Bind9 with DLZ and MySQL backend on Ubuntu Jaunty (9.04), Lucid (10.04) and Precise (12.04)

Submitted by Hannes Schmidt on Thu, 12/24/2009 - 15:48.

Update 06/27/2010: This workaround is still necessary for Lucid (10.04 LTS) and Precise (12.04 LTS). These instructions still work for those releases with minor adjustments (see the updates at the end of the article).

This forum post got me started but I got stuck in various places and thought I'd summarize what worked for me. I'm not going to explain much but if you're going to work with Bind and DLZ you probably know what you're dealing with. I also won't go into configuring DLZ because that depends on your particular DB schema and there is sufficient documentation on the DLZ website.

We need MySQL of course:

root@foo:~# apt-get install mysql-server

Make a directory to hold the source package for bind9,

root@foo:~# mkdir -p /usr/local/src/bind9

and change into it:

root@foo:~# cd /usr/local/src/bind9

Bison and fakeroot are needed. Not sure if these are a build-time only dependencies.

root@foo:/usr/local/src/bind9# apt-get install fakeroot bison

My sources.list was lacking the required deb-src entries:

root@foo:/usr/local/src/bind9# vim /etc/apt/sources.list

Make sure the following deb-src lines are present and active:

deb-src lucid main
deb-src lucid-security main restricted universe multiverse
deb-src lucid-updates main restricted universe multiverse

On Jaunty, replace lucid with jaunty, of course.

If you modified sources.list, update the package index.

root@foo:/usr/local/src/bind9# apt-get update

Get the build tools:

root@foo:/usr/local/src/bind9# apt-get install build-essential

Get the Bind9 source package:

root@foo:/usr/local/src/bind9# apt-get source bind9

This is what you should get:

root@foo:/usr/local/src/bind9# ls -1

On Jaunty, the package verison is bind9-9.5.1.dfsg.P2 instead.

We also need the MySQL client headers when building Bind9 with DLZ and MySQL:

root@foo:/usr/local/src/bind9# apt-get install libmysqlclient15-dev

On Lucid, install libmysqlclient-dev instead.

Cd into the unpacked source tree:

root@foo:/usr/local/src/bind9# cd bind9-9.7.0.dfsg.P1/

On Lucid, the directory is bind9-9.7.0.dfsg.P1 instead.

Modify the Debian build script:

root@foo:/usr/local/src/bind9/bind9-9.7.0.dfsg.P1# vim debian/rules

Change --with-dlz-mysql=no to --with-dlz-mysql=yes or add a line --with-dlz-mysql=yes (don't forget preceding backslash).

Install more build-time requirements. I didn't find out that I needed these until the dpkg-buildpackage step below complained about them being missing.

root@foo:/usr/local/src/bind9/bind9-9.7.0.dfsg.P1# apt-get install \
libkrb5-dev \
libkrb5-dev \
libssl-dev \
libtool \
libdb-dev \
libldap2-dev \
libldap2-dev \
libcap2-dev \
hardening-wrapper \
debhelper \

Build the binary packages. If dpkg-buildpackage complains about unmet dependencies, apt-get install what's missing, rinse and repeat.

root@foo:/usr/local/src/bind9/bind9-9.7.0.dfsg.P1# dpkg-buildpackage -rfakeroot -b

Back out one directory.

root@foo:/usr/local/src/bind9/bind9-9.7.0.dfsg.P1# cd ..

You should have roughly the following binary packages:

root@foo:/usr/local/src/bind9# ls -1

Install the binary packages on your system.

root@foo:/usr/local/src/bind9# dpkg -i *.deb

Update (12/30/2009)

I seem to be running into a problem connected with leaking or intermittedly dying connections to the MySQL server. Bind logs "mysql driver unable to return result set for findzone query" and eventually dies. This matches a problem description I found in a discussion on the DLZ mailing list with some interesting findings. I have not applied the suggested patch yet and am trying to fix the problem solely by forcing Bind to run in a single thread which has also been suggested in that thread.
root@foo:~# vim /etc/default/bind9
Change OPTIONS to include -n 1:
OPTIONS="-u bind -n 1"

Update (01/01/2010)

