Has anyone been able to get 9.7.1-P2 to build with pkcs11 and run on RHEL/CentOS 5? I appear to be able to configure and make without any problems but when I go to run it I get the following error in the log.
named[14899]: starting BIND 9.7.1-P2 -c /etc/named.conf -t /var/named/chroot named[14899]: built with '--with-libtool' '--localstatedir=/var' '--disable-threads' '--enable-ipv6' '--disable-static' '--with-pic' '--disable-openssl-version-check' '--with-pkcs11=/usr/lib64/pkcs11/PKCS11_API.so' '--with-gssapi=yes' '--disable-isc-spnego' named[14899]: using up to 4096 sockets named[14899]: initializing DST: no engine named[14899]: exiting (due to fatal error) >From what I have been able to deduce this means that bind can't find or use the pkcs11 encryption engine. Compiling without the "--with-pkcs11" option produces a functional executable. Stangely the exact same configuration options worked just fine with 9.7.0 so something seems to have changed between those releases. My ultimate goal is to do a full DNSSEC depolyment so I'm guessing the pkcs11 option is going to be required if I want to generate and manage keys etc. Anyone have any ideas? I suspect that I'm missing some encription library or something. -- Timothy A. Holtzen Campus Network Administrator Nebraska Wesleyan University _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users