| 1 |
On 2019-09-17 03:30, John Covici wrote: |
| 2 |
|
| 3 |
> Hi. I am having a very annoying problem with named. I am using |
| 4 |
> net-dns/bind-9.14.4 which I actually updated from a previous version |
| 5 |
> which also had the problem. It seems that an assertion has failed: |
| 6 |
> Sep 17 03:10:53 ccs.covici.com named[1857864]: resolver.c:4917: |
| 7 |
> INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed, back |
| 8 |
> trace |
| 9 |
> |
| 10 |
> There is a back trace which I can supply if that would help. There is |
| 11 |
> also a coredump. |
| 12 |
> |
| 13 |
> Also, when I restart named (which I have now done automatically by |
| 14 |
> systemd) it gives me a lot of errors like the following: |
| 15 |
> Sep 17 03:11:59 ccs.covici.com named[3299910]: validating arpa/DS: no |
| 16 |
> valid signature found |
| 17 |
> or this: |
| 18 |
> Sep 17 03:12:00 ccs.covici.com named[3299910]: validating com/DS: no |
| 19 |
> valid signature found |
| 20 |
|
| 21 |
This looks like a DNSSEC problem. I don't run bind on my gentoo system, |
| 22 |
but I did this: |
| 23 |
|
| 24 |
$ equery -C u net-dns/bind |
| 25 |
[ Legend : U - final flag setting for installation] |
| 26 |
[ : I - package is installed with flag ] |
| 27 |
[ Colors : set, unset ] |
| 28 |
* Found these USE flags for net-dns/bind-9.14.4: |
| 29 |
U I |
| 30 |
+ + berkdb : Add support for sys-libs/db (Berkeley DB for MySQL) |
| 31 |
+ - caps : Use Linux capabilities library to control privilege |
| 32 |
- - dlz : Enables dynamic loaded zones, 3rd party extension |
| 33 |
- - dnsrps : Enable the DNS Response Policy Service (DNSRPS) API, a mechanism to allow an |
| 34 |
external response policy provider |
| 35 |
- - dnstap : Enables dnstap packet logging |
| 36 |
- - doc : Add extra documentation (API, Javadoc, etc). It is recommended to enable per |
| 37 |
package instead of globally |
| 38 |
- - fixed-rrset : Enables fixed rrset-order option |
| 39 |
- - geoip : Add geoip support for country and city lookup based on IPs |
| 40 |
- - gost : Enables gost OpenSSL engine support |
| 41 |
- - gssapi : Enable gssapi support |
| 42 |
+ + json : Enable JSON statistics channel |
| 43 |
- - ldap : Add LDAP support (Lightweight Directory Access Protocol) |
| 44 |
- - libressl : Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl |
| 45 |
useflag) |
| 46 |
- - lmdb : Enable LMDB support to store configuration for 'addzone' zones |
| 47 |
- - mysql : Add mySQL Database support |
| 48 |
- - odbc : Add ODBC Support (Open DataBase Connectivity) |
| 49 |
- - postgres : Add support for the postgresql database |
| 50 |
- - python : Add optional support/bindings for the Python language |
| 51 |
+ + python_targets_python2_7 : Build with Python 2.7 |
| 52 |
- - python_targets_python3_5 : Build with Python 3.5 |
| 53 |
+ + python_targets_python3_6 : Build with Python 3.6 |
| 54 |
- - static-libs : Build static versions of dynamic libraries as well |
| 55 |
- - urandom : Use /dev/urandom instead of /dev/random |
| 56 |
+ + xml : Add support for XML files |
| 57 |
+ + zlib : Add support for zlib (de)compression |
| 58 |
|
| 59 |
which left me puzzled: the libressl flag docstring talks about a ssl |
| 60 |
flag which doesn't exist for this package. |
| 61 |
|
| 62 |
Try running "ldd /usr/sbin/named". Is openssl (ie. libssl and |
| 63 |
libcrypto) part of the output? |
| 64 |
|
| 65 |
-- |
| 66 |
Please don't Cc: me privately on mailing lists and Usenet, |
| 67 |
if you also post the followup to the list or newsgroup. |
| 68 |
To reply privately _only_ on Usenet and on broken lists |
| 69 |
which rewrite From, fetch the TXT record for no-use.mooo.com. |
Archives