Dnsmasq: undefined symbol?



  • Hi all,

    Since 2.1.5 my dnsmasq daemon no longer appears to be working, the web interface reports it as down and when I try to launch it manually from the CLI I get:
    [2.1.5-RELEASE][admin@gatekeeper]/root(20): dnsmasq
    /libexec/ld-elf.so.1: Undefined symbol "nettle_secp_384r1" referenced from COPY relocation in /usr/local/sbin/dnsmasq

    I've searched for this kind of bug and found https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=190149. However, the solution seems to be to rebuild dnsmasq so that the undefined symbol is fixed. Since pfsense is running on an Alix computer board, I'd rather not do any building etc. Also, the bug seems to be for freebsd 10.1 while pfsense is still on 8.3; so I'm a bit confused why I'm suffering from this issue. The bug seems to be related to DNSSEC support in dnsmasq (which I'm not using at the moment). Also note that nettle is actually installed on my box

    Any suggestions? Where might I find a package that ships a working dnsmasq? Is this safe to try: http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-8.3-release/All/dnsmasq-2.60%2C1.tbz ? What else can I try?

    Some more info:
    uname -a on my pfsense box:
    FreeBSD gatekeeper 8.3-RELEASE-p16 FreeBSD 8.3-RELEASE-p16 #0: Mon Aug 25 08:29:45 EDT 2014    root@pf2_1_1_i386.pfsense.org:/usr/obj.i386/usr/pfSensesrc/src/sys/pfSense_wrap_vga.8.i386  i386

    Some info about the dnsmsaq binary (can't run –version or anything because of the undefined reference):
    [2.1.5-RELEASE][admin@gatekeeper]/root(26): file /usr/local/sbin/dnsmasq
    /usr/local/sbin/dnsmasq: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked (uses shared libs), for FreeBSD 8.3, stripped
    [2.1.5-RELEASE][admin@gatekeeper]/root(27): ls -al /usr/local/sbin/dnsmasq
    -r-xr-xr-x  1 root  wheel  277104 Aug 25 14:30 /usr/local/sbin/dnsmasq



  • The stock release ships a working dnsmasq. I'm guessing you were pkg_adding other things and did something to stomp on dnsmasq somehow. pkg_delete anything you installed, and re-upgrade to 2.1.5 (via System>Firmware, Manual update) should work around that. If you were messing around with pkg_add, it's probably best to backup your config, reinstall, and restore the config.



  • pkg_add'ing something that somehow replaced dnsmasq sounds likely.

    Could you post the md5 hash of the dnsmasq binary on a working box? Just so I can compare with mine:
    [2.1.5-RELEASE][admin@gatekeeper]/usr/local/sbin(3): md5 dnsmasq
    MD5 (dnsmasq) = 5109310985f872c568df989b4f2e8b50

    The md5 hash of the dnsmasq provided by http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-8.3-release/All/dnsmasq-2.60%2C1.tbz is equal to 7040c0cf6415b5549aabac800506a5c6.

    I'd rather avoid upgrading, so if I would prefer using the binary from the 8.3 freebsd archive. It seems to be working, but I'd like  to double check the hash to be sure I'm not missing anything.

    Thanks for your reply!

    As far as adding packages go, this is what pkg_info lists:

    ca_root_nss-3.14.3  The root certificate bundle from the Mozilla Project
    gettext-0.18.1.1_1  GNU gettext package
    gmp-5.1.1          A free library for arbitrary precision arithmetic
    gnutls-2.12.23_1    GNU Transport Layer Security library
    libgpg-error-1.11  Common error values for all GnuPG components
    libiconv-1.14_1    A character set conversion library
    libtasn1-2.14      ASN.1 structure parser library
    nettle-2.6          Low-level cryptographic library
    p11-kit-0.16.3      Library for loading and enumerating of PKCS#11 modules
    pkgconf-0.9.1_2    Utility to help to configure compiler and linker flags
    screen-4.0.3_14    A multi-screen window manager
    sixxs-aiccu-20070115_3 SixXS IPv6 TIC+ tunnel broker heartbeat client

    Nothing suspicious, but it doesn't show what installing these packages might have done behind the scenes.



  • Just to post a follow-up, the dnsmasq from the 8.3 package has been working as expected for over a week now. Thanks again.