upgrade from v9.9.3-rpz2+rl -> v9.9.4-rpz2+rl introduces fatal launch error: "initializing DST: no engine"
I currently run, named -V BIND 9.9.3-rpz2+rl.13204.02-P2 (Extended Support Version) built with '--prefix=/usr/local/bind-9.9.3-P2' '--libdir=/usr/local/bind-9.9.3-P2/lib64' '--sysconfdir=/usr/local/etc/named' '--localstatedir=/var' '--enable-shared' '--disable-static' '--enable-chroot' '--enable-ipv6' '--with-libxml2=yes' '--with-gnu-ld' '--with-libtool' '--without-idn' '--enable-threads' '--enable-largefile' '--with-randomdev=/dev/urandom' '--enable-openssl-version-check' '--disable-openssl-hash' '--with-openssl=/usr/local/ssl' '--without-pkcs11' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=/usr/local/dlz-bdb' '--with-dlz-filesystem=yes' '--with-dlz-ldap=no' '--with-dlz-odbc=no' '--with-dlz-stub=yes' '--with-dlopen=yes' '--enable-rpz-nsip' '--enable-rpz-nsdname' '--with-make-clean' 'CC=/usr/bin/gcc-4.8' 'CFLAGS=-O2 -fmessage-length=0 -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -march=atom -mtune=atom -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall' 'LDFLAGS=-L/usr/local/ssl/lib64 -Wl,-rpath,/usr/local/ssl/lib64 -lssl -lcrypto ' 'CPPFLAGS=-I/usr/local/include -I/usr/local/ssl/include -I/usr/include' using OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013 using libxml2 version: 2.9.0 On the same box, with similar ./configure, I build/install bin v9.9.4 + rpz2+rl patch, with no errors. On launch, though, it FAILS, with a fatal error; from `journalctl`, Sep 27 17:14:46 test03.devlan.int named[28862]: starting BIND 9.9.4-rpz2+rl.13269.14 -t /var/chroot/named -n 4 -S 1024 -u named -c /etc/named.conf -d 90 Sep 27 17:14:46 test03.devlan.int named[28862]: built with '--with-make-clean' '--enable-full-report' '--prefix=/usr/local/bind-9.9.4' '--libdir=/usr/local/bind-9.9.4/lib64' '--sysconfdir=/usr/local/etc/named' '--localstatedir=/var' '--enable-shared' '--disable-static' '--enable-chroot' '--enable-ipv6' '--with-libxml2=yes' '--with-gnu-ld' '--with-libtool' '--without-idn' '--enable-threads' '--enable-largefile' '--with-randomdev=/dev/urandom' '--enable-openssl-version-check' '--disable-openssl-hash' '--with-openssl=/usr/local/ssl' '--without-pkcs11' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=/usr/local/dlz-bdb' '--with-dlz-filesystem=yes' '--with-dlz-ldap=no' '--with-dlz-odbc=no' '--with-dlz-stub=yes' '--with-dlopen=yes' '--enable-rpz-nsip' '--enable-rpz-nsdname' '--enable-rrl' '--enable-filter-' '--with-pkcs11' 'CC=/usr/bin/gcc-4.8' 'CFLAGS=-O2 -fmessage-length=0 -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -march=atom -mtune=atom -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall' 'LDFLAGS=-L/usr/local/ssl/lib64 -Wl,-rpath,/usr/local/ssl/lib64 -lssl -lcrypto ' 'CPPFLAGS=-I/usr/local/include -I/usr/local/ssl/include -I/usr/include' Sep 27 17:14:46 test03.devlan.int named[28862]: Sep 27 17:14:46 test03.devlan.int named[28862]: BIND 9 is maintained by Internet Systems Consortium, Sep 27 17:14:46 test03.devlan.int named[28862]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Sep 27 17:14:46 test03.devlan.int named[28862]: corporation. Support and training for BIND 9 are Sep 27 17:14:46 test03.devlan.int named[28862]: available at https://www.isc.org/support Sep 27 17:14:46 test03.devlan.int named[28862]: Sep 27 17:14:46 test03.devlan.int named[28862]: adjusted limit on open files from 4096 to 1048576 Sep 27 17:14:46 test03.devlan.int named[28862]: found 4 CPUs, using 4 worker threads Sep 27 17:14:46 test03.devlan.int named[28862]: using 4 UDP listeners per interface Sep 27 17:14:46 test03.devlan.int named[28862]: using up to 1024 sockets Sep 27 17:14:46 test03.devlan.int named[28862]: initializing DST: no engine Sep 27 17:14:46 test03.devlan.int named[28862]: exiting (due to fatal error) Same Openssl version, similar configure, same systemctl launch scripts. Old posts referred to issues with libgost.so 'vs' chroot. In the 9.9.3 instance (running atm), libgost is in the chroot built by the startup script, ls -al /var/chroot/named/usr/local/ssl/lib64/engines/ total 132K drwxr-xr-x 2 root root 4.0K Sep 27 17:12 ./ drwxr-xr-x 3 root root 4.0K Sep 27 17:12 ../ -r-xr-xr-x 1 root root 123K Sep 27 17:32 libgost.so* The logs above don't tell me enough to know if the issue has returned bet 993 & 994. Any guidance as to where to start to beter identify & troubleshoot this? I can provide additional detail as needed. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: upgrade from v9.9.3-rpz2+rl -> v9.9.4-rpz2+rl introduces fatal launch error: "initializing DST: no engine"
PEBKAC. Found this, http://permalink.gmane.org/gmane.network.dns.bind.user/49569 suggesting not an issue with libgost, but libpkcs11.so Took a closer look at the config, found ... --without-pkcs11 \ ... --with-pkcs11 ... Errant copy -n- paste! rm'ing --with-pkcs11 then fresh build, install and exec -- launch with no error. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Adding DS records
> Any recomendations for another company for a .com domain in the US Gandi.net Great support, including DNSSEC: http://wiki.gandi.net/en/domains/dnssec http://doc.rpc.gandi.net/domain/reference.html On Fri, Dec 20, 2013 at 9:58 AM, Thomas Schulz wrote: >> >> If I was a NetSol customer, I would ask them, "Why not?" >> > >> >And if I were a NetSol customer, I would ask myself, Why? >> >> If I were a capitalist, I'd vote with my wallet and go somewhere with the >> features I want. > > Well, we started with them back when they were the only company registering > domain names. And up to now there were no problems (other than perhaps price). > > Any recomendations for another company for a .com domain in the US? > I suppose that I could always use the DLV, but I would rather not. > > Tom Schulz > Applied Dynamics Intl. > sch...@adi.com > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
specifics of downgrading from rpz2 (3rd party patch) -> rpz1 (in Bind release) ?
