Re: 9.18 horrendous
Hoi All, Everybody is free to act as he or she sees fit. However, do not expect to be treated beter then you treat others. The fact that this is free software is within the context of this discussion irrelevant. If you want to be treated as a human being, treat others as such. Be always polite! If at least you want to get any result,... other then release of your frustration and getting baned for it. Friday, August 23, 2024, 10:28:22 PM, you wrote: > I get the point you're trying to make. I just don't think a > volunteer crosswalk and a car accident is an appropriate analogy for open > source software. > The whole point of open source software is that you as a user get > software for free and if something goes wrong you are free to > collaborate to fix it or stop using it. That's it. There is no room for > anything else. > Complaining about the quality of software you did not pay for or > even test before putting it in production seems illogical to me > especially if you are given the tools to fix it. > On Fri, Aug 23, 2024 at 3:51 PM Marc wrote: > I don't think you got the point. Can it be you are working on 9.18? ;P > > Luckily legislation is different and your kid is being protected > from such bad behaviour. If some volunteer is helping your kid cross > the road and it gets hit, he is as liable as any other person (if he fucked > up) > > So doing something for free is not an excuse to be allowed to fuck up or > irresponsible. > > >> >> My kid would know better than to take free candy. And if he did he would >> know there is a risk involved for which only he would be responsible. >> >> On Fri, Aug 23, 2024 at 3:12 PM Marc >> >> >> > >> > That being said. It's preposterous to complain about free >> software. >> > >> > >> >> So if some store owner gives your kid candy that previously fell on >> the floor, you are not complaining because it was for free ? >> > > Tot mails, bind userlist mailto:bind-users@lists.isc.org "Zonder hoop kun je niet leven Zonder leven is er geen hoop Het eeuwige dilemma Zeker als je hoop moet vernietigen om te kunnen overleven!" De lerende Mens -- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master file permission denied
Hoi Daniel, How about setting ownership correctly. I see a mix of ownerships and to my knowledge it should all be owned by bind.bind. Not root.bind or root.root or bind.root. And then you can reset permissions on the files back to 644 or 640. For the directories it should be 755 or 750. (As to linux a directory is a file the x is needed to parse(execute) it.) Thus giving the bind user and only the bind user (and root) exclusive write access. Whether you want them world readable is a matter of preference, I don't think it is needed. Any user needing read access should be made member of the bind group. Thursday, June 29, 2023, 11:48:37 PM, you wrote: > And you were right... > Since the zone was not being signed, I enabled the logs for > dnssec, and found this error message: > > dnssec: zone unau.edu.ar/IN (signed): > zone_rekey:dns_dnssec_keymgr failed: error occurred writing key to disk > dnssec: zone unau.edu.ar/IN (signed): zone_rekey failure: > error occurred writing key to disk (retry in 600 seconds) > >So, to bypass it had to change permissions of my > /var/cache/bind/keys directory to rwxrwxr-- (774) and all the files > therein to rw-rw-r-- (664). > > > > > One step closer, thanks to all :-). Best regards > > > > > > > El 29/6/23 a las 03:16, Matthijs Mekking escribió: > > I suspect permissions on the key-directory are not yet correct: > > key-directory "/var/cache/bind/keys"; > >On 6/28/23 22:35, Daniel Armando Rodriguez via bind-users wrote: > > However, as soon as I added this > > dnssec-policy "default"; > inline-signing yes; > > Error came up again :-( > > > Tot mails, bind userlist mailto:bind-users@lists.isc.org "Zonder hoop kun je niet leven Zonder leven is er geen hoop Het eeuwige dilemma Zeker als je hoop moet vernietigen om te kunnen overleven!" De lerende Mens -- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Proposal to adopt a Code of Conduct for the list
Hoi Victoria, It is sad that the obvious must be stated. I fully agree. Tot mails, bind userlistmailto:hika...@gmail.com "Zonder hoop kun je niet leven Zonder leven is er geen hoop Het eeuwige dilemma Zeker als je hoop moet vernietigen om te kunnen overleven!" De lerende Mens -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Stopping name server abuse
Hi All, I doubt any legal action would have any chance, of cause depending on the country's law your using. The server is publicly accessible. It's like prosecuting somebody for knocking on your public front door to ask the way. (or for that matter salespeople) You only might have a chance to put it on harassment if he is doing it all the time. Hika ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: baby steps...
