[Freeipa-users] Re: zone_journal_compact: could not get zone size: not found

[Alexander Bokovoy via FreeIPA-users]

On Аўт, 09 ліп 2024, Kees Bakker via FreeIPA-users wrote:

Hi,

At the moment I have three FreeIPA systems (replicas), recently
installed with CentOS 9-Stream.
All three of these show this message at irregular intervals.

Jul 03 07:50:44 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:50:51 iparep5.example.com named[541]: zone 16.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:51:03 iparep5.example.com named[541]: zone 17.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:51:34 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:52:12 iparep5.example.com named[541]: zone 30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:03:51 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:04:52 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:06:30 iparep5.example.com named[541]: zone 30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:18:42 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:20:19 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:26:23 iparep5.example.com named[541]: zone 30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:34:12 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:34:50 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found

After posting this on the bind-users mailing list I did a bit more debugging. It turns out that the message is caused by the fact that bind-dyndb-ldap does not implement the getsize method. Now why didn't I see this message on my CentOS 8-Stream system? Well, it is because the bind package went from 9.11.26 to 9.16.23. In that newer version a new function zone_journal_compact was added which does the following:

zone.c:
journalsize= zone->journalsize;
if(journalsize== -1) {
journalsize= DNS_JOURNAL_SIZE_MAX;
dns_db_currentversion(db, &ver);
result= dns_db_getsize(db, ver, NULL, &dbsize);
dns_db_closeversion(db, &ver, false);
if(result!= ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR,
"zone_journal_compact: "
"could not get zone size: %s",
isc_result_totext(result));
} elseif(dbsize< DNS_JOURNAL_SIZE_MAX/ 2) {
journalsize= (int32_t)dbsize* 2;
}
}
and dns_db_getsize executes this:
isc_result_t
dns_db_getsize(dns_db_t*db, dns_dbversion_t*version, uint64_t*records,
uint64_t*bytes) {
REQUIRE(DNS_DB_VALID(db));
REQUIRE(dns_db_iszone(db));
if(db->methods->getsize!= NULL) {
return((db->methods->getsize)(db, version, records, bytes));
}
return(ISC_R_NOTFOUND);
}

However, the getsize method is not implemented. Thus you'll get the above mentioned messages. I'm surprised that nobody reported this. Everybody with FreeIPA + DNS + CentOS 9-Stream should be getting these messages. The messages are colored in red in journalctl, as if this is a serious problem. Is it? Or can I ignore this message? -- Kees

Thanks for the analysis. Judging by the code, it is supposed to tell how
many records are in the database and what is their total size in bytes.
This is used in zone maintenance, mostly for zone journal handling. The
latter has less need for bind-dyndb-ldap -backed zones because their
content is not stored locally (in DB files) and can be modified outside
of Bind anyway, so journal data is not valid for it.

Bind expects that some backends might have no getsize() method -- there
are few internal backends such as caches that have no getsize()
implementation. So it is not really a requirement.

The message in zone_journal_compact() would really best be a warning,
not an error.


--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland

--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue