On 16 May 2016 at 04:38, Marc Haber <[email protected]> wrote:
> I have filed Debian Bug #820974 (http://bugs.debian.org/820974) > accordingly. The Debian bind people suggest that I copy the respective > libraries to the chroot so that bind can find them. > Yeah, this has been the fix on a lot of systems since GOST was included in OpenSSL. It's something to do with the GOST algorithm being implemented differently from everything else... as a plugin instead of a module, if memory serves (it probably doesn't). IMHO it's a bug in OpenSSL, not BIND. Another option is to compile BIND with GOST support disabled... but that is awkward for a lot of people using binary package distribution from the OS vendor. > > This, however, would take possibly security relevant libraries from > the automated update mechanisms of the distributions, and would > therefore greatly reduce ease of upgrades. It is also not mentioned in > Chapter 6 of the ARM. > > What is the official upstream remedy to this situation? > > Frankly, I think this is a bug in bind 9.10, it should load all > necessary libraries before chrooting itself. I am aware that this > would probably need parsing of the configuration before chrooting. > > What is the recommended way to run bind 9.10 in a chroot? > > Greetings > Marc > > -- > > ----------------------------------------------------------------------------- > Marc Haber | "I don't trust Computers. They | Mailadresse im Header > Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 > Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
