Hello Tony, I am pretty sure (but not 100 %) that I also had the troubles with version 9.7.2. P3. The only thing I know 100 % is that I did the test with the same version. So:
Bind without GSS-TSIG (no key given in the named.conf) works in CHROOT Bind with GSS-TSIG (keytab given in the named.conf) do not work One of the first things that was missed was dev/urandom for example. Is there any one out that use a GSS-TSIG Bind WITH CHROOT-Enviroment? thanx so far, cheers, Juergen 2011/5/23 Tony Finch <d...@dotat.at> > Juergen Dietl <isclist...@googlemail.com> wrote: > > > > I run bind 9.8 with GSS-TSIG in serveral domains with update-policy list > > for secure updatesand all is working fine. Before my bind was in a > > CHROOT enviroment. But with using GSS-TSIG it seems to need a lot more > > libraries. > > Did it stop working when you upgraded to BIND 9.8.0 or when you added > GSS-TGIS support? If you changed them both at the same time then the > problem might not be anything to do with GSS-TSIG. (If it is GSS_TSIG > then I don't know the solution.) > > BIND 9.8.0 supports the GOST cipher, and OpenSSL implements GOST as a > loadable module. Try copying /usr/lib/engines/libgost.so into your chroot. > > Alternatively you can rebuild BIND without GOST support. After running its > configure script, run > perl -ni -e "print unless /HAVE_OPENSSL_GOST/" config.h > before running make. > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in > Rockall and Malin, veering west or northwest 4 or 5, then backing southwest > 5 > or 6 later. Rough or very rough. Occasional rain. Moderate or good, > occasionally poor. >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users