Hi,
At the moment I have three FreeIPA systems (replicas), recently installed with CentOS 9-Stream. All three of these show this message at irregular intervals.
Jul 03 07:50:44 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:50:51 iparep5.example.com named[541]: zone 16.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:51:03 iparep5.example.com named[541]: zone 17.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:51:34 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:52:12 iparep5.example.com named[541]: zone 30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:03:51 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:04:52 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:06:30 iparep5.example.com named[541]: zone 30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:18:42 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:20:19 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:26:23 iparep5.example.com named[541]: zone 30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:34:12 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:34:50 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found
After posting this on the bind-users mailing list I did a bit more debugging. It turns out that the message is caused by the fact that bind-dyndb-ldap does not implement the getsize method. Now why didn't I see this message on my CentOS 8-Stream system? Well, it is because the bind package went from 9.11.26 to 9.16.23. In that newer version a new function zone_journal_compact was added which does the following:
zone.c: journalsize= zone->journalsize; if(journalsize== -1) { journalsize= DNS_JOURNAL_SIZE_MAX; dns_db_currentversion(db, &ver); result= dns_db_getsize(db, ver, NULL, &dbsize); dns_db_closeversion(db, &ver, false); if(result!= ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_journal_compact: " "could not get zone size: %s", isc_result_totext(result)); } elseif(dbsize< DNS_JOURNAL_SIZE_MAX/ 2) { journalsize= (int32_t)dbsize* 2; } } and dns_db_getsize executes this: isc_result_t dns_db_getsize(dns_db_t*db, dns_dbversion_t*version, uint64_t*records, uint64_t*bytes) { REQUIRE(DNS_DB_VALID(db)); REQUIRE(dns_db_iszone(db)); if(db->methods->getsize!= NULL) { return((db->methods->getsize)(db, version, records, bytes)); } return(ISC_R_NOTFOUND); } However, the getsize method is not implemented. Thus you'll get the above mentioned messages. I'm surprised that nobody reported this. Everybody with FreeIPA + DNS + CentOS 9-Stream should be getting these messages. The messages are colored in red in journalctl, as if this is a serious problem. Is it? Or can I ignore this message? -- Kees
On Аўт, 09 ліп 2024, Kees Bakker via FreeIPA-users wrote:
Hi,
At the moment I have three FreeIPA systems (replicas), recently installed with CentOS 9-Stream. All three of these show this message at irregular intervals.
Jul 03 07:50:44 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:50:51 iparep5.example.com named[541]: zone 16.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:51:03 iparep5.example.com named[541]: zone 17.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:51:34 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 07:52:12 iparep5.example.com named[541]: zone 30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:03:51 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:04:52 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:06:30 iparep5.example.com named[541]: zone 30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:18:42 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:20:19 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:26:23 iparep5.example.com named[541]: zone 30.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:34:12 iparep5.example.com named[541]: zone example.com/IN: zone_journal_compact: could not get zone size: not found Jul 03 08:34:50 iparep5.example.com named[541]: zone 29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone size: not found
After posting this on the bind-users mailing list I did a bit more debugging. It turns out that the message is caused by the fact that bind-dyndb-ldap does not implement the getsize method. Now why didn't I see this message on my CentOS 8-Stream system? Well, it is because the bind package went from 9.11.26 to 9.16.23. In that newer version a new function zone_journal_compact was added which does the following:
zone.c: journalsize= zone->journalsize; if(journalsize== -1) { journalsize= DNS_JOURNAL_SIZE_MAX; dns_db_currentversion(db, &ver); result= dns_db_getsize(db, ver, NULL, &dbsize); dns_db_closeversion(db, &ver, false); if(result!= ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_journal_compact: " "could not get zone size: %s", isc_result_totext(result)); } elseif(dbsize< DNS_JOURNAL_SIZE_MAX/ 2) { journalsize= (int32_t)dbsize* 2; } } and dns_db_getsize executes this: isc_result_t dns_db_getsize(dns_db_t*db, dns_dbversion_t*version, uint64_t*records, uint64_t*bytes) { REQUIRE(DNS_DB_VALID(db)); REQUIRE(dns_db_iszone(db)); if(db->methods->getsize!= NULL) { return((db->methods->getsize)(db, version, records, bytes)); } return(ISC_R_NOTFOUND); } However, the getsize method is not implemented. Thus you'll get the above mentioned messages. I'm surprised that nobody reported this. Everybody with FreeIPA + DNS + CentOS 9-Stream should be getting these messages. The messages are colored in red in journalctl, as if this is a serious problem. Is it? Or can I ignore this message? -- Kees
Thanks for the analysis. Judging by the code, it is supposed to tell how many records are in the database and what is their total size in bytes. This is used in zone maintenance, mostly for zone journal handling. The latter has less need for bind-dyndb-ldap -backed zones because their content is not stored locally (in DB files) and can be modified outside of Bind anyway, so journal data is not valid for it.
Bind expects that some backends might have no getsize() method -- there are few internal backends such as caches that have no getsize() implementation. So it is not really a requirement.
The message in zone_journal_compact() would really best be a warning, not an error.
freeipa-users@lists.fedorahosted.org