Hoi Adam, If you're running Linux and I do not know if it works on all distros, add a text file in /etc named "resolv.conf.head" and put in there: nameserver 127.0.0.1 It should put the lines in there at the start of your resolv.conf after getting the info through dhcp. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: baby steps...
Hoi Adam,
Thursday, March 22, 2018, 3:53:45 PM, you wrote:
> On Thursday, March 22, 2018 01:37 GMT, Mark Andrews wrote:
>> > I set up my SOHO server to be a router/gateway to the net, firewall, DHCP
>> > server, DNS server and backup server for my lan.
>> >
>> > I set up bind9 and isc-dhcp to support DDNS, but I am struggling to get
>> > hostname resolution working on the server for the lan clients.
>> >
>> > The server has two NICs - one for lan on 192.168.0.3, and one that obtains
>> > its public IP address via pppoe from the broadband provider (which
>> > shouldn't be serving DNS outwards but needs configuring not to).
>>
>> options {
>> listen-on { 198.158/16; 127.0.0.1; };
>> listen-on-v6 { ; ::1; };
>> };
> So that will tell bind to serve 127.0.0.1, but don't I need to
> configure linux to go to 127.0.0.1 for DNS, since at the moment it
> isn't, according to resolv.conf, it's going to the OpenDNS servers:
> adam@gondor:~$ cat /etc/resolv.conf
> nameserver 81.139.56.100
> nameserver 81.139.57.100
> domain localdomain
> search localdomain
> adam@gondor:~$
> and that is generated by pppd when it connects. I'm guessing now
> but presumably I have to tell pppd to add 127.0.0.1 to the other
> nameservers - the server wants to see the lan as well as the outside world.
> Regards
> Adam
So you configure your lan-side NIC to use localhost (or its own
ip-address) as first dns. Nothing to do with bind.
Tot mails,
bind userlistmailto:hika...@gmail.com
"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"
De lerende Mens
--
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: STOP IT
Hoi Hika, Saturday, September 2, 2017, 6:38:46 AM, you wrote: > Hoi Reindl, > Sorry if you feel insulted. It's the last thing I ment. > I notice on regularly base missing messages. > People just press reply and if the people on the list have not set up > their account te set a reply to go to the list , it does not come to > the list. Basic list etticets. Sorry > Saturday, September 2, 2017, 6:17:12 AM, you wrote: >> Am 02.09.2017 um 06:10 schrieb Hika van den Hoven: >>> Hoi Reindl, >>> >>> Saturday, September 2, 2017, 6:05:11 AM, you wrote: >>> >>>> stop your fucking offlist copies IDIOT >>> >>> >>> I do not know why you get so fucked up, but you are speaking your own >>> name! >> because i don't understand idiots which try to educate others about how >> to use a maling-list when they are fucking too stupid to do it at their own >> * your idiotic reply-all leads to *two* mails >> * our mailserver deletes duplicates >> * your off-list copy arrives first >> * that one don#t contain list headers >> * so thearding in mail-archives get broken because every response >>of me starts a new thread >> and if you are not capable how to reply to a list JUST FUCK YORSELF BUT >> DON'T TELL OTHERS ABOUT THING YOU DON'T UNDERSTAND AT YOUR OWN > Tot mails, > Hika Alina Maria van den Hoven > mailto:hika...@gmail.com > "Zonder hoop kun je niet leven > Zonder leven is er geen hoop > Het eeuwige dilemma > Zeker als je hoop moet vernietigen om te kunnen overleven!" > De lerende Mens > -- Tot mails, Hika Alina Maria van den Hoven mailto:hika...@gmail.com "Zonder hoop kun je niet leven Zonder leven is er geen hoop Het eeuwige dilemma Zeker als je hoop moet vernietigen om te kunnen overleven!" De lerende Mens -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ListDisipine
