BIND update gone bad

Mathieu Arnold mat at FreeBSD.org
Wed Nov 14 09:33:19 UTC 2018 

On Tue, Nov 13, 2018 at 09:15:12PM -0500, Kevin P. Neal wrote:
> Before anyone panics on my behalf, I did a zfs rollback to avoid the new
> named problem. But something needs to be fixed somewhere.
> 
> I just did an svn update of /usr/ports, ran poudriere and then did pkg
> upgrade, which includes updates to bind911-9.11.5.  My base system is
> 11.2-p4. When I restarted named it failed to start. When run "by hand" as
> shown below it prints errors that may help someone solve this issue:
> 
> 
> [root at gunsight1 ~]# /usr/local/sbin/named -g  -t /var/named -u bind -c /etc/namedb/named.conf
> 13-Nov-2018 21:00:30.955 starting BIND 9.11.5 (Extended Support Version) <id:3b0b204>
> 13-Nov-2018 21:00:30.955 running on FreeBSD amd64 11.2-RELEASE-p4 FreeBSD 11.2-RELEASE-p4 #0: Thu Sep 27 08:16:24 UTC 2018     root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
> 13-Nov-2018 21:00:30.955 built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/local' '--with-readline=-L/usr/local/lib -ledit' '--with-dlopen=yes' '--sysconfdir=/usr/local/etc/namedb' '--with-dlz-filesystem=yes' '--disable-dnstap' '--disable-filter-aaaa' '--disable-fixed-rrset' '--without-geoip' '--without-gssapi' '--with-libidn2=/usr/local' '--enable-ipv6' '--with-libjson=/usr/local' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--with-python=/usr/local/bin/python2.7' '--disable-querytrace' '--enable-rpz-nsdname' '--enable-rpz-nsip' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--with-openssl=/usr' '--enable-threads' '--with-tuning=default' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd11.2' 'build_alias=amd64-portbld-freebsd11.2' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector -isystem /usr/local/include -fno-stri
>  ct-aliasing ' 'LDFLAGS= -fstack-protector ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp'
> 13-Nov-2018 21:00:30.955 running as: named -g -t /var/named -u bind -c /etc/namedb/named.conf
> 13-Nov-2018 21:00:30.955 compiled by CLANG 4.2.1 Compatible FreeBSD Clang 6.0.0 (tags/RELEASE_600/final 326565)
> 13-Nov-2018 21:00:30.955 compiled with OpenSSL version: OpenSSL 1.0.2o-freebsd  27 Mar 2018
> 13-Nov-2018 21:00:30.955 linked to OpenSSL version: OpenSSL 1.0.2o-freebsd  27 Mar 2018
> 13-Nov-2018 21:00:30.955 compiled with libxml2 version: 2.9.7
> 13-Nov-2018 21:00:30.955 linked to libxml2 version: 20907
> 13-Nov-2018 21:00:30.955 compiled with libjson-c version: 0.13.1
> 13-Nov-2018 21:00:30.955 linked to libjson-c version: 0.13.1
> 13-Nov-2018 21:00:30.955 compiled with zlib version: 1.2.11
> 13-Nov-2018 21:00:30.955 linked to zlib version: 1.2.11
> 13-Nov-2018 21:00:30.955 threads support is enabled
> 13-Nov-2018 21:00:30.955 ----------------------------------------------------
> 13-Nov-2018 21:00:30.955 BIND 9 is maintained by Internet Systems Consortium,
> 13-Nov-2018 21:00:30.955 Inc. (ISC), a non-profit 501(c)(3) public-benefit 
> 13-Nov-2018 21:00:30.955 corporation.  Support and training for BIND 9 are 
> 13-Nov-2018 21:00:30.955 available at https://www.isc.org/support
> 13-Nov-2018 21:00:30.955 ----------------------------------------------------
> 13-Nov-2018 21:00:30.955 found 16 CPUs, using 16 worker threads
> 13-Nov-2018 21:00:30.955 using 15 UDP listeners per interface
> 13-Nov-2018 21:00:30.956 using up to 4096 sockets
> 13-Nov-2018 21:00:30.959 ENGINE_by_id failed (crypto failure)
> 13-Nov-2018 21:00:30.959 error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:187:filename(/usr/lib/engines/libgost.so): Cannot open "/usr/lib/engines/libgost.so"
> 13-Nov-2018 21:00:30.959 error:25070067:DSO support routines:DSO_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:233:
> 13-Nov-2018 21:00:30.959 error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:/usr/src/crypto/openssl/crypto/engine/eng_dyn.c:467:
> 13-Nov-2018 21:00:30.959 error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/crypto/openssl/crypto/engine/eng_list.c:390:id=gost
> 13-Nov-2018 21:00:30.959 initializing DST: crypto failure
> 13-Nov-2018 21:00:30.959 exiting (due to fatal error)

Mmmmm, I removed the GOST option from 9.11 because it was removed in
later version and never used, but it seems BIND9 is picking up the fact
that base OpenSSL still has GOST support on 11. I'll fix.

-- 
Mathieu Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20181114/954d4a5e/attachment.sig>

More information about the freebsd-ports mailing list