Dynamically-linked DLZ module example fails to load when named is run.
Summary
I encounter the following error when attempting to configure named
with the DLZ module in contrib/dlz/example
:
dlz_dlopen failed to open library '/usr/lib/dlz_example.so' - /usr/lib/dlz_example.so: failed to map segment from shared object
BIND version used
named -V
BIND 9.11.3-1ubuntu1.8-Ubuntu (Extended Support Version) <id:a375815>
running on Linux x86_64 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libjson=/usr' '--without-lmdb' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so' '--with-randomdev=/dev/urandom' '--with-eddsa=no' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-5dQpEe/bind9-9.11.3+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 7.4.0
compiled with OpenSSL version: OpenSSL 1.1.0g 2 Nov 2017
linked to OpenSSL version: OpenSSL 1.1.1 11 Sep 2018
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
compiled with libjson-c version: 0.12.1
linked to libjson-c version: 0.12.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
Steps to reproduce
Install BIND9 on Ubuntu 18.04 LTS:
sudo apt update
sudo apt install bind9
Note: This creates the
bind
user, which is used to generate default config files in/etc/bind
.
Download BIND 9.11.9 ESV and extract contents:
wget https://downloads.isc.org/isc/bind9/9.11.9/bind-9.11.9.tar.gz
tar -zxvf bind-9.11.9.tar.gz
Compile the DLZ example:
cd bind-9.11.9/contrib/dlz/example
make
Copy the .so file to /usr/lib
and set owner and group to bind
:
sudo cp dlz_example.so /usr/lib/
sudo chown bind:bind /usr/lib/dlz_example.so
To prevent any issues related to #974 (closed), edit named.conf
to use the full path of /usr/lib/dlz_example.so
. (See "Relevant configuration files".)
Copy named.conf
to /etc/bind
sudo cp named.conf /etc/bind/
What is the current bug behavior?
Running sudo named -u bind -g
produces the following output:
23-Jul-2019 10:26:08.831 running as: named -u bind -g
23-Jul-2019 10:26:08.831 ----------------------------------------------------
23-Jul-2019 10:26:08.831 BIND 9 is maintained by Internet Systems Consortium,
23-Jul-2019 10:26:08.831 Inc. (ISC), a non-profit 501(c)(3) public-benefit
23-Jul-2019 10:26:08.831 corporation. Support and training for BIND 9 are
23-Jul-2019 10:26:08.831 available at https://www.isc.org/support
23-Jul-2019 10:26:08.831 ----------------------------------------------------
23-Jul-2019 10:26:08.831 found 2 CPUs, using 2 worker threads
23-Jul-2019 10:26:08.831 using 1 UDP listener per interface
23-Jul-2019 10:26:08.831 using up to 4096 sockets
23-Jul-2019 10:26:08.836 loading configuration from '/etc/bind/named.conf'
23-Jul-2019 10:26:08.836 reading built-in trust anchors from file '/etc/bind/bind.keys'
23-Jul-2019 10:26:08.836 initializing GeoIP Country (IPv4) (type 1) DB
23-Jul-2019 10:26:08.836 GEO-106FREE 20180315 Build
23-Jul-2019 10:26:08.836 initializing GeoIP Country (IPv6) (type 12) DB
23-Jul-2019 10:26:08.837 GEO-106FREE 20180315 Build
23-Jul-2019 10:26:08.837 GeoIP City (IPv4) (type 2) DB not available
23-Jul-2019 10:26:08.837 GeoIP City (IPv4) (type 6) DB not available
23-Jul-2019 10:26:08.837 GeoIP City (IPv6) (type 30) DB not available
23-Jul-2019 10:26:08.837 GeoIP City (IPv6) (type 31) DB not available
23-Jul-2019 10:26:08.837 GeoIP Region (type 3) DB not available
23-Jul-2019 10:26:08.837 GeoIP Region (type 7) DB not available
23-Jul-2019 10:26:08.837 GeoIP ISP (type 4) DB not available
23-Jul-2019 10:26:08.837 GeoIP Org (type 5) DB not available
23-Jul-2019 10:26:08.837 GeoIP AS (type 9) DB not available
23-Jul-2019 10:26:08.837 GeoIP Domain (type 11) DB not available
23-Jul-2019 10:26:08.837 GeoIP NetSpeed (type 10) DB not available
23-Jul-2019 10:26:08.837 using default UDP/IPv4 port range: [32768, 60999]
23-Jul-2019 10:26:08.837 using default UDP/IPv6 port range: [32768, 60999]
23-Jul-2019 10:26:08.838 listening on IPv6 interfaces, port 53
23-Jul-2019 10:26:08.859 listening on IPv4 interface lo, 127.0.0.1#53
23-Jul-2019 10:26:08.859 listening on IPv4 interface ens160, 10.86.98.102#53
23-Jul-2019 10:26:08.860 generating session key for dynamic DNS
23-Jul-2019 10:26:08.860 sizing zone task pool based on 0 zones
23-Jul-2019 10:26:08.861 Loading 'example' using driver dlopen
23-Jul-2019 10:26:08.861 dlz_dlopen failed to open library '/usr/lib/dlz_example.so' - /usr/lib/dlz_example.so: failed to map segment from shared object
23-Jul-2019 10:26:08.861 dlz_dlopen of 'example' failed
23-Jul-2019 10:26:08.861 SDLZ driver failed to load.