Hoi Reindl, You do not even yourself follow basic discipline. The list is NOT your reply address Saturday, September 2, 2017, 5:20:00 AM, you wrote: > Am 02.09.2017 um 05:05 schrieb Hika van den Hoven: >>I follow this list for some time and I have noticed a complete lack >>of list discipline,. Half of the messages are lost and a lot of the >>rest is lost again, because people do not either account the list >>primarily or forget they are talking to a list. >>I account any maintainer!?? if any? > and how should any "maintainer" fix users which are not capable to > operate a mailclient given that some even don't change their behavior > even if you call them names after the 3rd off-list reply where you each > time explain "RESPOND TO THE LIST WHEN YOU GOT A RESPONSE ON THE LIST"? > http://www.urbandictionary.com/define.php?term=pebkac > the same for "unsubscribe" to the list > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users Tot mails, bind userlistmailto:hika...@gmail.com "Zonder hoop kun je niet leven Zonder leven is er geen hoop Het eeuwige dilemma Zeker als je hoop moet vernietigen om te kunnen overleven!" De lerende Mens -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ListDisipine
Hoi Reindl, Saturday, September 2, 2017, 5:20:00 AM, you wrote: > Am 02.09.2017 um 05:05 schrieb Hika van den Hoven: >>I follow this list for some time and I have noticed a complete lack >>of list discipline,. Half of the messages are lost and a lot of the >>rest is lost again, because people do not either account the list >>primarily or forget they are talking to a list. >>I account any maintainer!?? if any? > and how should any "maintainer" fix users which are not capable to > operate a mailclient given that some even don't change their behavior > even if you call them names after the 3rd off-list reply where you each > time explain "RESPOND TO THE LIST WHEN YOU GOT A RESPONSE ON THE LIST"? > http://www.urbandictionary.com/define.php?term=pebkac > the same for "unsubscribe" to the list > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users And not naming any issue by definition will not solve it!:-) Tot mails, bind userlistmailto:hika...@gmail.com "Zonder hoop kun je niet leven Zonder leven is er geen hoop Het eeuwige dilemma Zeker als je hoop moet vernietigen om te kunnen overleven!" De lerende Mens -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ListDisipine
Hoi Reindl, Saturday, September 2, 2017, 5:20:00 AM, you wrote: > Am 02.09.2017 um 05:05 schrieb Hika van den Hoven: >>I follow this list for some time and I have noticed a complete lack >>of list discipline,. Half of the messages are lost and a lot of the >>rest is lost again, because people do not either account the list >>primarily or forget they are talking to a list. >>I account any maintainer!?? if any? > and how should any "maintainer" fix users which are not capable to > operate a mailclient given that some even don't change their behavior > even if you call them names after the 3rd off-list reply where you each > time explain "RESPOND TO THE LIST WHEN YOU GOT A RESPONSE ON THE LIST"? > http://www.urbandictionary.com/define.php?term=pebkac > the same for "unsubscribe" to the list > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users It works somehow on the myth list Tot mails, bind userlistmailto:hika...@gmail.com "Zonder hoop kun je niet leven Zonder leven is er geen hoop Het eeuwige dilemma Zeker als je hoop moet vernietigen om te kunnen overleven!" De lerende Mens -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
ListDisipine
Hoi , I follow this list for some time and I have noticed a complete lack of list discipline,. Half of the messages are lost and a lot of the rest is lost again, because people do not either account the list primarily or forget they are talking to a list. I account any maintainer!?? if any? -- Tot Mails, Hika Alina Maria van den Hoven mailto:hika...@gmail.com "Zonder hoop kun je niet leven Zonder leven is er geen hoop Het eeuwige dilemma Zeker als je hoop moet vernietigen om te kunnen overleven!" De lerende Mens ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Testing...
