Bind service won't stay running.



  • Bind service is installed and enabled. Everything is setup correctly as far as I can tell. Logging is turned on and set to log everything from "Warnings" and up, but nothing is being logged. In addition, bind/named stops itself as soon as it starts, as well. I'm not sure what to do or where to look from here.

    I am quite familliar with command line interface, at least on Linux. I don't imagine FreeBSD is substantially different, but I digress. I can give you info on my setup, but I tend to be very verbose in forum posts. I tend to give too much info…

    I am going to try to be brief. If anybody needs more info than I am giving to help troubleshoot, let me know with a qucik repay, and I'll include the requested info as soon as I can.

    AMD Sempron 2100+ (1.0 GHz i686, no 64-bit or multi-core). 1 GB RAM. Actually, it might be easier if I post the actual computer name: HP t5730 Thin Client. Upgraded to a 4 GB CF card instead of the included 2 GB DoM.

    --Aaron

    P.S.: Help!!



  • I installed the basic package, enabled logging and set the logging severity (also know as the loggin serverity) level to Error.  Then without making any changes I started the service.  It barfed out for me as well.  Looking at Status - System logs - System - Resolver showed:

    Jul 25 16:51:54 named[32123]: starting BIND 9.9.5 -c /etc/namedb/named.conf -u bind -t /cf/named/
    Jul 25 16:51:54 named[32123]: built with '–localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/pbi/bind-amd64' '--without-python' '--enable-filter-aaaa' '--disable-fixed-rrset' '--without-gssapi' '--without-idn' '--enable-ipv6' '--enable-largefile' '--disable-newstats' '--disable-rpz-nsdname' '--disable-rpz-nsip' '--enable-rrl' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--with-openssl=/usr/pbi/bind-amd64' '--with-dlz-filesystem=yes' '--enable-threads' '--sysconfdir=/usr/pbi/bind-amd64/etc' '--prefix=/usr/pbi/bind-amd64' '--mandir=/usr/pbi/bind-amd64/man' '--infodir=/usr/pbi/bind-amd64/info/' '--build=x86_64-portbld-freebsd8.3' 'build_alias=x86_64-portbld-freebsd8.3' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -Wl,-rpath,/usr/pbi/bind-amd64/lib' 'CPPFLAGS=' 'CPP=cpp'
    Jul 25 16:51:54 named[32123]: –--------------------------------------------------
    Jul 25 16:51:54 named[32123]: BIND 9 is maintained by Internet Systems Consortium,
    Jul 25 16:51:54 named[32123]: Inc. (ISC), a non-profit 501©(3) public-benefit
    Jul 25 16:51:54 named[32123]: corporation. Support and training for BIND 9 are
    Jul 25 16:51:54 named[32123]: available at https://www.isc.org/support
    Jul 25 16:51:54 named[32123]: –--------------------------------------------------
    Jul 25 16:51:54 named[32123]: found 1 CPU, using 1 worker thread
    Jul 25 16:51:54 named[32123]: using 1 UDP listener per interface
    Jul 25 16:51:54 named[32123]: using up to 4096 sockets
    Jul 25 16:51:54 named[32123]: ENGINE_by_id failed (crypto failure)
    Jul 25 16:51:54 named[32123]: error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
    Jul 25 16:51:54 named[32123]: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
    Jul 25 16:51:54 named[32123]: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:418:id=gost
    Jul 25 16:51:54 named[32123]: initializing DST: crypto failure
    Jul 25 16:51:54 named[32123]: exiting (due to fatal error)

    So it seems to be a failure with the libgost encryption library.  It seems to be missing.  Go to the pfSense shell and enter these two commands to fix it:

    mkdir -p /cf/named/usr/pbi/bind-amd64/lib/engines
    
    cp -a /usr/pbi/bind-amd64/lib/engines/libgost.so /cf/named/usr/pbi/bind-amd64/lib/engines/
    


  • Ok. I haven't booted my pfSense thin clients in a few days. I'll try when I have a chance. I visit with my parents on Sundays. Once I get home, I'll mess with them some more.

    Also, not so important, but I am using 32-bit pfSense. I purchased 5 AMD Turion64 for the HP Thin clients, since the CPUs are socketed, but the passive cooling was insufficient for a 64-bit CPU with 2x the clock speed of the original. It only took about 20 minutes for the CPU to hit 50 degrees Celsius. This is with the Air Conditioner on and the Ambient temp at around 73 degrees Fahrenheit (about 23 Celsius, I think?).

    No need to post modified instructions, though. I should be savvy enough to figure-out it out myself. If somebody needs the instructions for 32-bit systems, I trust they are savvy enough to know how to ask.  :P



  • I don't have any x86 installs to check, but I would imagine that you could likely replace any instance of -amd64 with either -i386 or -i586.  On your PfSense box, hit the console, press 8 to get a shell and then do:

    cd /usr/pbi
    ls

    and see what it's really called.