The version of BIND included with BLFS doesn't work. Googled:
named initializing DST: openssl failure
Results in these apparently relevant links:
* https://trac.macports.org/ticket/28619
* https://bugs.gentoo.org/show_bug.cgi?id=356519
*
http://snarfu.com/freebsd/freebsd-bind-chroot-openssl-initializing-dst-openssl-failure-fix/
Apparently this error occurs across 3 separate OSes (Mac OS, Gentoo, FreeBSD).
AFAICT, named just don't play well with a chroot jail. I've tried this:
====
sudo sed -i s'/ievaluate_retval/evaluate_retval/g' /etc/rc.d/init.d/bind
ldd /usr/sbin/named | awk -F \> '{print $2}' | grep /lib | cut -d ' ' -f 2 |
sudo cpio -pdmv /srv/named 2> /dev/null
sudo /bin/cp -avf /usr/lib/engines /srv/named/usr/lib
sudo /bin/cp -avf /etc/ssl /srv/named/etc
set +e
sudo mknod -m 0666 /srv/named/dev/zero c 1 5
set -e
sudo chown -vR named.named /srv/named
====
Which didn't seem to help. My gut says the chroot environment is somehow
incomplete...
Personally, I don't need to run it in the chroot environment, but if anyone has
gotten it working I'd love to hear how you did it. In lieu of working advice,
however, I would suggest pulling the chroot instructions out of BLFS. Running
it without -u, -t works just fine, as long as the config files are in /etc, and
not in the jail.
Q
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
