Bind-sdb not vailable on Rocky Linux 9.x

Rocky Linux Help & Support
1

Hello,

Looks like the bind-sdb package is not available on Rocky Linux 9.x. Will it be integrated with the next versions?

[root@testsrv ~]$ cat /etc/redhat-release
Rocky Linux release 9.2 (Blue Onyx)

[root@testsrv ~]$ dnf search bind-*
Last metadata expiration check: 2:21:47 ago on Wed 26 Jul 2023 07:31:10 AM CEST.
==================================================================================================================================================== Name Matched: bind-* ====================================================================================================================================================
bind-chroot.x86_64 : A chroot runtime environment for the ISC BIND DNS server, named(8)
bind-devel.i686 : Header files and libraries needed for bind-dyndb-ldap
bind-devel.x86_64 : Header files and libraries needed for bind-dyndb-ldap
bind-dnssec-doc.noarch : Manual pages of DNSSEC utilities
bind-dnssec-utils.x86_64 : DNSSEC keys and zones management utilities
bind-doc.noarch : BIND 9 Administrator Reference Manual
bind-dyndb-ldap.x86_64 : LDAP back-end plug-in for BIND
bind-libs.x86_64 : Libraries used by the BIND DNS packages
bind-libs.i686 : Libraries used by the BIND DNS packages
bind-license.noarch : License of the BIND DNS suite
bind-utils.x86_64 : Utilities for querying DNS name servers

Thanks !

2

bind-sdb was a subpackage provided in bind 9.11. This is no longer the case. DLZ, which replaces a lot of that functionality and more, is also disabled.

You would need to use DLZ to get what you’re after. Since it’s disabled, the packages aren’t available. You can however try to enable that support. It requires a patch for it to build properly. Below is what I roughly did to make it build with the following caveats:

  • It’s not clear if it it will actually work
  • You will have to maintain the bind package yourself (e.g. if we release any updates, you’re on the hook for keeping your packages up to date)
% cd /tmp/
% wget http://dl.rockylinux.org/pub/rocky/9/devel/source/tree/Packages/b/bind-9.16.23-11.el9_2.1.src.rpm
% dnf install epel-release rpm-build -y
% crb enable
% dnf install mock -y
% usermod -aG mock user
% su - user
% rpm -i /tmp/bind-9.16.23-11.el9_2.1.src.rpm

# download the patches
% cd rpmbuild/SOURCES
% wget https://src.fedoraproject.org/rpms/bind/raw/ec7f7e4c125f8d3ac99dd1bba0fba0d4f7639a5d/f/bind-9.16-openldap-2.6.patch

# modify the spec file (below is a diff)
54c54
< Release:  11%{?dist}.1
---
> Release:  11%{?dist}.1.1
128a129
> Patch9998: bind-9.16-openldap-2.6.patch
443a446
> %patch9998 -p1
1166a1171,1173
> * Wed Jul 26 2023 Louis Abel <label@rockylinux.org> - 32:9.16.23-11.1.1
> - Add patches for DLZ support
>

% rpmbuild -bs ~/rpmbuild/SPECS/bind.spec
Wrote: /home/user/rpmbuild/SRPMS/bind-9.16.23-11.el9.1.1.src.rpm

% mock -r rocky-9-x86_64 \
  /home/user/rpmbuild/SRPMS/bind-9.16.23-11.el9.1.1.src.rpm \
  --enablerepo=devel --with=DLZ --define 'dist .el9_2.dlz'

# this produces the following packages
Wrote: /builddir/build/RPMS/bind-libs-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-doc-9.16.23-11.el9_2.dlz.1.1.noarch.rpm
Wrote: /builddir/build/RPMS/bind-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-devel-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-utils-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-dnssec-utils-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-dnssec-utils-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-utils-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/python3-bind-9.16.23-11.el9_2.dlz.1.1.noarch.rpm
Wrote: /builddir/build/RPMS/bind-dlz-mysql-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-dlz-mysql-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-dlz-ldap-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-dlz-sqlite3-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-dlz-ldap-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-dlz-sqlite3-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-dlz-filesystem-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-dlz-filesystem-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-dnssec-doc-9.16.23-11.el9_2.dlz.1.1.noarch.rpm
Wrote: /builddir/build/RPMS/bind-libs-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-chroot-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
Wrote: /builddir/build/RPMS/bind-license-9.16.23-11.el9_2.dlz.1.1.noarch.rpm
Wrote: /builddir/build/RPMS/bind-debugsource-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm

With that being said, there have been some talks about starting a “fast track” like SIG to have modified packages like this or even upgraded packages. This might be one (of many) candidates that could make it, but no guarantees.

