1 |
On 2019-09-17 03:30, John Covici wrote: |
2 |
|
3 |
> Hi. I am having a very annoying problem with named. I am using |
4 |
> net-dns/bind-9.14.4 which I actually updated from a previous version |
5 |
> which also had the problem. It seems that an assertion has failed: |
6 |
> Sep 17 03:10:53 ccs.covici.com named[1857864]: resolver.c:4917: |
7 |
> INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed, back |
8 |
> trace |
9 |
> |
10 |
> There is a back trace which I can supply if that would help. There is |
11 |
> also a coredump. |
12 |
> |
13 |
> Also, when I restart named (which I have now done automatically by |
14 |
> systemd) it gives me a lot of errors like the following: |
15 |
> Sep 17 03:11:59 ccs.covici.com named[3299910]: validating arpa/DS: no |
16 |
> valid signature found |
17 |
> or this: |
18 |
> Sep 17 03:12:00 ccs.covici.com named[3299910]: validating com/DS: no |
19 |
> valid signature found |
20 |
|
21 |
This looks like a DNSSEC problem. I don't run bind on my gentoo system, |
22 |
but I did this: |
23 |
|
24 |
$ equery -C u net-dns/bind |
25 |
[ Legend : U - final flag setting for installation] |
26 |
[ : I - package is installed with flag ] |
27 |
[ Colors : set, unset ] |
28 |
* Found these USE flags for net-dns/bind-9.14.4: |
29 |
U I |
30 |
+ + berkdb : Add support for sys-libs/db (Berkeley DB for MySQL) |
31 |
+ - caps : Use Linux capabilities library to control privilege |
32 |
- - dlz : Enables dynamic loaded zones, 3rd party extension |
33 |
- - dnsrps : Enable the DNS Response Policy Service (DNSRPS) API, a mechanism to allow an |
34 |
external response policy provider |
35 |
- - dnstap : Enables dnstap packet logging |
36 |
- - doc : Add extra documentation (API, Javadoc, etc). It is recommended to enable per |
37 |
package instead of globally |
38 |
- - fixed-rrset : Enables fixed rrset-order option |
39 |
- - geoip : Add geoip support for country and city lookup based on IPs |
40 |
- - gost : Enables gost OpenSSL engine support |
41 |
- - gssapi : Enable gssapi support |
42 |
+ + json : Enable JSON statistics channel |
43 |
- - ldap : Add LDAP support (Lightweight Directory Access Protocol) |
44 |
- - libressl : Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl |
45 |
useflag) |
46 |
- - lmdb : Enable LMDB support to store configuration for 'addzone' zones |
47 |
- - mysql : Add mySQL Database support |
48 |
- - odbc : Add ODBC Support (Open DataBase Connectivity) |
49 |
- - postgres : Add support for the postgresql database |
50 |
- - python : Add optional support/bindings for the Python language |
51 |
+ + python_targets_python2_7 : Build with Python 2.7 |
52 |
- - python_targets_python3_5 : Build with Python 3.5 |
53 |
+ + python_targets_python3_6 : Build with Python 3.6 |
54 |
- - static-libs : Build static versions of dynamic libraries as well |
55 |
- - urandom : Use /dev/urandom instead of /dev/random |
56 |
+ + xml : Add support for XML files |
57 |
+ + zlib : Add support for zlib (de)compression |
58 |
|
59 |
which left me puzzled: the libressl flag docstring talks about a ssl |
60 |
flag which doesn't exist for this package. |
61 |
|
62 |
Try running "ldd /usr/sbin/named". Is openssl (ie. libssl and |
63 |
libcrypto) part of the output? |
64 |
|
65 |
-- |
66 |
Please don't Cc: me privately on mailing lists and Usenet, |
67 |
if you also post the followup to the list or newsgroup. |
68 |
To reply privately _only_ on Usenet and on broken lists |
69 |
which rewrite From, fetch the TXT record for no-use.mooo.com. |