Gentoo Archives: gentoo-user

From: John Covici <covici@××××××××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: problem with named restarting
Date: Tue, 17 Sep 2019 17:02:29
Message-Id: m336gun9fw.wl-covici@ccs.covici.com
In Reply to: [gentoo-user] Re: problem with named restarting by Ian Zimmerman
1 On Tue, 17 Sep 2019 12:14:14 -0400,
2 Ian Zimmerman wrote:
3 >
4 > On 2019-09-17 03:30, John Covici wrote:
5 >
6 > > Hi. I am having a very annoying problem with named. I am using
7 > > net-dns/bind-9.14.4 which I actually updated from a previous version
8 > > which also had the problem. It seems that an assertion has failed:
9 > > Sep 17 03:10:53 ccs.covici.com named[1857864]: resolver.c:4917:
10 > > INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed, back
11 > > trace
12 > >
13 > > There is a back trace which I can supply if that would help. There is
14 > > also a coredump.
15 > >
16 > > Also, when I restart named (which I have now done automatically by
17 > > systemd) it gives me a lot of errors like the following:
18 > > Sep 17 03:11:59 ccs.covici.com named[3299910]: validating arpa/DS: no
19 > > valid signature found
20 > > or this:
21 > > Sep 17 03:12:00 ccs.covici.com named[3299910]: validating com/DS: no
22 > > valid signature found
23 >
24 > This looks like a DNSSEC problem. I don't run bind on my gentoo system,
25 > but I did this:
26 >
27 > $ equery -C u net-dns/bind
28 > [ Legend : U - final flag setting for installation]
29 > [ : I - package is installed with flag ]
30 > [ Colors : set, unset ]
31 > * Found these USE flags for net-dns/bind-9.14.4:
32 > U I
33 > + + berkdb : Add support for sys-libs/db (Berkeley DB for MySQL)
34 > + - caps : Use Linux capabilities library to control privilege
35 > - - dlz : Enables dynamic loaded zones, 3rd party extension
36 > - - dnsrps : Enable the DNS Response Policy Service (DNSRPS) API, a mechanism to allow an
37 > external response policy provider
38 > - - dnstap : Enables dnstap packet logging
39 > - - doc : Add extra documentation (API, Javadoc, etc). It is recommended to enable per
40 > package instead of globally
41 > - - fixed-rrset : Enables fixed rrset-order option
42 > - - geoip : Add geoip support for country and city lookup based on IPs
43 > - - gost : Enables gost OpenSSL engine support
44 > - - gssapi : Enable gssapi support
45 > + + json : Enable JSON statistics channel
46 > - - ldap : Add LDAP support (Lightweight Directory Access Protocol)
47 > - - libressl : Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl
48 > useflag)
49 > - - lmdb : Enable LMDB support to store configuration for 'addzone' zones
50 > - - mysql : Add mySQL Database support
51 > - - odbc : Add ODBC Support (Open DataBase Connectivity)
52 > - - postgres : Add support for the postgresql database
53 > - - python : Add optional support/bindings for the Python language
54 > + + python_targets_python2_7 : Build with Python 2.7
55 > - - python_targets_python3_5 : Build with Python 3.5
56 > + + python_targets_python3_6 : Build with Python 3.6
57 > - - static-libs : Build static versions of dynamic libraries as well
58 > - - urandom : Use /dev/urandom instead of /dev/random
59 > + + xml : Add support for XML files
60 > + + zlib : Add support for zlib (de)compression
61 >
62 > which left me puzzled: the libressl flag docstring talks about a ssl
63 > flag which doesn't exist for this package.
64 >
65 > Try running "ldd /usr/sbin/named". Is openssl (ie. libssl and
66 > libcrypto) part of the output?
67 libcrypto is there along with libgnutls, but no libssl.
68
69 --
70 Your life is like a penny. You're going to lose it. The question is:
71 How do
72 you spend it?
73
74 John Covici wb2una
75 covici@××××××××××.com

Replies

Subject Author
[gentoo-user] Re: problem with named restarting Ian Zimmerman <itz@××××××××××××.org>
Re: [gentoo-user] Re: problem with named restarting Adam Carter <adamcarter3@×××××.com>