Hoi Tony, Wednesday, August 30, 2017, 6:44:32 PM, you wrote: > Grant Taylor wrote: >> >> There is additional footer content (as well as headers) in messages from the >> mailing list. >> >> Does Gmail detect that and ignore it? Or is the message simply folded into >> the conversation in Gmail? > No, I believe deduplication is based purely on the message-ID, but as far > as I can see it isn't documented by Google. If you have more questions > about Gmail you should take them elsewhere. There are reasons I am no > longer a postmaster... > Tony. As far as I know If you pop from a gmail account, it will never include any message containing itself as the sender. However if you go to web-mail it will be there. Gmail takes part of the tasks of your mail program by keeping track of what has been downloaded and it seems to mark those messages as already downloaded. So in that case you have to use your mailprogram filtering to copy your send messages to the list folder. Tot mails, bind userlistmailto:hika...@gmail.com "Zonder hoop kun je niet leven Zonder leven is er geen hoop Het eeuwige dilemma Zeker als je hoop moet vernietigen om te kunnen overleven!" De lerende Mens -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind-dyndb-ldap integration
Hi All, I have another question related to bind-dyndb-ldap. Maybe someone can give me some hint(s). bind-dyndb-ldap seems now to be working, only before I used several ACL's in named.conf. Also I have some master and server definitions and some keys for the zone transfer and the comunication with DHCP. The ACLs are not recognized inside bind-dyndb-ldap, but the keys are. At least for "allow-transfer", for the "update-policy" I do not jet know. And as it is a completely different syntax... So for the "allow-transfer" statement I had to use the IP addresses and it is now working. The slavezone statements are still in named.conf so there is no issue there. Whether the update policy for DHCPd now works I do not know, but it seemed to have stopped working before the transfer to bind-dyndb-ldap. Anyhow no ACLs needed. Any other statements using ACLs like "allow-query" I left in the options in named.conf, but I would like to move those to ldap too. But without the ACLs?... Optimally I would whish, like with DHCPd, all configuration inside ldap, but that does not seem to be possible (jet). Tot mails, bind userlistmailto:hika...@gmail.com "Zonder hoop kun je niet leven Zonder leven is er geen hoop Het eeuwige dilemma Zeker als je hoop moet vernietigen om te kunnen overleven!" De lerende Mens -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind-dyndb-ldap integration
Hoi Tomas, Monday, March 27, 2017, 2:54:52 PM, you wrote: > On 03/27/2017 12:11 PM, Tony Finch wrote: >> Hika van den Hoven wrote: >>> Running named with `-d 10 -g -u named` from the command line got me >>> some more info but I still do not understand what goes wrong. >> I looked at this, but I can't work out what the problem is either. >> Something mysterious is going wrong inside bind-dyndb-ldap's config >> parser, so I think you should contact the authors of bind-dyndb-ldap for >> help. >> >> Here's what I can see happening... >> >>> ... >>> loading DynDB instance 'DNS-ldap'driver '/usr/lib64bind/ldap.so' >>> bind-dyndb-ldap version 11.1 compiled at 21:34:13 Mar 20 2017, >>> compiler 4.9.4 >>> registered dynamic ldap driver for DNS-ldap. >>> adding task 0x7fd80df75010 to syncrepl list; 1 task in list >>> configuration for dyndb instance 'DNS-ldap' (starting in file >>> /etc/bind/named.conf on line 44): >>> auth_method "simple"; >>> base "cn=DNSdyndb, dc=home"; >>> bind_dn "cn=Admin, dc=home"; >>> directory "dyn"; >>> password ""; >>> uri "ldap://localhost:389";; >>> verbose_checks yes; >> At this point bind-dyndb-ldap has put the configuration through the BIND >> config parser. The debug output is a dump of the parsed config. This >> parsed config is then converted by bind-dyndb-ldap into its own format. >> This fails: >> >>> cannot parse settings for 'named.conf for database DNS-ldap': not >>> found >>> LDAP instance 'DNS-ldap' destroyed >>> ... >>> ` >> I think the "not found" error happens when it is looking for a setting >> name which isn't present. >> >> My best guess for what might fix it is if you explicitly set all >> the options. >> >> My guess for what might reveal a bug is if you just add a seting for the >> `server_id` option. > This is indeed a bug [1]. It's a regression from the previous versions > (10.1) and it's most likely caused by the recent changes in the API. > As a workaround, you can specify `server_id` with an arbitrary value in > /etc/named.conf . > [1] - https://pagure.io/bind-dyndb-ldap/issue/172 Thanks, although the server_id thing was not really clear to me. Some looking around revealed me there is an options setting "server-id", but adding that does not change anything and the dyndb-ldap options list does not state any server_id or server-id. Adding server-id created a syntax error, which was refreshing. But then adding server_id "DNS-ldap" did it. Thanks now I can go on testing things. It's a pity it takes so much searching to find proper documentation. Although I had been googling anything I could think if for over a week, I could not find anything helpfull. Tot mails, bind userlistmailto:hika...@gmail.com "Zonder hoop kun je niet leven Zonder leven is er geen hoop Het eeuwige dilemma Zeker als je hoop moet vernietigen om te kunnen overleven!" De lerende Mens -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind-dyndb-ldap integration
Hoi Hika,
Sorry for my initial double post. I posted after my application and it
got lost. I got a bounce today and reapplied my question. Within 30
min I suddenly got linked in an both my initial post and my repost got
through, including all data from the last two days. Again sorry.