The order in which the bind9 and mysql init scripts are started by default does not reflect the fact that there now is a dependency of Bind9 on MySQL. Rebooting the system will start bind before mysql which causes bind to exit. Changing the boot order of init scripts is a bit involved so bare with me.
root@foo:~# apt-get install insserv
Edit the mysql init scripts and remove the $named from the two lines beginning with # Should-Start: and # Should-Stop:
root@foo:~# vim /etc/init.d/mysql-ndb
root@foo:~# vim /etc/init.d/mysql-ndb-mgm 
root@foo:~# vim /etc/init.d/mysql
Append mysql to the Should-Start and Should-Stop lines. The 3rd file does not exsist on Lucid. Ignore it.
root@foo:~# vim /etc/init.d/bind9
Run insserv to set up the necessary symlinks in /etc/rcX.d.
root@foo:~# insserv mysql
root@foo:~# insserv bind9
Reboot to make sure everything is in order.

Update (6/27/2010)

This one is annoying: Lucid's version of Bind includes a patch that changes the interpolation character in DLZ's configuration file from % to $ for whatever reason. This isn't mentioned anywhere (the DLZ website still documents the old syntax) and what's worse: the error messages haven't been patched. Even though DLZ is looking for $zone$, the syslog entries complain about %zone% being missing.

Anyways, I was getting this:

    Jun 27 21:14:12 a named[25385]: Loading 'Dynamic zone' using driver mysql
    Jun 27 21:14:12 a named[25385]: Required token %zone% not found.
    Jun 27 21:14:12 a named[25385]: Could not build all nodes query list
    Jun 27 21:14:12 a named[25385]: mysql driver could not create database instance object.
    Jun 27 21:14:12 a kernel: [ 2027.484135] named[25386]: segfault at 58 ip ...

Notice the segfault at the end? Yum!

After replacing % with $ in named.conf.local everything worked.

Update (6/26/2011)

When a Ubuntu releases an upgrade to bind9 and you do apt-get upgrade, the binary package from the upstream repository will overwrite the installation you did from the source package. At the end of the upgrade process, bind will fail to start because the upstream package does not understand the MySQL/DLZ-specific configuration in /etc/. I'm sure there's a way to prevent the overwriting of a package installed from source but I don't know how (leave a comment if you do). You will have to repeat the steps steps above, skipping the installation of the build prerequistites, of course.

Update (3/4/2012)

As suggested by a reader, the following commands prevent bind9 from being subject to automatic upgrades. They put a hold on the bind package. Without the hold, bind9 refuses to start after an upgrade because of the DLZ references in its configuration which aren't understood by the upstream version of bind.

root@foo:~# for package in bind9 bind9-doc bind9-host bind9utils dnsutils libbind9-60 \
    libbind-dev libdns64 libisc60  libisccc60 libisccfg60 liblwres60 lwresd ; do \
    echo $package hold | dpkg --set-selections ; done
root@foo:~# dpkg --get-selections | grep hold
bind9						hold
bind9-doc					hold
bind9-host					hold
bind9utils					hold
dnsutils					hold
libbind-dev					hold
libbind9-60					hold
libdns64					hold
libisc60					hold
libisccc60					hold
libisccfg60					hold
liblwres60					hold
lwresd						hold

Update (12/13/2012)

Version 9.8.1 of bind9 used in Precise (Ubuntu 12.04 LTS) has a bug that prevent compilation with DLZ support enabled. The fix involves commenting out the #ifdef DLZ in contrib/dlz/drivers/sdlz_helper.c.
( categories: Unix )
Submitted by Hannes Schmidt on Thu, 07/26/2012 - 23:22.
Didn't know that either. Thanks for pointing it out. -- Hannes
Submitted by Anonymous on Sun, 04/29/2012 - 06:10.
Instead of installing the mising dependencies manually, you should be able to use the apt-get build-dep command like this sudo apt-get build-dep bind9
Submitted by Hannes Schmidt on Sun, 10/16/2011 - 18:23.
That's a good tip. Thank you! -- Hannes
Submitted by Anonymous on Mon, 08/15/2011 - 09:57.
Can't you `apt-get hold` the bind9 package to prevent automatic upgrades to it? Of course, this does mean that you need to keep an eye on upstream fixes and repeat the above to compile a new version.
Submitted by Anonymous on Wed, 12/15/2010 - 04:27.
I just wanted to say. THANK YOU! This exact error along with it's faulty error message wasted much of my time too.