On Tue, 17 Sep 2019 12:14:14 -0400,
Ian Zimmerman wrote:
>
> On 2019-09-17 03:30, John Covici wrote:
>
> > Hi. I am having a very annoying problem with named. I am using
> > net-dns/bind-9.14.4 which I actually updated from a previous version
> > which also had the problem. It seems that an assertion has failed:
> > Sep 17 03:10:53 ccs.covici.com named[1857864]: resolver.c:4917:
> > INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed, back
> > trace
> >
> > There is a back trace which I can supply if that would help. There is
> > also a coredump.
> >
> > Also, when I restart named (which I have now done automatically by
> > systemd) it gives me a lot of errors like the following:
> > Sep 17 03:11:59 ccs.covici.com named[3299910]: validating arpa/DS: no
> > valid signature found
> > or this:
> > Sep 17 03:12:00 ccs.covici.com named[3299910]: validating com/DS: no
> > valid signature found
>
> This looks like a DNSSEC problem. I don't run bind on my gentoo system,
> but I did this:
>
> $ equery -C u net-dns/bind
> [ Legend : U - final flag setting for installation]
> [ : I - package is installed with flag ]
> [ Colors : set, unset ]
> * Found these USE flags for net-dns/bind-9.14.4:
> U I
> + + berkdb : Add support for sys-libs/db (Berkeley DB for
> MySQL)
> + - caps : Use Linux capabilities library to control
> privilege
> - - dlz : Enables dynamic loaded zones, 3rd party
> extension
> - - dnsrps : Enable the DNS Response Policy Service
> (DNSRPS) API, a mechanism to allow an
> external response policy provider
> - - dnstap : Enables dnstap packet logging
> - - doc : Add extra documentation (API, Javadoc, etc).
> It is recommended to enable per
> package instead of globally
> - - fixed-rrset : Enables fixed rrset-order option
> - - geoip : Add geoip support for country and city lookup
> based on IPs
> - - gost : Enables gost OpenSSL engine support
> - - gssapi : Enable gssapi support
> + + json : Enable JSON statistics channel
> - - ldap : Add LDAP support (Lightweight Directory
> Access Protocol)
> - - libressl : Use dev-libs/libressl instead of
> dev-libs/openssl when applicable (see also the ssl
> useflag)
> - - lmdb : Enable LMDB support to store configuration
> for 'addzone' zones
> - - mysql : Add mySQL Database support
> - - odbc : Add ODBC Support (Open DataBase Connectivity)
> - - postgres : Add support for the postgresql database
> - - python : Add optional support/bindings for the Python
> language
> + + python_targets_python2_7 : Build with Python 2.7
> - - python_targets_python3_5 : Build with Python 3.5
> + + python_targets_python3_6 : Build with Python 3.6
> - - static-libs : Build static versions of dynamic libraries as
> well
> - - urandom : Use /dev/urandom instead of /dev/random
> + + xml : Add support for XML files
> + + zlib : Add support for zlib (de)compression
>
> which left me puzzled: the libressl flag docstring talks about a ssl
> flag which doesn't exist for this package.
>
> Try running "ldd /usr/sbin/named". Is openssl (ie. libssl and
> libcrypto) part of the output?
libcrypto is there along with libgnutls, but no libssl.
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici wb2una
cov...@ccs.covici.com
