Date: Wed, 14 Nov 2018 10:33:14 +0100 From: Mathieu Arnold <mat@FreeBSD.org> To: "Kevin P. Neal" <kpn@neutralgood.org> Cc: freebsd-ports@freebsd.org Subject: Re: BIND update gone bad Message-ID: <20181114093314.yqegemvr43mqttk6@atuin.in.mat.cc> In-Reply-To: <20181114021512.GA21405@neutralgood.org> References: <20181114021512.GA21405@neutralgood.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--rjqvlj76lfb67xpe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 13, 2018 at 09:15:12PM -0500, Kevin P. Neal wrote: > Before anyone panics on my behalf, I did a zfs rollback to avoid the new > named problem. But something needs to be fixed somewhere. >=20 > I just did an svn update of /usr/ports, ran poudriere and then did pkg > upgrade, which includes updates to bind911-9.11.5. My base system is > 11.2-p4. When I restarted named it failed to start. When run "by hand" as > shown below it prints errors that may help someone solve this issue: >=20 >=20 > [root@gunsight1 ~]# /usr/local/sbin/named -g -t /var/named -u bind -c /e= tc/namedb/named.conf > 13-Nov-2018 21:00:30.955 starting BIND 9.11.5 (Extended Support Version) = <id:3b0b204> > 13-Nov-2018 21:00:30.955 running on FreeBSD amd64 11.2-RELEASE-p4 FreeBSD= 11.2-RELEASE-p4 #0: Thu Sep 27 08:16:24 UTC 2018 root@amd64-builder.da= emonology.net:/usr/obj/usr/src/sys/GENERIC > 13-Nov-2018 21:00:30.955 built with '--localstatedir=3D/var' '--disable-l= inux-caps' '--disable-symtable' '--with-randomdev=3D/dev/random' '--with-li= bxml2=3D/usr/local' '--with-readline=3D-L/usr/local/lib -ledit' '--with-dlo= pen=3Dyes' '--sysconfdir=3D/usr/local/etc/namedb' '--with-dlz-filesystem=3D= yes' '--disable-dnstap' '--disable-filter-aaaa' '--disable-fixed-rrset' '--= without-geoip' '--without-gssapi' '--with-libidn2=3D/usr/local' '--enable-i= pv6' '--with-libjson=3D/usr/local' '--disable-largefile' '--with-lmdb=3D/us= r/local' '--disable-native-pkcs11' '--with-python=3D/usr/local/bin/python2.= 7' '--disable-querytrace' '--enable-rpz-nsdname' '--enable-rpz-nsip' 'STD_C= DEFINES=3D-DDIG_SIGCHASE=3D1' '--with-openssl=3D/usr' '--enable-threads' '-= -with-tuning=3Ddefault' '--prefix=3D/usr/local' '--mandir=3D/usr/local/man'= '--infodir=3D/usr/local/share/info/' '--build=3Damd64-portbld-freebsd11.2'= 'build_alias=3Damd64-portbld-freebsd11.2' 'CC=3Dcc' 'CFLAGS=3D-O2 -pipe -D= LIBICONV_PLUG -fstack-protector -isystem /usr/local/include -fno-stri > ct-aliasing ' 'LDFLAGS=3D -fstack-protector ' 'LIBS=3D-L/usr/local/lib' = 'CPPFLAGS=3D-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=3Dcpp' > 13-Nov-2018 21:00:30.955 running as: named -g -t /var/named -u bind -c /e= tc/namedb/named.conf > 13-Nov-2018 21:00:30.955 compiled by CLANG 4.2.1 Compatible FreeBSD Clang= 6.0.0 (tags/RELEASE_600/final 326565) > 13-Nov-2018 21:00:30.955 compiled with OpenSSL version: OpenSSL 1.0.2o-fr= eebsd 27 Mar 2018 > 13-Nov-2018 21:00:30.955 linked to OpenSSL version: OpenSSL 1.0.2o-freebs= d 27 Mar 2018 > 13-Nov-2018 21:00:30.955 compiled with libxml2 version: 2.9.7 > 13-Nov-2018 21:00:30.955 linked to libxml2 version: 20907 > 