My main uncertainty is where my 'error message' comes from. Is it bind
or dyndb-ldap. In the later case I have to look there. Can at least
anybody give clearity there? Maybe any of the devs listening in?
Wednesday, March 22, 2017, 6:56:55 PM, you wrote:
> Hoi All,
> If have been using bind (and openldap) for a few years. When I first
> set-up bind I looked at possibilities for ldap integration and tried
> sdb-ldap, but found its response time bad. So instead I have since
> used the ldap2zone tool to daily update my zone-files.
> Recently I have been looking again and came upon bind-dyndb-ldap. It
> looks good, although it does not jet have the complete configuration
> set dhcp-ldap has for ics-dhcp.
> The last two weeks I have been reading everything I could find.
> I have so far:
> - added the bind-dyndb-ldap schema to ldap. (marked out the
>'dNSdefaultTTL' attribute as it reuses the OID for 'zoneName' in
>the dnszone schema which I for now still need)
> - converted my old zone-data into a new tree.
> - compiled bind-dyndb-ldap-11.1. I run Gentoo, but found an overlay
>for 11.0 and changed it for 11.1.
> - Updated to bind 9.11.0-p3
> - Added:
> dyndb DNS-ldap "/usr/lib64/bind/ldap.so" {
> uri "ldap://localhost:389";;
> base "cn=DNSdyndb, dc=home";
> auth_method "simple";
> bind_dn "cn=Admin, dc=home";
> password "my-secret";
> directory "dyn";
> verbose_checks yes;
> };
> and got stuck.
> I tried the uri with and without the portnumber, as it says her, as an
> IP-number...
> For now I use my rootdn, but once working I'll create a dedicated user
> with local full rights, as I have with dhcp.
> I have looked through configure for bind if I have to enable
> something, have tried removing dlz from bind, but time and again it
> won't work.
> Running named with `-d 10 -g -u named` from the command line got me
> some more info but I still do not understand what goes wrong. Let
> alone what I have to do.
> The above gives me with the leading datetime removed:
> `
> ...
> loading DynDB instance 'DNS-ldap'driver '/usr/lib64bind/ldap.so'
> bind-dyndb-ldap version 11.1 compiled at 21:34:13 Mar 20 2017,
> compiler 4.9.4
> registered dynamic ldap driver for DNS-ldap.
> adding task 0x7fd80df75010 to syncrepl list; 1 task in list
> configuration for dyndb instance 'DNS-ldap' (starting in file
> /etc/bind/named.conf on line 44):
> auth_method "simple";
> base "cn=DNSdyndb, dc=home";
> bind_dn "cn=Admin, dc=home";
> directory "dyn";
> password "";
> uri "ldap://localhost:389";;
> verbose_checks yes;
> cannot parse settings for 'named.conf for database DNS-ldap': not
> found
> LDAP instance 'DNS-ldap' destroyed
> ...
> `
> And bind is shut-down???
Tot mails,
bind userlistmailto:hika...@gmail.com
"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"
De lerende Mens
--
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
bind-dyndb-ldap integration
Hoi All,
If have been using bind (and openldap) for a few years. When I first
set-up bind I looked at possibilities for ldap integration and tried
sdb-ldap, but found its response time bad. So instead I have since
used the ldap2zone tool to daily update my zone-files.
Recently I have been looking again and came upon bind-dyndb-ldap. It
looks good, although it does not jet have the complete configuration
set dhcp-ldap has for ics-dhcp.
The last two weeks I have been reading everything I could find.
I have so far:
- added the bind-dyndb-ldap schema to ldap. (marked out the
'dNSdefaultTTL' attribute as it reuses the OID for 'zoneName' in
the dnszone schema which I for now still need)
- converted my old zone-data into a new tree.
- compiled bind-dyndb-ldap-11.1. I run Gentoo, but found an overlay
for 11.0 and changed it for 11.1.
