I upgraded my OpenSSL and BIND ports on one of my machines yesterday afternoon, and ended up with BIND being unable to start due to some problem with OpenSSL. Unfortunately, it's not giving me any real information to go on about what the problem is.
> openssl version WARNING: can't open config file: /usr/local/openssl/openssl.cnf OpenSSL 1.0.1c 10 May 2012 > sudo named -g -t /var/named/authoritative/ -u bind -d 100 08-Jul-2012 16:45:00.347 starting BIND 9.8.3-P1 -g -t /var/named/authoritative/ -u bind -d 100 08-Jul-2012 16:45:00.347 built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-openssl=/usr/local' '--with-libxml2=/usr/local' '--with-idn=/usr/local' '--with-libiconv=/usr/local' '--enable-largefile' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-ipv6' '--enable-threads' '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info/' '--build=x86_64-portbld-freebsd8.2' 'build_alias=x86_64-portbld-freebsd8.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -rpath=/usr/local/lib' 'CPPFLAGS=' 'CPP=cpp' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -fno-strict-aliasing' 08-Jul-2012 16:45:00.347 ---------------------------------------------------- 08-Jul-2012 16:45:00.347 BIND 9 is maintained by Internet Systems Consortium, 08-Jul-2012 16:45:00.347 Inc. (ISC), a non-profit 501(c)(3) public-benefit 08-Jul-2012 16:45:00.347 corporation. Support and training for BIND 9 are 08-Jul-2012 16:45:00.347 available at https://www.isc.org/support 08-Jul-2012 16:45:00.347 ---------------------------------------------------- 08-Jul-2012 16:45:00.347 found 4 CPUs, using 4 worker threads 08-Jul-2012 16:45:00.349 using up to 4096 sockets 08-Jul-2012 16:45:00.349 Registering DLZ_dlopen driver 08-Jul-2012 16:45:00.349 Registering SDLZ driver 'dlopen' 08-Jul-2012 16:45:00.349 Registering DLZ driver 'dlopen' 08-Jul-2012 16:45:00.351 decrement_reference: delete from rbt: 0x802467058 . 08-Jul-2012 16:45:00.352 initializing DST: openssl failure 08-Jul-2012 16:45:00.352 exiting (due to fatal error) I found multiple versions of libgcrypt installed, which was generating some compile warnings, but cleaning that up didn't help. There is only one version of openssl installed, so no conflicts there.. > ls -d /var/db/pkg/*ssl* /var/db/pkg/openssl-1.0.1_3 I can recompile without SSL to get my name servers running again, but that's not really sustainable. Does anyone have any suggestions for how to get more information out of BIND about what exactly is failing? _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
