Re: RSA warnings & errors in 9.8.4
Hello Jay, Jay Ford writes: > I just upgraded BIND on a Linux-based server from 9.8.3-P3 to 9.8.4. > > I started getting a bunch of "RSA_verify" errors, as has been > discussed on this list. Is there a 9.8 release which quells those > messages, or is hacking > the source post-download still the recommended fix? > not fixed in the -P1 releases of 9.8.4 and 9.9.2, should be fixed with the next regular BIND 9 release. So "hacking the source post-download" is still what you want to do if you do not like the messages. -- Carsten ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Ubuntu 12.04 & BIND 9.9.2-P1
Hello Rusty, Rusty L Vaughn writes: > I am getting the following error with a compiled version of BIND with > Ubuntu 12.04. The file at the path does exist. I think I am missing a > package but I am not sure what could be missing. Thanks > > error:25066067:DSO support routines:DLFCN_LOAD:could not load the > shared library:dso_dlfcn.c:185:filename > (/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so): > /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so: cannot > open shared object file: No such file or directory > > error:25070067:DSO support routines:DSO_load:could not load the shared > library:dso_lib.c:244: > > error:260B6084:engine routines:DYNAMIC_LOAD:dso not > found:eng_dyn.c:450: > > error:2606A074:engine routines:ENGINE_by_id:no such > engine:eng_list.c:417:id=gost > > initializing DST: crypto failure > > exiting (due to fatal error) Are you running BIND in a chroot environment? If yes, you need to re-create the path and copy the file(s) mentioned in the error message into the chroot. libgost ist an OpenSSL "crypto-engine" that implements the GOST algorithm that can be used for DNSSEC. OpenSSL loads the "crypto-engines" after BIND has entered the chroot environment, so it looks for the files inside the chroot. if your chroot is "/var/named" (start BIND with named -t /var/named), then the file should be located in /var/named/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so Be prepared that you need to copy multiple file. Fix one error and then look for the next. Best regards Carsten Strotmann ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
zone files in bind-9.9
Hi I upgraded my BIND from 9.7 to 9.9. For BIND 9.7 all zone files under /var/cache/bind are clear textes. But under BIND 9.9 it seems the zone files are binary format. So how can we check the content of zone files now? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
Hello Feng, Feng He writes: > I upgraded my BIND from 9.7 to 9.9. > For BIND 9.7 all zone files under /var/cache/bind are clear textes. > But under BIND 9.9 it seems the zone files are binary format. > So how can we check the content of zone files now? you can use "named-compilezone" to convert from RAW-Format to Text-Format. Or you can use "dig" with axfr to get a zone-transfer from the server (dig @server axfr zone.tld). You can change the format for writing zone files in the named.conf if you prefer the text format files. -- Carsten ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
于 2013-1-6 21:53, Carsten Strotmann 写道: > you can use "named-compilezone" to convert from RAW-Format to Text-Format. > > Or you can use "dig" with axfr to get a zone-transfer from the server > (dig @server axfr zone.tld). > > You can change the format for writing zone files in the named.conf if > you prefer the text format files. Thanks for the kind info Carsten. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
On 06.01.13 21:23, Feng He wrote: I upgraded my BIND from 9.7 to 9.9. For BIND 9.7 all zone files under /var/cache/bind are clear textes. But under BIND 9.9 it seems the zone files are binary format. So how can we check the content of zone files now? "named-compilezone -j -F text " should do -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Ubuntu 12.04 & BIND 9.9.2-P1
Thanks that worked. I didn't even think about BIND being Chrooted since I have never seen this issue before on Debian. Ubuntu seems to be more restrictive to files outside the Chroot. Rusty L Vaughn On Sat, Jan 5, 2013 at 5:00 PM, Noel S. Rocha wrote: > Is bind chrooted? > > Try this(DONT FORGET: CHANGE VALUE OF $CHROOT VARIABLE ): > > 1º > mkdir -p $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ > > 2º Edit /etc/fstab > /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ > $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ none > defaults,bind,auto,nodev,noexec,nosuid 0 0 > > 3º > mount $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ > > 4º Edit /etc/apparmor.d/local/usr.sbin.named adding line above: > $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so rm, > > 5º reloading apparmor > /etc/init.d/apparmor reload > > Again, DONT FORGET: CHANGE VALUE OF $CHROOT. My chroot is /var/lib/bind/. > Put your chroot path. > > Good luck, > > On Sat, Jan 5, 2013 at 4:17 PM, Rusty L Vaughn > wrote: > >> I am getting the following error with a compiled version of BIND with >> Ubuntu 12.04. The file at the path does exist. I think I am missing a >> package but I am not sure what could be missing. Thanks >> >> error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared >> library:dso_dlfcn.c:185:filename(/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so): >> /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so: cannot open >> shared object file: No such file or directory >> >> error:25070067:DSO support routines:DSO_load:could not load the shared >> library:dso_lib.c:244: >> >> error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: >> >> error:2606A074:engine routines:ENGINE_by_id:no such >> engine:eng_list.c:417:id=gost >> >> initializing DST: crypto failure >> >> exiting (due to fatal error) >> >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > > > > -- > Noel S. Rocha > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
Another question, since the zone files are raw format now, how can we edit the zones? I use nsupdate only so it's not a problem, but for editting by hand, how to? Thanks. 于 2013-1-6 21:53, Carsten Strotmann 写道: > you can use "named-compilezone" to convert from RAW-Format to Text-Format. > > Or you can use "dig" with axfr to get a zone-transfer from the server > (dig @server axfr zone.tld). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
In message <50ea2724.2090...@nsbeta.info>, Feng He writes: > Another question, since the zone files are raw format now, how can we > edit the zones? I use nsupdate only so it's not a problem, but for > editting by hand, how to? > > Thanks. Master zones still use text format by default. Slave zones use raw format by default. You are not expected to edit slave zones. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
于 2013-1-7 10:44, Mark Andrews 写道: > Master zones still use text format by default. > > Slave zones use raw format by default. You are not expected to > edit slave zones. OK I see. that's right. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
