# Bind and dlz?

## The_Great_Sephiroth

I have another problem with this server. I compiled bind with dlz support, but it says it doesn't know the dlz option.

```

dc01 ~ # emerge -pqv bind

[ebuild   R   ] net-dns/bind-9.11.0_p2  USE="berkdb caps dlz geoip gssapi ipv6 ldap ssl threads zlib -dnstap -doc -filter-aaaa -fixed-rrset -gost -idn -json (-libressl) -lmdb -mysql -nslint -odbc -postgres -python -rpz (-seccomp) (-selinux) -static-libs -urandom -xml" PYTHON_TARGETS="python2_7 python3_4"

dc01 ~ # named-checkconf

/var/lib/samba/private/named.conf:12: unknown option 'dlz'

```

So what on earth is going on? Also, our Samba is way behind official (4.5 now, and we have 4.2), so will bind 9.11 be an issue? Samba 4.2 supported 9.10, 9.9, and 9.8 I know, but 9.11 was officially supported in 4.5.

*EDIT*

Also:

```

dc01 ~ # named -V

BIND 9.11.0-P2 <id:9713922>

running on Linux x86_64 4.9.6-gentoo-r1 #3 SMP Mon Feb 13 21:00:30 EST 2017

built by make with '--prefix=/usr' '--build=x86_64-pc-linux-gnu' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--libdir=/usr/lib64' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--enable-full-report' '--without-readline' '--enable-linux-caps' '--disable-filter-aaaa' '--disable-fixed-rrset' '--enable-ipv6' '--disable-rpz-nsdname' '--disable-rpz-nsip' '--disable-seccomp' '--enable-threads' '--with-dlz-bdb' '--with-dlopen' '--with-dlz-filesystem' '--with-dlz-stub' '--without-gost' '--with-gssapi' '--without-idn' '--without-libjson' '--with-dlz-ldap' '--without-dlz-mysql' '--without-dlz-odbc' '--without-dlz-postgres' '--without-lmdb' '--without-python' '--with-ecdsa' '--with-openssl=/usr' '--without-libxml2' '--with-zlib' '--with-randomdev=/dev/random' '--with-geoip' 'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu' 'CFLAGS=-march=native -mtune=native -O2 -pipe -I/usr/include/db5.3' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed'

compiled by GCC 4.9.4

compiled with OpenSSL version: OpenSSL 1.0.2k  26 Jan 2017

linked to OpenSSL version: OpenSSL 1.0.2k  26 Jan 2017

compiled with zlib version: 1.2.11

linked to zlib version: 1.2.11

threads support is enabled

```

It has DLZ LDAP support. The config checker seems to think otherwise...

----------

## The_Great_Sephiroth

Anybody? I am stuck and need this up. Actually, it was supposed to be up yesterday and from what I can tell has been done correctly but is acting retarded. It claims it has DLZ support but won't start because it does not recognize the DLZ option.

