Bind 9.9.4 DLZ LDAP , error in config file named.conf

[willy70]

Dear All, let me explain my issue.
I've CentOS 5.5 with Bind version 9.6.1 and the most important item for this setup
is the integration with Ldap throught DLZ. So as you can imagine I've named.conf
with ldap servers but I haven't any zone file because all informations
about hostname and IP are inside Ldap.
In the following my named.conf file:

options {
directory "/var/named";

listen-on-v6 { none; };
listen-on { 127.0.0.1; ......
omissis
................
pid-file "/var/run/named/named.pid";
};
.....
dlz "ldap zone" {
database "ldap 1 v3 simple {cn=Sync,dc=priv} {PASSWORD} {10.0.0.1}
ldap:///dlzZoneName=%zone%,ou=dns,dc=priv???objectClass=dlzZone
ldap:///dlzHostName=%record%,dlzZoneName=%zone%,ou=dns,dc=priv?dlzTTL,dlzType,dlzPreference,dlzData,dlzIPAddr?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa)))
ldap:///dlzHostName=@,dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa))
ldap:///dlzZoneName=%zone%,ou=dns,o=bind-dlz?dlzTTL,dlzType,dlzHostName,dlzPreference,dlzData,dlzIPAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))";
};

Ldap server is OpenLdap 2.4.11 with DLZ schema, with this setup name resolution for zones "*.PRIV" works fine.

This server is up and running from many years but now I need to update to Centos 7, but
with this OS update I also migrate to Bind 9.9.4 included in the last Centos and this is my problem !

Bind 9.9.4 with named.conf describe above failed during startup. When I make "systemctl start named.sdb"
I've this error:

Job for named-sdb.service failed because the control process exited with error code. See "systemctl status named-sdb.service" and "journalctl -xe" for details.

/var/log/messages:

May 3 10:11:53 privgw systemd: Starting Generate rndc key for BIND (DNS)...
May 3 10:11:53 privgw systemd: Started Generate rndc key for BIND (DNS).
May 3 10:11:53 privgw systemd: Starting Berkeley Internet Name Domain (DNS)...
May 3 10:11:53 privgw bash: zone localhost/IN: loaded serial 2002081601
May 3 10:11:53 privgw bash: zone 127.in-addr.arpa/IN: loaded serial 2002081601
May 3 10:11:53 privgw named-sdb[5307]: starting BIND 9.9.4-RedHat-9.9.4-38.el7_3.3 -u named
May 3 10:11:53 privgw named-sdb[5307]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--with-geoip' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--enable-fixed-rrset' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
May 3 10:11:53 privgw named-sdb[5307]: ----------------------------------------------------
May 3 10:11:53 privgw named-sdb[5307]: BIND 9 is maintained by Internet Systems Consortium,
May 3 10:11:53 privgw named-sdb[5307]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
May 3 10:11:53 privgw named-sdb[5307]: corporation. Support and training for BIND 9 are
May 3 10:11:53 privgw named-sdb[5307]: available at https://www.isc.org/support
May 3 10:11:53 privgw named-sdb[5307]: ----------------------------------------------------
May 3 10:11:53 privgw named-sdb[5307]: adjusted limit on open files from 4096 to 1048576
May 3 10:11:53 privgw named-sdb[5307]: found 1 CPU, using 1 worker thread
May 3 10:11:53 privgw named-sdb[5307]: using 1 UDP listener per interface
May 3 10:11:53 privgw named-sdb[5307]: using up to 4096 sockets
May 3 10:11:53 privgw named-sdb[5307]: SDB ldap zone database module loaded.
May 3 10:11:53 privgw named-sdb[5307]: SDB postgreSQL DB zone database module loaded.
May 3 10:11:53 privgw named-sdb[5307]: SDB sqlite3 DB zone database module loaded.
May 3 10:11:53 privgw named-sdb[5307]: SDB directory DB zone database module loaded.
May 3 10:11:53 privgw named-sdb[5307]: loading configuration from '/etc/named.conf'
.......
May 3 10:11:53 privgw named-sdb[5307]: Loading 'ldap zone' using driver ldap
May 3 10:11:53 privgw named-sdb[5307]: all nodes query must specify a search base
May 3 10:11:53 privgw named-sdb[5307]: SDLZ driver failed to load.
May 3 10:11:53 privgw named-sdb[5307]: DLZ driver failed to load.
May 3 10:11:53 privgw named-sdb[5307]: loading configuration: failure
May 3 10:11:53 privgw named-sdb[5307]: exiting (due to fatal error)
May 3 10:11:53 privgw systemd: named-sdb.service: control process exited, code=exited status=1
May 3 10:11:53 privgw systemd: Failed to start Berkeley Internet Name Domain (DNS).
May 3 10:11:53 privgw systemd: Unit named-sdb.service entered failed state.
May 3 10:11:53 privgw systemd: named-sdb.service failed.

Any ideas ?
Thanks in adavance for your help !
Best Regards
Willy

[TrevorH]

What's the output from rpm -qa bind\* ?

[willy70]

What's the output from rpm -qa bind\* ?

bind-devel-9.9.4-38.el7_3.3.x86_64
bind-libs-lite-9.9.4-38.el7_3.3.x86_64
bind-libs-9.9.4-38.el7_3.3.x86_64
bind-dyndb-ldap-10.0-5.el7.x86_64
bind-license-9.9.4-38.el7_3.3.noarch
bind-sdb-9.9.4-38.el7_3.3.x86_64
bind-utils-9.9.4-38.el7_3.3.x86_64
bind-9.9.4-38.el7_3.3.x86_64

Thanks !

[willy70]

SOLVED.
The DLZ-tokens are no longer %zone%, %record% etc. but $zone$, $record$ etc.
Best Regards
Willy