IPA Server installation with DNS fails on Oracle Linux 8.1

andreas.dijkman

To add to this thread, the reported packages aren't the problem.

I've reinstalled the rpm bind-pkcs11-9.11.4-26.P2.el8.x86_64.rpm from CentOS-repository and that fixed it. Now named-pkcs11 starts succesfully.

Avi Miller-Oracle

Yes, the internal bug is logged against our build of bind-pkcs11. Thanks Andreas.

Sven Jansen

@Avi Miller Thank you very much!

@Dude! if you want to use existing domains or reverse zones you can use the --skip-overlap-check option to avoid the checks, i use this in split dns scenarios.

Dude!

Perhaps it's also possible to use example.local or example.info, instead of example.com, but I simply tried to reproduce the error following your example.

Btw, posting a conclusion when reporting a problem is often not very useful. It is usually necessary to reproduce the error and analyze with own eyes. So info how you installed the software to reproduce the exact same error will help to find a solution.

andreas.dijkman

@Avi Miller-Oracle: Any updates on this bug? As Oracle Linux 8.2 has been released yesterday, I'd like to know if I can update to 8.2 or not or that I need to wait for CentOS 8.2 also.

Avi Miller-Oracle

I actually asked about this yesterday. The developer that was investigating was reassigned to a blocker bug for OL8U2 which (as you said) was released, so will now come back to looking at this, I believe. I don't have more details than that at this stage.

andreas.dijkman

Any updates on the bug?

jlspies

I've just tested this in a Virtual Box instance and Oracle 8.2 still fails with the same error unfortunately:

May 27 18:24:32 default-oracle-82 named-pkcs11[50102]: ----------------------------------------------------

May 27 18:24:32 default-oracle-82 named-pkcs11[50102]: adjusted limit on open files from 262144 to 1048576

May 27 18:24:32 default-oracle-82 named-pkcs11[50102]: found 2 CPUs, using 2 worker threads

May 27 18:24:32 default-oracle-82 named-pkcs11[50102]: using 1 UDP listener per interface

May 27 18:24:32 default-oracle-82 named-pkcs11[50102]: using up to 21000 sockets

May 27 18:24:32 default-oracle-82 named-pkcs11[50102]: initializing DST: no PKCS#11 provider

May 27 18:24:32 default-oracle-82 named-pkcs11[50102]: exiting (due to fatal error)

May 27 18:24:32 default-oracle-82 systemd[1]: named-pkcs11.service: Control process exited, code=exited status=1

May 27 18:24:32 default-oracle-82 systemd[1]: named-pkcs11.service: Failed with result 'exit-code'.

May 27 18:24:32 default-oracle-82 systemd[1]: Failed to start Berkeley Internet Name Domain (DNS) with native PKCS#11.

[[email protected] log]# /usr/sbin/named-pkcs11 -u named -c /etc/named.conf -d 5 -f

Can't load PKCS#11 provider: dlopen("pkcs11") failed: /lib64/pkcs11: cannot read file data: Is a directory

[[email protected] log]# uname -r

5.4.17-2011.2.2.el8uek.x86_64

[[email protected] log]# cat /etc/oracle-release

Oracle Linux Server release 8.2

[[email protected] log]#

Avi Miller-Oracle

No updates yet. I have raised the priority of the bug internally.

Sven Jansen

New Security Update for bind including bind-pkcs11-9.11.13-5.el8_2.x86_64.rpm. Still broken