*EDIT*

More info.

```

dc01 ~ # named -g -u named -d 65535

14-Feb-2017 12:17:57.133 starting BIND 9.11.0-P2 <id:9713922>

14-Feb-2017 12:17:57.134 running on Linux x86_64 4.9.6-gentoo-r1 #3 SMP Mon Feb 13 21:00:30 EST 2017

14-Feb-2017 12:17:57.134 built with '--prefix=/usr' '--build=x86_64-pc-linux-gnu' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--libdir=/usr/lib64' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--enable-full-report' '--without-readline' '--enable-linux-caps' '--disable-filter-aaaa' '--disable-fixed-rrset' '--enable-ipv6' '--disable-rpz-nsdname' '--disable-rpz-nsip' '--disable-seccomp' '--enable-threads' '--with-dlz-bdb' '--with-dlopen' '--with-dlz-filesystem' '--with-dlz-stub' '--without-gost' '--with-gssapi' '--without-idn' '--without-libjson' '--with-dlz-ldap' '--without-dlz-mysql' '--without-dlz-odbc' '--without-dlz-postgres' '--without-lmdb' '--without-python' '--with-ecdsa' '--with-openssl=/usr' '--without-libxml2' '--with-zlib' '--with-randomdev=/dev/random' '--with-geoip' 'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu' 'CFLAGS=-march=native -mtune=native -O2 -pipe -I/usr/include/db5.3' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed'

14-Feb-2017 12:17:57.134 running as: named -g -u named -d 65535

14-Feb-2017 12:17:57.134 ----------------------------------------------------

14-Feb-2017 12:17:57.134 BIND 9 is maintained by Internet Systems Consortium,

14-Feb-2017 12:17:57.134 Inc. (ISC), a non-profit 501(c)(3) public-benefit 

14-Feb-2017 12:17:57.134 corporation.  Support and training for BIND 9 are 

14-Feb-2017 12:17:57.134 available at https://www.isc.org/support

14-Feb-2017 12:17:57.134 ----------------------------------------------------

14-Feb-2017 12:17:57.134 adjusted limit on open files from 4096 to 1048576

14-Feb-2017 12:17:57.134 found 4 CPUs, using 4 worker threads

14-Feb-2017 12:17:57.134 using 3 UDP listeners per interface

14-Feb-2017 12:17:57.134 using up to 4096 sockets

14-Feb-2017 12:17:57.134 Registering DLZ_dlopen driver

14-Feb-2017 12:17:57.134 Registering SDLZ driver 'dlopen'

14-Feb-2017 12:17:57.134 Registering DLZ driver 'dlopen'

14-Feb-2017 12:17:57.134 Registering DLZ_stub driver.

14-Feb-2017 12:17:57.134 Registering SDLZ driver 'dlz_stub'

14-Feb-2017 12:17:57.134 Registering DLZ driver 'dlz_stub'

14-Feb-2017 12:17:57.134 Registering DLZ filesystem driver.

14-Feb-2017 12:17:57.134 Registering SDLZ driver 'filesystem'

14-Feb-2017 12:17:57.134 Registering DLZ driver 'filesystem'

14-Feb-2017 12:17:57.134 Registering DLZ bdb driver.

14-Feb-2017 12:17:57.134 Registering SDLZ driver 'bdb'

14-Feb-2017 12:17:57.134 Registering DLZ driver 'bdb'

14-Feb-2017 12:17:57.134 Registering DLZ bdbhpt driver.

14-Feb-2017 12:17:57.134 Registering SDLZ driver 'bdbhpt'

14-Feb-2017 12:17:57.134 Registering DLZ driver 'bdbhpt'

14-Feb-2017 12:17:57.134 Registering DLZ ldap driver.

14-Feb-2017 12:17:57.134 Registering SDLZ driver 'ldap'

14-Feb-2017 12:17:57.134 Registering DLZ driver 'ldap'

14-Feb-2017 12:17:57.138 delete_node(): 0x7fc163280078 . (bucket 3)

14-Feb-2017 12:17:57.140 socket 0x7fc16328f010: created

14-Feb-2017 12:17:57.140 socket 0x7fc16328f010: socket_recv: event 0x7fc16327dec0 -> task 0x7fc163288010

14-Feb-2017 12:17:57.140 sockmgr 0x7fc163276010: watcher got message -3 for socket 20

14-Feb-2017 12:17:57.140 sockmgr 0x7fc163276010: watcher got message -2 for socket -1

14-Feb-2017 12:17:57.141 loading configuration from '/etc/bind/named.conf'

14-Feb-2017 12:17:57.141 /var/lib/samba/private/named.conf:12: unknown option 'dlz'

14-Feb-2017 12:17:57.142 load_configuration: failure

14-Feb-2017 12:17:57.142 loading configuration: failure

14-Feb-2017 12:17:57.142 exiting (due to fatal error)

```

It registers a bunch of DLZ drivers then claims it doesn't know the DLZ option! Is this seriously a stable release? This clearly appears to be a bug.

----------

## The_Great_Sephiroth

The solution is simple, yet discussed nowhere online. In the Samba ADDC guide it tells you to include the generated file but it does NOT say where. You cannot include it in the options section, which is what I had done. I actually found three or four other threads on random forums with this exact issue and nobody had a solution. Move the include out of the options section and you are golden. I will mention this on the Samba mailing list on my next visit. It needs to be clearly stated that the include cannot be in another section.

----------

