Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Bind fails to start after upgrade

    pfSense Packages
    7
    10
    6629
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrmastii last edited by

      Hi All
      I upgraded my bind service via pbi, after upgrade not it is failing to start.

      My pfsense:
      2.1.3-RELEASE (amd64)
      built on Thu May 01 15:52:13 EDT 2014
      FreeBSD 8.3-RELEASE-p16

      Bind upgrade to: 9.9.5_10 pkg v 0.3.4

      Error from logs:

      Jun 11 16:29:16 named[95062]: exiting (due to fatal error)
      Jun 11 16:29:16 named[95062]: initializing DST: crypto failure
      Jun 11 16:29:16 named[95062]: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:418:id=gost
      Jun 11 16:29:16 named[95062]: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
      Jun 11 16:29:16 named[95062]: error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
      Jun 11 16:29:16 named[95062]: ENGINE_by_id failed (crypto failure)
      Jun 11 16:29:16 named[95062]: using up to 4096 sockets
      Jun 11 16:29:16 named[95062]: using 2 UDP listeners per interface
      Jun 11 16:29:16 named[95062]: found 2 CPUs, using 2 worker threads
      Jun 11 16:29:16 named[95062]: –--------------------------------------------------
      Jun 11 16:29:16 named[95062]: available at https://www.isc.org/support
      Jun 11 16:29:16 named[95062]: corporation. Support and training for BIND 9 are
      Jun 11 16:29:16 named[95062]: Inc. (ISC), a non-profit 501©(3) public-benefit
      Jun 11 16:29:16 named[95062]: BIND 9 is maintained by Internet Systems Consortium,
      Jun 11 16:29:16 named[95062]: –--------------------------------------------------
      Jun 11 16:29:16 named[95062]: built with '–localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/pbi/bind-amd64' '--without-python' '--enable-filter-aaaa' '--disable-fixed-rrset' '--without-gssapi' '--without-idn' '--enable-ipv6' '--enable-largefile' '--disable-newstats' '--disable-rpz-nsdname' '--disable-rpz-nsip' '--enable-rrl' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--with-openssl=/usr/pbi/bind-amd64' '--with-dlz-filesystem=yes' '--enable-threads' '--sysconfdir=/usr/pbi/bind-amd64/etc' '--prefix=/usr/pbi/bind-amd64' '--mandir=/usr/pbi/bind-amd64/man' '--infodir=/usr/pbi/bind-amd64/info/' '--build=x86_64-portbld-freebsd8.3' 'build_alias=x86_64-portbld-freebsd8.3' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -Wl,-rpath,/usr/pbi/bind-amd64/lib' 'CPPFLAGS=' 'CPP=cpp'
      Jun 11 16:29:16 named[95062]: starting BIND 9.9.5 -c /etc/namedb/named.conf -u bind -t /cf/named/

      Currently my DNS service is totally down,  :'(
      please help

      1 Reply Last reply Reply Quote 0
      • M
        mrmastii last edited by

        Okay .. I think I have fixed it by downgrading to a previous version, not the best way but at-least DNS server is up and running.

        Totally on own risk
        1.  make sure that bind is installed via GUI package manager
        2. Disable Bind demon via clearing "Enable" check box
        3. save

        4. Now logon to the console (via ssh or comport)
        5. once logged in select option 8 (Shell)
        5. type "fetch https://files.pfsense.org/packages/amd64/8/All/bind-9.9.5_8-amd64.pbi"
        6. then type "pbi_add -f –no-checksig bind-9.9.5_8-amd64.pbi"
        7. type "rehash"
        8. Done!

        One caveat is that on GUI package manager it will  show incorrect version "9.9.5_10 pkg v 0.3.4"

        -MM

        1 Reply Last reply Reply Quote 0
        • N
          Nio last edited by

          For 32bits systems use:

          5. type "fetch https://files.pfsense.org/packages/8/All/bind-9.9.5_8-i386.pbi"
          6. then type "pbi_add -f –no-checksig bind-9.9.5_8-i386.pbi"

          @mrmastii:

          Okay .. I think I have fixed it by downgrading to a previous version, not the best way but at-least DNS server is up and running.

          Totally on own risk
          1.  make sure that bind is installed via GUI package manager
          2. Disable Bind demon via clearing "Enable" check box
          3. save

          4. Now logon to the console (via ssh or comport)
          5. once logged in select option 8 (Shell)
          5. type "fetch https://files.pfsense.org/packages/amd64/8/All/bind-9.9.5_8-amd64.pbi"
          6. then type "pbi_add -f –no-checksig bind-9.9.5_8-amd64.pbi"
          7. type "rehash"
          8. Done!

          One caveat is that on GUI package manager it will  show incorrect version "9.9.5_10 pkg v 0.3.4"

          -MM

          ..:: Free Solutions ::..

          1 Reply Last reply Reply Quote 0
          • M
            mrmastii last edited by

            Good Point Nio.

            I was was working towards 64 bit system, so I didn't pay attention to 32 bit.
            No too sure if 32 bit has same problem as 64 bit.

            When I debugged the issue, it was related to OpenSSL libary ib 64 bit.

            In any event, thanks for suggestion  :)
            -MM

            1 Reply Last reply Reply Quote 0
            • 2
              2I11g88mCx last edited by

              This did it for me:

              
              # mkdir -p /cf/named/usr/pbi/bind-amd64/lib/engines
              # cp -a /usr/pbi/bind-amd64/lib/engines/libgost.so /cf/named/usr/pbi/bind-amd64/lib/engines/
              
              
              1 Reply Last reply Reply Quote 0
              • M
                mrmastii last edited by

                @2I11g88mCx,

                Yes, i deed that worked too with 64 bit. I guess devs should update their post installation script

                Thanks

                -MM

                1 Reply Last reply Reply Quote 0
                • P
                  peffyes last edited by

                  Had same problem - Update killed bind on my 64bit system. Installing the older release got me back up and going for now. Taking out bind is exceptionally problematic…  ::)

                  error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:418:id=gost
                  

                  gost is in openssl 1.x and newer, and is a compile time option.  If you have 0.9x you need to disable gost (most BSD boxes before 10.x)

                  1 Reply Last reply Reply Quote 0
                  • Z
                    zang3tsu last edited by

                    @2I11g88mCx:

                    This did it for me:

                    
                    # mkdir -p /cf/named/usr/pbi/bind-amd64/lib/engines
                    # cp -a /usr/pbi/bind-amd64/lib/engines/libgost.so /cf/named/usr/pbi/bind-amd64/lib/engines/
                    
                    

                    This also worked for me.

                    1 Reply Last reply Reply Quote 0
                    • C
                      Caboosey last edited by

                      I am having same issue on my pfSense 2.1.5 i386

                      1 Reply Last reply Reply Quote 0
                      • rbgarga
                        rbgarga Developer Netgate Administrator last edited by

                        Try latest version 9.9.5P1_5 pkg v 0.3.5 and let me know if you find any issues.

                        Renato Botelho

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post