23-Jul-2019 10:26:08.861 DLZ driver failed to load.
23-Jul-2019 10:26:08.862 loading configuration: failure
23-Jul-2019 10:26:08.862 exiting (due to fatal error)
What is the expected correct behavior?
dlz_example.so
is loaded by dlopen with no problems.
Relevant configuration files
options {
recursion no;
allow-query {
"any";
};
allow-transfer {
"any";
};
notify yes;
};
dlz "example" {
database "dlopen /usr/lib/dlz_example.so example.nil";
};
What I've tried
- Running
named
as root:
sudo named -g
- Building from source:
sudo apt remove --purge bind9
sudo apt install libssl-dev libcap-dev
cd bind-9.11.9
./configure --prefix=/usr --sysconfdir=/etc/bind --localstatedir=/var --with-dlopen=yes
Configuration summary:
-------------------------------------------------------------------------------
Optional features enabled:
Multiprocessing support (--enable-threads)
ECDSA algorithm support (--with-ecdsa)
EDDSA algorithm support (--with-eddsa)
Print backtrace on crash (--enable-backtrace)
Use symbol table for backtrace, named only (--enable-symtable)
Dynamically loadable zone (DLZ) drivers:
None
-------------------------------------------------------------------------------
Features disabled or unavailable on this platform:
Large-system tuning (--with-tuning)
Allow 'dnstap' packet logging (--enable-dnstap)
GeoIP2 access control (--with-geoip2)
GSS-API (--with-gssapi)
Allow 'fixed' rrset-order (--enable-fixed-rrset)
PKCS#11/Cryptoki support (--with-pkcs11)
Native PKCS#11/Cryptoki support (--enable-native-pkcs11)
GOST algorithm support (--with-gost)
Use libseccomp system call filtering (--enable-seccomp)
Very verbose query trace logging (--enable-querytrace)
Use GNU libtool (--with-libtool)
CMocka Unit Testng Framework (--with-cmocka)
XML statistics (--with-libxml2)
JSON statistics (--with-libjson)
HTTP zlib compression (--with-zlib)
LMDB database to store configuration for 'addzone' zones (--with-lmdb)
IDN support (--with-libidn2)
-------------------------------------------------------------------------------
Configured paths:
prefix: /usr
sysconfdir: /etc/bind
localstatedir: /var
-------------------------------------------------------------------------------
Compiler: gcc
gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-------------------------------------------------------------------------------
make
sudo make install
sudo cp contrib/dlz/example/named.conf /etc/bind/
sudo named -g
- BIND 9.14.4:
Configured and compiled application as before.
Configuration summary:
-------------------------------------------------------------------------------
Optional features enabled:
Print backtrace on crash (--enable-backtrace)
Use symbol table for backtrace, named only (--enable-symtable)
DNSSEC validation active by default (--enable-auto-validation)
Dynamically loadable zone (DLZ) drivers:
None
-------------------------------------------------------------------------------
Features disabled or unavailable on this platform:
Large-system tuning (--with-tuning)
Allow 'dnstap' packet logging (--enable-dnstap)
GeoIP2 access control (--with-geoip2)
GSS-API (--with-gssapi)
DNS Response Policy Service interface (--enable-dnsrps)
Allow 'fixed' rrset-order (--enable-fixed-rrset)
Using PKCS#11 for Public-Key Cryptography (--with-native-pkcs11)
Very verbose query trace logging (--enable-querytrace)
Use GNU libtool (--with-libtool)
CMocka Unit Testing Framework (--with-cmocka)
XML statistics (--with-libxml2)
JSON statistics (--with-libjson)
HTTP zlib compression (--with-zlib)
LMDB database to store configuration for 'addzone' zones (--with-lmdb)
IDN support (--with-libidn2)
-------------------------------------------------------------------------------
Configured paths:
prefix: /usr
sysconfdir: /etc/bind
localstatedir: /var
-------------------------------------------------------------------------------
Compiler: gcc
gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-------------------------------------------------------------------------------
The example in bind-9.14.4/contrib/dlz/example
was recompiled, but the provided Makefile produced the following error:
cd bind-9.14.4/contrib/dlz/example
make
gcc -Wall -fPIC -g -c -o dlz_example.o dlz_example.c
dlz_example.c: In function ‘modrdataset’:
dlz_example.c:671:35: error: ‘saveptr’ undeclared (first use in this function)
full_name = strtok_r(buf, "\t", &saveptr);
^~~~~~~
dlz_example.c:671:35: note: each undeclared identifier is reported only once for each function it appears in
<builtin>: recipe for target 'dlz_example.o' failed
make: *** [dlz_example.o] Error 1
After inspecting the source code, I added -pthread
to CFLAGS
in the Makefile, which prevented the error from occuring.
CFLAGS=-Wall -fPIC -g -pthread
make
ran successfully and dlz_example.so
and named.conf
were copied as before. But running named
still produces the dlz_dlopen
error.
- Another DLZ module (
contrib/dlz/modules/wildcard
).
What I haven't tried
-
Another OS.
-
A debugging tool to obtain more information about where exactly the error is occuring.
Advance apology
I am new to BIND, so there is a strong chance that this isn't a bug at all and is just a misconfiguration on my part. Please forgive me if this is the case, and point me in the right direction