialization with dyndb. loading DynDB instance 'ldap_dyndb' driver '/usr/lib64/libldap.so' failed to lookup symbol dyndb_version in dyndb module '/usr/lib64/libldap.so': /usr/lib64/libldap.so: undefined symbol: dyndb_version failed to dynamically load instance 'ldap_dyndb' driver '/usr/lib64/libldap.so': (null) (failure) dynamic database 'ldap_dyndb' configuration failed: failure loading configuration: failure exiting (due to fatal error) The configuration details related to bind in named.conf file is as below. dyndb ldap_dyndb "/usr/lib64/libldap.so" { uri "ldap://10.12.42.113";; base "cn=dns, dc=example, dc=com"; }; We are using bind 9.11 version package in RHEL 7.2 and have few queries as below. - We used the default RHEL "/usr/lib64/libldap.so" shared library in the above configuration. Is this correct? Is there any customized ldap.so file to be used for bind 9.11. - Are there any specific configure options to be enabled while compiling bind ? Any inputs are highly appreciated and Thanks in advance. Thanks, Kishore. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