3

Thank you very much @label for your response. I will try to install it and get back to you later.

4

Hello @label,
I followed the steps described in your first post. Everything is OK :

ls -la

total 18500
drwxrwxr-x 2 root root 4096 Jul 26 12:07 .
drwxrwxr-x 4 root mock 54 Jul 26 12:07 ..
-rw-r–r-- 1 root mock 5214535 Jul 26 12:02 bind-9.16.23-11.el9_2.dlz.1.1.src.rpm
-rw-r–r-- 1 root mock 500846 Jul 26 12:07 bind-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 16453 Jul 26 12:07 bind-chroot-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 684493 Jul 26 12:07 bind-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 1585056 Jul 26 12:07 bind-debugsource-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 308476 Jul 26 12:07 bind-devel-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 17632 Jul 26 12:07 bind-dlz-filesystem-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 25245 Jul 26 12:07 bind-dlz-filesystem-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 24543 Jul 26 12:07 bind-dlz-ldap-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 29466 Jul 26 12:07 bind-dlz-ldap-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 35015 Jul 26 12:07 bind-dlz-mysql-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 55508 Jul 26 12:07 bind-dlz-mysql-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 22287 Jul 26 12:07 bind-dlz-sqlite3-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 28430 Jul 26 12:07 bind-dlz-sqlite3-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 45712 Jul 26 12:07 bind-dnssec-doc-9.16.23-11.el9_2.dlz.1.1.noarch.rpm
-rw-r–r-- 1 root mock 114797 Jul 26 12:07 bind-dnssec-utils-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 249009 Jul 26 12:07 bind-dnssec-utils-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 2169137 Jul 26 12:07 bind-doc-9.16.23-11.el9_2.dlz.1.1.noarch.rpm
-rw-r–r-- 1 root mock 1296966 Jul 26 12:07 bind-libs-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 3393040 Jul 26 12:07 bind-libs-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 12451 Jul 26 12:07 bind-license-9.16.23-11.el9_2.dlz.1.1.noarch.rpm
-rw-r–r-- 1 root mock 203511 Jul 26 12:07 bind-utils-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-r–r-- 1 root mock 353807 Jul 26 12:07 bind-utils-debuginfo-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm
-rw-rw-r-- 1 root root 1812828 Jul 26 12:07 build.log
-rw-rw-r-- 1 root root 3028 Jul 26 12:01 hw_info.log
-rw-rw-r-- 1 root root 36923 Jul 26 12:02 installed_pkgs.log
-rw-r–r-- 1 root mock 61687 Jul 26 12:07 python3-bind-9.16.23-11.el9_2.dlz.1.1.noarch.rpm
-rw-rw-r-- 1 root root 567050 Jul 26 12:07 root.log
-rw-rw-r-- 1 root root 996 Jul 26 12:07 state.log

Than I installed the packages I need to use : ldap+dlz

dnf install bind-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm bind-dlz-ldap-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm bind-libs-9.16.23-11.el9_2.dlz.1.1.x86_64.rpm bind-license-9.16.23-11.el9_2.dlz.1.1.noarch.rpm

rpm -qa | grep bind-

rpcbind-1.2.6-5.el9.x86_64
bind-license-9.16.23-11.el9_2.dlz.1.1.noarch
bind-libs-9.16.23-11.el9_2.dlz.1.1.x86_64
bind-9.16.23-11.el9_2.dlz.1.1.x86_64
bind-dlz-ldap-9.16.23-11.el9_2.dlz.1.1.x86_64

When I start named, I get the following error :
Jul 26 12:46:14 dc03.tad.prolune.ch named[41826]: Loading ‘ldap’ using driver ldap
Jul 26 12:46:14 dc03.tad.prolune.ch named[41826]: unsupported DLZ database driver ‘ldap’. ldap not loaded.
Jul 26 12:46:14 dc03.tad.prolune.ch named[41826]: loading configuration: not found
Jul 26 12:46:14 dc03.tad.prolune.ch named[41826]: exiting (due to fatal error)

Do you have any idea what it is? Should I install another package?