We'd deployed named v9.9.4 with the patches from BIND9 RRL and RPZ Patches http://ss.vix.su/~vjs/rrlrpz.html ... Multiple Zone Response Policy Zone (RPZ2) Speed Improvement with Response Rate Limiting (RRL) BIND9 9.9.4 file rpz2+rl-9.9.4.patch, version 9.9.4-rpz2+rl.13269.14 Version 9.9.4 includes RRL with ./configure --enable-rrl so this patch only affects RPZ. so as to have named -v BIND 9.9.4-rpz2+rl.13269.14 (Extended Support Version) noting today's release Subject: BIND 9.9.4-P2 is now available Date: Mon, 13 Jan 2014 16:48:35 + (UTC) ... Introduction BIND 9.9.4-P2 is the latest production release of BIND 9.9. BIND 9.9.4 is an Extended Support Version of BIND and no info on the 3rd-party rpz2 patches since the 9.9.4 release, we're downgrading to rpz1, as included in the supported Bind release (ack'd that rpz2 will be 'in' 9.10.x). Can anyone clarify specifically the *diff* between rpz1, as in the Bind9 release, and rpz2? Particularly, which specific features/capabilities I need to unwind to get back to 'just' rpz1? I'll poke at it until it behaves, but would appreciate some better-informed guidance. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: specifics of downgrading from rpz2 (3rd party patch) -> rpz1 (in Bind release) ?
> IIRC there's no syntax/feature difference. Quickly attempting to use the existing, same named config that I've been using with 9.9.4-rpz2+rl.13269.14 with a new build of 9.9.4-P2 release, 9.9.4-P2 refuses to boot. I've not (yet) gotten any farther than that ... ... shouldn't be tough to figure out. but, SOMETHING is different/incompatible > ... performance enhancements ... right, which is why we 'all' switched in the 1st place > the lack of RPZ2 is keeping us on older bind 9.9 releases for the moment we'd done the same thru the entire 9.9.4-P1 cycle. with the P2 cycle, supported/up-to-date bind9 is more important to us. especially given the radio silence re: 3rd party patch dev. if/when rpz2 appears in bind9-releases, we'll (re)emjoy its benefits. ymmv. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: specifics of downgrading from rpz2 (3rd party patch) -> rpz1 (in Bind release) ?
On Mon, Jan 13, 2014 at 2:15 PM, Mark Andrews wrote: > Why does the *need* to be info as the existing patches works other > than for the version file which for the fix by hand is pretty > obvious or you can just leave it as it is in 9.9.4-P2. The patch devs have been silent on their site, and on this list. NBD -- their choice, of course. Who, other than you, has said anything about *need*? You're of course welcome to use/apply any undocumented/unsupported patches you choose to. Otoh, I choose to use as close to a release product as I can functionally get away with. I, personally, have zero interest in playing the lab-rat to determine what secondary/hidden effects there _might_ be by using even an 'obvious' patch that's been, in effect, abandoned. Tho, now that you mention it, one DOES wonder that if it's so 'obvious', why ISC is waiting until 9.10.x to include it in the code ... In any case, my question was what the diffs are, and any hints on downgrading. That's all taken care of, so - thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: specifics of downgrading from rpz2 (3rd party patch) -> rpz1 (in Bind release) ?
> You appear to want people to supply you with a new patch Oh, THAT's what I wanted? Thanks SO much for clearing that up! > ... and unless you are paying Vernon to support you he is under no obligation > to respond to you. ... You can keep bloviating, but it still doesn't mean you have the slightest connection to any sort of reality. Who said anything about obligations? Exactly which part of asking about downgrading are you not picking up on? ( pssst! hint, hint! re-read the "NBD -- their choice of course" part) Please go waste someone else's time. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC considering a change to the BIND open source license
> If that doesn't explain it, then you are just looking to > argue license religion and justify a choice you already made, Or, we're just left scratching our heads wondering what the ranting is about. Seems like there are lots on this list who practice no such religion, and actually find this one of the more reasoned communications about license changes. And, TBH, would've been even interested in reasoned, legitimate commentary from you. > and I can't help you with that. Clear enough. Back to reasonable discussion. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