- Updated to bind 9.11.0-p3
- Added:
dyndb DNS-ldap "/usr/lib64/bind/ldap.so" {
uri "ldap://localhost:389";;
base "cn=DNSdyndb, dc=home";
auth_method "simple";
bind_dn "cn=Admin, dc=home";
password "my-secret";
directory "dyn";
verbose_checks yes;
};
and got stuck.
I tried the uri with and without the portnumber, as it says her, as an
IP-number...
For now I use my rootdn, but once working I'll create a dedicated user
with local full rights, as I have with dhcp.
I have looked through configure for bind if I have to enable
something, have tried removing dlz from bind, but time and again it
won't work.
Running named with `-d 10 -g -u named` from the command line got me
some more info but I still do not understand what goes wrong. Let
alone what I have to do.
The above gives me with the leading datetime removed:
`
...
loading DynDB instance 'DNS-ldap'driver '/usr/lib64bind/ldap.so'
bind-dyndb-ldap version 11.1 compiled at 21:34:13 Mar 20 2017,
compiler 4.9.4
registered dynamic ldap driver for DNS-ldap.
adding task 0x7fd80df75010 to syncrepl list; 1 task in list
configuration for dyndb instance 'DNS-ldap' (starting in file
/etc/bind/named.conf on line 44):
auth_method "simple";
base "cn=DNSdyndb, dc=home";
bind_dn "cn=Admin, dc=home";
directory "dyn";
password "";
uri "ldap://localhost:389";;
verbose_checks yes;
cannot parse settings for 'named.conf for database DNS-ldap': not
found
LDAP instance 'DNS-ldap' destroyed
...
`
And bind is shut-down???
--
Tot Mails,
bind userlist mailto:hika...@gmail.com
"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"
De lerende Mens
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
bind-dyndb-ldap integration
Hoi All,
If have been using bind (and openldap) for a few years. When I first
set-up bind I looked at possibilities for ldap integration and tried
sdb-ldap, but found its response time bad. So instead I have since
used the ldap2zone tool to daily update my zone-files.
Recently I have been looking again and came upon bind-dyndb-ldap. It
looks good, although it does not jet have the complete configuration
set dhcp-ldap has for ics-dhcp.
The last two weeks I have been reading everything I could find.
I have so far:
- added the bind-dyndb-ldap schema to ldap. (marked out the
'dNSdefaultTTL' attribute as it reuses the OID for 'zoneName' in
the dnszone schema which I for now still need)
- converted my old zone-data into a new tree.
- compiled bind-dyndb-ldap-11.1. I run Gentoo, but found an overlay
for 11.0 and changed it for 11.1.
- Updated to bind 9.11.0-p3
- Added:
dyndb DNS-ldap "/usr/lib64/bind/ldap.so" {
uri "ldap://localhost:389";;
base "cn=DNSdyndb, dc=home";
auth_method "simple";
bind_dn "cn=Admin, dc=home";
password "my-secret";
directory "dyn";
verbose_checks yes;
};
and got stuck.
I tried the uri with and without the portnumber, as it says her, as an
IP-number...
For now I use my rootdn, but once working I'll create a dedicated user
with local full rights, as I have with dhcp.
I have looked through configure for bind if I have to enable
something, have tried removing dlz from bind, but time and again it
won't work.
Running named with `-d 10 -g -u named` from the command line got me
some more info but I still do not understand what goes wrong. Let
alone what I have to do.
The above gives me with the leading datetime removed:
`
...
loading DynDB instance 'DNS-ldap'driver '/usr/lib64bind/ldap.so'
bind-dyndb-ldap version 11.1 compiled at 21:34:13 Mar 20 2017,
compiler 4.9.4
registered dynamic ldap driver for DNS-ldap.
adding task 0x7fd80df75010 to syncrepl list; 1 task in list
configuration for dyndb instance 'DNS-ldap' (starting in file
/etc/bind/named.conf on line 44):
auth_method "simple";
base "cn=DNSdyndb, dc=home";
bind_dn "cn=Admin, dc=home";
directory "dyn";
password "";
uri "ldap://localhost:389";;
verbose_checks yes;
cannot parse settings for 'named.conf for database DNS-ldap': not
found
LDAP instance 'DNS-ldap' destroyed
...
`
And bind is shut-down???
--
Tot Mails,
bind userlist mailto:hika...@gmail.com
"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"
De lerende Mens
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