Thanks !

5

[root@dc03 rocky-9-x86_64]$ named -V
BIND 9.16.23-RH (Extended Support Version) id:fde3b1f
running on Linux x86_64 5.14.0-284.18.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 22 17:36:46 UTC 2023
built by make with ‘–build=x86_64-redhat-linux-gnu’ ‘–host=x86_64-redhat-linux-gnu’ ‘–program-prefix=’ ‘–disable-dependency-tracking’ ‘–prefix=/usr’ ‘–exec-prefix=/usr’ ‘–bindir=/usr/bin’ ‘–sbindir=/usr/sbin’ ‘–sysconfdir=/etc’ ‘–datadir=/usr/share’ ‘–includedir=/usr/include’ ‘–libdir=/usr/lib64’ ‘–libexecdir=/usr/libexec’ ‘–sharedstatedir=/var/lib’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–with-python=/usr/bin/python3’ ‘–with-libtool’ ‘–localstatedir=/var’ ‘–with-pic’ ‘–disable-static’ ‘–includedir=/usr/include/bind9’ ‘–with-tuning=large’ ‘–with-libidn2’ ‘–with-maxminddb’ ‘–with-dlopen=yes’ ‘–with-gssapi=yes’ ‘–with-lmdb=yes’ ‘–without-libjson’ ‘–with-json-c’ ‘–enable-dnstap’ ‘–enable-fixed-rrset’ ‘–enable-full-report’ ‘build_alias=x86_64-redhat-linux-gnu’ ‘host_alias=x86_64-redhat-linux-gnu’ ‘CC=gcc’ ‘CFLAGS= -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection’ 'LDFLAGS=-Wl,-z,relro -Wl,–as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 ’ ‘LT_SYS_LIBRARY_PATH=/usr/lib64:’ ‘PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig’
compiled by GCC 11.3.1 20221121 (Red Hat 11.3.1-4)
compiled with OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
linked to OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
compiled with libuv version: 1.42.0
linked to libuv version: 1.42.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.14
linked to json-c version: 0.14
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled

default paths:
named configuration: /etc/named.conf
rndc configuration: /etc/rndc.conf
DNSSEC root key: /etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
geoip-directory: /usr/share/GeoIP

Looks like not compiled with dlz-ldap ?

6

I’m not sure what the issue could be here. As I said, I cannot guarantee what I did to make it build to allow it to work. There’s another patch you can add to see if that helps, but there’s no guarantees.

As an aside, if you are just looking to use bind with ldap, I would use the regular bind packages from our repositories and install bind-dyndb-ldap.

7

Hello nazunalika,

I thank you very much for your help. I’ll let you know when I get a result. I’m going back to this job in a month :slightly_smiling_face:

Have a nice day !

8

Hello Nazunalika,

I don’t know when to apply this last patch? the contrib/dlz/modules/ldap/dlz_ldap_dynamic.c file is produced with the last command "mock -r rocky-9-x86_64 …" in :

root@dc03 rocky-9-x86_64]$ find . -name ‘dlz_ldap_dynamic.c’
./root/builddir/build/BUILD/bind-9.16.23/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c
./root/builddir/build/BUILD/bind-9.16.23/build/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c
./root/builddir/build/BUILDROOT/bind-9.16.23-11.el9_2.dlz.1.1.x86_64/usr/src/debug/bind-9.16.23-11.el9_2.dlz.1.1.x86_64/build/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c

This file is generated at the same time as the rpm files which are put in /var/lib/mock /rocky-9-x86_64/result.
I don’t know how to apply the 2nd patch with the first. When to edit the dlz_ldap_dynamic.c file when I will directly install the bind-xxx.x86_64.rpm I need?

Thank you in advance for your help .