Re: RSA warnings errors in 9.8.4
Hello Jay, Jay Ford jay-f...@uiowa.edu writes: I just upgraded BIND on a Linux-based server from 9.8.3-P3 to 9.8.4. I started getting a bunch of RSA_verify errors, as has been discussed on this list. Is there a 9.8 release which quells those messages, or is hacking the source post-download still the recommended fix? not fixed in the -P1 releases of 9.8.4 and 9.9.2, should be fixed with the next regular BIND 9 release. So hacking the source post-download is still what you want to do if you do not like the messages. -- Carsten ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Ubuntu 12.04 BIND 9.9.2-P1
Hello Rusty, Rusty L Vaughn rusty.l.vau...@gmail.com writes: I am getting the following error with a compiled version of BIND with Ubuntu 12.04. The file at the path does exist. I think I am missing a package but I am not sure what could be missing. Thanks error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename (/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so): /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so: cannot open shared object file: No such file or directory error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:417:id=gost initializing DST: crypto failure exiting (due to fatal error) Are you running BIND in a chroot environment? If yes, you need to re-create the path and copy the file(s) mentioned in the error message into the chroot. libgost ist an OpenSSL crypto-engine that implements the GOST algorithm that can be used for DNSSEC. OpenSSL loads the crypto-engines after BIND has entered the chroot environment, so it looks for the files inside the chroot. if your chroot is /var/named (start BIND with named -t /var/named), then the file should be located in /var/named/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so Be prepared that you need to copy multiple file. Fix one error and then look for the next. Best regards Carsten Strotmann ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
Hello Feng, Feng He fen...@nsbeta.info writes: I upgraded my BIND from 9.7 to 9.9. For BIND 9.7 all zone files under /var/cache/bind are clear textes. But under BIND 9.9 it seems the zone files are binary format. So how can we check the content of zone files now? you can use named-compilezone to convert from RAW-Format to Text-Format. Or you can use dig with axfr to get a zone-transfer from the server (dig @server axfr zone.tld). You can change the format for writing zone files in the named.conf if you prefer the text format files. -- Carsten ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
于 2013-1-6 21:53, Carsten Strotmann 写道: you can use named-compilezone to convert from RAW-Format to Text-Format. Or you can use dig with axfr to get a zone-transfer from the server (dig @server axfr zone.tld). You can change the format for writing zone files in the named.conf if you prefer the text format files. Thanks for the kind info Carsten. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
On 06.01.13 21:23, Feng He wrote: I upgraded my BIND from 9.7 to 9.9. For BIND 9.7 all zone files under /var/cache/bind are clear textes. But under BIND 9.9 it seems the zone files are binary format. So how can we check the content of zone files now? named-compilezone -j -F text zonefile should do -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people have. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Ubuntu 12.04 BIND 9.9.2-P1
Thanks that worked. I didn't even think about BIND being Chrooted since I have never seen this issue before on Debian. Ubuntu seems to be more restrictive to files outside the Chroot. Rusty L Vaughn On Sat, Jan 5, 2013 at 5:00 PM, Noel S. Rocha noelsro...@gmail.com wrote: Is bind chrooted? Try this(DONT FORGET: CHANGE VALUE OF $CHROOT VARIABLE ): 1º mkdir -p $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ 2º Edit /etc/fstab /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ none defaults,bind,auto,nodev,noexec,nosuid 0 0 3º mount $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ 4º Edit /etc/apparmor.d/local/usr.sbin.named adding line above: $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so rm, 5º reloading apparmor /etc/init.d/apparmor reload Again, DONT FORGET: CHANGE VALUE OF $CHROOT. My chroot is /var/lib/bind/. Put your chroot path. Good luck, On Sat, Jan 5, 2013 at 4:17 PM, Rusty L Vaughn rusty.l.vau...@gmail.comwrote: I am getting the following error with a compiled version of BIND with Ubuntu 12.04. The file at the path does exist. I think I am missing a package but I am not sure what could be missing. Thanks error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so): /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so: cannot open shared object file: No such file or directory error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:417:id=gost initializing DST: crypto failure exiting (due to fatal error) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Noel S. Rocha ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
Another question, since the zone files are raw format now, how can we edit the zones? I use nsupdate only so it's not a problem, but for editting by hand, how to? Thanks. 于 2013-1-6 21:53, Carsten Strotmann 写道: you can use named-compilezone to convert from RAW-Format to Text-Format. Or you can use dig with axfr to get a zone-transfer from the server (dig @server axfr zone.tld). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
In message 50ea2724.2090...@nsbeta.info, Feng He writes: Another question, since the zone files are raw format now, how can we edit the zones? I use nsupdate only so it's not a problem, but for editting by hand, how to? Thanks. Master zones still use text format by default. Slave zones use raw format by default. You are not expected to edit slave zones. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone files in bind-9.9
于 2013-1-7 10:44, Mark Andrews 写道: Master zones still use text format by default. Slave zones use raw format by default. You are not expected to edit slave zones. OK I see. that's right. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
