1 |
On Tue, 17 Sep 2019 12:14:14 -0400, |
2 |
Ian Zimmerman wrote: |
3 |
> |
4 |
> On 2019-09-17 03:30, John Covici wrote: |
5 |
> |
6 |
> > Hi. I am having a very annoying problem with named. I am using |
7 |
> > net-dns/bind-9.14.4 which I actually updated from a previous version |
8 |
> > which also had the problem. It seems that an assertion has failed: |
9 |
> > Sep 17 03:10:53 ccs.covici.com named[1857864]: resolver.c:4917: |
10 |
> > INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed, back |
11 |
> > trace |
12 |
> > |
13 |
> > There is a back trace which I can supply if that would help. There is |
14 |
> > also a coredump. |
15 |
> > |
16 |
> > Also, when I restart named (which I have now done automatically by |
17 |
> > systemd) it gives me a lot of errors like the following: |
18 |
> > Sep 17 03:11:59 ccs.covici.com named[3299910]: validating arpa/DS: no |
19 |
> > valid signature found |
20 |
> > or this: |
21 |
> > Sep 17 03:12:00 ccs.covici.com named[3299910]: validating com/DS: no |
22 |
> > valid signature found |
23 |
> |
24 |
> This looks like a DNSSEC problem. I don't run bind on my gentoo system, |
25 |
> but I did this: |
26 |
> |
27 |
> $ equery -C u net-dns/bind |
28 |
> [ Legend : U - final flag setting for installation] |
29 |
> [ : I - package is installed with flag ] |
30 |
> [ Colors : set, unset ] |
31 |
> * Found these USE flags for net-dns/bind-9.14.4: |
32 |
> U I |
33 |
> + + berkdb : Add support for sys-libs/db (Berkeley DB for MySQL) |
34 |
> + - caps : Use Linux capabilities library to control privilege |
35 |
> - - dlz : Enables dynamic loaded zones, 3rd party extension |
36 |
> - - dnsrps : Enable the DNS Response Policy Service (DNSRPS) API, a mechanism to allow an |
37 |
> external response policy provider |
38 |
> - - dnstap : Enables dnstap packet logging |
39 |
> - - doc : Add extra documentation (API, Javadoc, etc). It is recommended to enable per |
40 |
> package instead of globally |
41 |
> - - fixed-rrset : Enables fixed rrset-order option |
42 |
> - - geoip : Add geoip support for country and city lookup based on IPs |
43 |
> - - gost : Enables gost OpenSSL engine support |
44 |
> - - gssapi : Enable gssapi support |
45 |
> + + json : Enable JSON statistics channel |
46 |
> - - ldap : Add LDAP support (Lightweight Directory Access Protocol) |
47 |
> - - libressl : Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl |
48 |
> useflag) |
49 |
> - - lmdb : Enable LMDB support to store configuration for 'addzone' zones |
50 |
> - - mysql : Add mySQL Database support |
51 |
> - - odbc : Add ODBC Support (Open DataBase Connectivity) |
52 |
> - - postgres : Add support for the postgresql database |
53 |
> - - python : Add optional support/bindings for the Python language |
54 |
> + + python_targets_python2_7 : Build with Python 2.7 |
55 |
> - - python_targets_python3_5 : Build with Python 3.5 |
56 |
> + + python_targets_python3_6 : Build with Python 3.6 |
57 |
> - - static-libs : Build static versions of dynamic libraries as well |
58 |
> - - urandom : Use /dev/urandom instead of /dev/random |
59 |
> + + xml : Add support for XML files |
60 |
> + + zlib : Add support for zlib (de)compression |
61 |
> |
62 |
> which left me puzzled: the libressl flag docstring talks about a ssl |
63 |
> flag which doesn't exist for this package. |
64 |
> |
65 |
> Try running "ldd /usr/sbin/named". Is openssl (ie. libssl and |
66 |
> libcrypto) part of the output? |
67 |
libcrypto is there along with libgnutls, but no libssl. |
68 |
|
69 |
-- |
70 |
Your life is like a penny. You're going to lose it. The question is: |
71 |
How do |
72 |
you spend it? |
73 |
|
74 |
John Covici wb2una |
75 |
covici@××××××××××.com |