13-Nov-2018 21:00:30.955 compiled with libjson-c version: 0.13.1 > 13-Nov-2018 21:00:30.955 linked to libjson-c version: 0.13.1 > 13-Nov-2018 21:00:30.955 compiled with zlib version: 1.2.11 > 13-Nov-2018 21:00:30.955 linked to zlib version: 1.2.11 > 13-Nov-2018 21:00:30.955 threads support is enabled > 13-Nov-2018 21:00:30.955 ------------------------------------------------= ---- > 13-Nov-2018 21:00:30.955 BIND 9 is maintained by Internet Systems Consort= ium, > 13-Nov-2018 21:00:30.955 Inc. (ISC), a non-profit 501(c)(3) public-benefi= t=20 > 13-Nov-2018 21:00:30.955 corporation. Support and training for BIND 9 ar= e=20 > 13-Nov-2018 21:00:30.955 available at https://www.isc.org/support > 13-Nov-2018 21:00:30.955 ------------------------------------------------= ---- > 13-Nov-2018 21:00:30.955 found 16 CPUs, using 16 worker threads > 13-Nov-2018 21:00:30.955 using 15 UDP listeners per interface > 13-Nov-2018 21:00:30.956 using up to 4096 sockets > 13-Nov-2018 21:00:30.959 ENGINE_by_id failed (crypto failure) > 13-Nov-2018 21:00:30.959 error:25066067:DSO support routines:DLFCN_LOAD:c= ould not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlf= cn.c:187:filename(/usr/lib/engines/libgost.so): Cannot open "/usr/lib/engin= es/libgost.so" > 13-Nov-2018 21:00:30.959 error:25070067:DSO support routines:DSO_load:cou= ld not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c= :233: > 13-Nov-2018 21:00:30.959 error:260B6084:engine routines:DYNAMIC_LOAD:dso = not found:/usr/src/crypto/openssl/crypto/engine/eng_dyn.c:467: > 13-Nov-2018 21:00:30.959 error:2606A074:engine routines:ENGINE_by_id:no s= uch engine:/usr/src/crypto/openssl/crypto/engine/eng_list.c:390:id=3Dgost > 13-Nov-2018 21:00:30.959 initializing DST: crypto failure > 13-Nov-2018 21:00:30.959 exiting (due to fatal error) Mmmmm, I removed the GOST option from 9.11 because it was removed in later version and never used, but it seems BIND9 is picking up the fact that base OpenSSL still has GOST support on 11. I'll fix. --=20 Mathieu Arnold --rjqvlj76lfb67xpe Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEOraXidLtEhBkQLpbOkUW81GDzkgFAlvr69pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNB QjY5Nzg5RDJFRDEyMTA2NDQwQkE1QjNBNDUxNkYzNTE4M0NFNDgACgkQOkUW81GD zkhQSA//VsW3+4ziW6G8d6TVFBTcY0563T/re79HJ3JEALLw/O3CLKvWY09eecSl uVjk0TCSMmbeQVdj/60buF+RYA++ETCLuce1LnvuVvbeRRF/XVMmyhYSXtRShGvS g1Bl6qghSzOhX1vPetaVv9VdsG6QeeDkvwXC3b0GmuTk5dszxZd9rISG7Q1kk9A2 hX9YSQOqU2YBvo4PHWj/+R1xvZGj+vY0iHwXMxQdmiJR6sXEeZ54e3cuYn3P7cyH aDSF6wgRkd1kHdOpysIyCXxASoN0d4iUHt92h7eBCtRDW2oGrIu3HuisLWqz4MqL fgUpLR2r5Mc76nSYfDDjyEVnKfVwrbIg5Mn1OjzKppF6xal8gAFdfHOyLVRfcnUu NmgRq6UyKeL0z3SbFNZklOaFBwGKxO0Goay7hReYXlBqP4mO4nFJpem1iqyWQEZc 1VhGjaflvOXqv1zgfxuxetNYn7B8n1t4bPfXD1GMbVcrWyisGC9nnCXrGbK+kmDc cwrpEqbm82boQNTzVKaiBU4B3/iEaK/QOrKNCsjShuzX5tGzNYYiFJbHz8ArXvGM SAAyEYf35yzNyGCSvVVgpXgrSyB5/xk/vUGuIXNvaim40d7O58dDI+N7zuHcvKF/ GI090rOmb3woRIORytG6TfJb6kchmOqIMvtvexo/osxSZLuAEQs= =9LUp -----END PGP SIGNATURE----- --rjqvlj76lfb67xpe--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181114093314.yqegemvr43mqttk6>