Bind fails to start after upgrade



  • Hi All
    I upgraded my bind service via pbi, after upgrade not it is failing to start.

    My pfsense:
    2.1.3-RELEASE (amd64)
    built on Thu May 01 15:52:13 EDT 2014
    FreeBSD 8.3-RELEASE-p16

    Bind upgrade to: 9.9.5_10 pkg v 0.3.4

    Error from logs:

    Jun 11 16:29:16 named[95062]: exiting (due to fatal error)
    Jun 11 16:29:16 named[95062]: initializing DST: crypto failure
    Jun 11 16:29:16 named[95062]: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:418:id=gost
    Jun 11 16:29:16 named[95062]: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
    Jun 11 16:29:16 named[95062]: error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
    Jun 11 16:29:16 named[95062]: ENGINE_by_id failed (crypto failure)
    Jun 11 16:29:16 named[95062]: using up to 4096 sockets
    Jun 11 16:29:16 named[95062]: using 2 UDP listeners per interface
    Jun 11 16:29:16 named[95062]: found 2 CPUs, using 2 worker threads
    Jun 11 16:29:16 named[95062]: –--------------------------------------------------
    Jun 11 16:29:16 named[95062]: available at https://www.isc.org/support
    Jun 11 16:29:16 named[95062]: corporation. Support and training for BIND 9 are
    Jun 11 16:29:16 named[95062]: Inc. (ISC), a non-profit 501©(3) public-benefit
    Jun 11 16:29:16 named[95062]: BIND 9 is maintained by Internet Systems Consortium,
    Jun 11 16:29:16 named[95062]: –--------------------------------------------------
    Jun 11 16:29:16 named[95062]: built with '–localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/pbi/bind-amd64' '--without-python' '--enable-filter-aaaa' '--disable-fixed-rrset' '--without-gssapi' '--without-idn' '--enable-ipv6' '--enable-largefile' '--disable-newstats' '--disable-rpz-nsdname' '--disable-rpz-nsip' '--enable-rrl' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--with-openssl=/usr/pbi/bind-amd64' '--with-dlz-filesystem=yes' '--enable-threads' '--sysconfdir=/usr/pbi/bind-amd64/etc' '--prefix=/usr/pbi/bind-amd64' '--mandir=/usr/pbi/bind-amd64/man' '--infodir=/usr/pbi/bind-amd64/info/' '--build=x86_64-portbld-freebsd8.3' 'build_alias=x86_64-portbld-freebsd8.3' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -Wl,-rpath,/usr/pbi/bind-amd64/lib' 'CPPFLAGS=' 'CPP=cpp'
    Jun 11 16:29:16 named[95062]: starting BIND 9.9.5 -c /etc/namedb/named.conf -u bind -t /cf/named/

    Currently my DNS service is totally down,  :'(
    please help



  • Okay .. I think I have fixed it by downgrading to a previous version, not the best way but at-least DNS server is up and running.

    Totally on own risk
    1.  make sure that bind is installed via GUI package manager
    2. Disable Bind demon via clearing "Enable" check box
    3. save

    4. Now logon to the console (via ssh or comport)
    5. once logged in select option 8 (Shell)
    5. type "fetch https://files.pfsense.org/packages/amd64/8/All/bind-9.9.5_8-amd64.pbi"
    6. then type "pbi_add -f –no-checksig bind-9.9.5_8-amd64.pbi"
    7. type "rehash"
    8. Done!

    One caveat is that on GUI package manager it will  show incorrect version "9.9.5_10 pkg v 0.3.4"

    -MM



  • For 32bits systems use:

    5. type "fetch https://files.pfsense.org/packages/8/All/bind-9.9.5_8-i386.pbi"
    6. then type "pbi_add -f –no-checksig bind-9.9.5_8-i386.pbi"

    @mrmastii:

    Okay .. I think I have fixed it by downgrading to a previous version, not the best way but at-least DNS server is up and running.

    Totally on own risk
    1.  make sure that bind is installed via GUI package manager
    2. Disable Bind demon via clearing "Enable" check box
    3. save

    4. Now logon to the console (via ssh or comport)
    5. once logged in select option 8 (Shell)
    5. type "fetch https://files.pfsense.org/packages/amd64/8/All/bind-9.9.5_8-amd64.pbi"
    6. then type "pbi_add -f –no-checksig bind-9.9.5_8-amd64.pbi"
    7. type "rehash"
    8. Done!

    One caveat is that on GUI package manager it will  show incorrect version "9.9.5_10 pkg v 0.3.4"

    -MM



  • Good Point Nio.

    I was was working towards 64 bit system, so I didn't pay attention to 32 bit.
    No too sure if 32 bit has same problem as 64 bit.

    When I debugged the issue, it was related to OpenSSL libary ib 64 bit.

    In any event, thanks for suggestion  :)
    -MM



  • This did it for me:

    
    # mkdir -p /cf/named/usr/pbi/bind-amd64/lib/engines
    # cp -a /usr/pbi/bind-amd64/lib/engines/libgost.so /cf/named/usr/pbi/bind-amd64/lib/engines/
    
    


  • @2I11g88mCx,

    Yes, i deed that worked too with 64 bit. I guess devs should update their post installation script

    Thanks

    -MM



  • Had same problem - Update killed bind on my 64bit system. Installing the older release got me back up and going for now. Taking out bind is exceptionally problematic…  ::)

    error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:418:id=gost
    

    gost is in openssl 1.x and newer, and is a compile time option.  If you have 0.9x you need to disable gost (most BSD boxes before 10.x)



  • @2I11g88mCx:

    This did it for me:

    
    # mkdir -p /cf/named/usr/pbi/bind-amd64/lib/engines
    # cp -a /usr/pbi/bind-amd64/lib/engines/libgost.so /cf/named/usr/pbi/bind-amd64/lib/engines/
    
    

    This also worked for me.



  • I am having same issue on my pfSense 2.1.5 i386


  • Developer Netgate Administrator

    Try latest version 9.9.5P1_5 pkg v 0.3.5 and let me know if you find any issues.


Log in to reply