Bug#951082: dnsdist: libsystemd-dev should be added to dependancies

Mon, 10 Feb 2020 18:56:12 -0800 

Hi Chris,

> All versions of dnsdist that have been shipped with Debian already
> build-depend on libsystemd-dev. I'm not sure what exactly you are
> looking

The library is indeed listed in the source package's Build-depends of
control file.

But as it is needed for building the package, it's also needed to run
properly dnsdist - if dnsdist needs to open file. Without it, it gave me
fatal errors while I was trying to configure it as a DoH server:

févr. 10 19:50:39 Shaft-OL systemd[1]: Starting DNS Loadbalancer...
févr. 10 19:50:39 Shaft-OL dnsdist[591353]: Configuration
'/etc/dnsdist/dnsdist.conf' OK!
févr. 10 19:50:39 Shaft-OL dnsdist[591353]: Configuration
'/etc/dnsdist/dnsdist.conf' OK!
févr. 10 19:50:39 Shaft-OL dnsdist[591354]:
139986757410048:error:0200100D:system library:fopen:Permission
denied:../crypto/bio/bss_file.c:288:fopen('/etc/dnsdist/foobar.key','r')
févr. 10 19:50:39 Shaft-OL dnsdist[591354]:
139986757410048:error:20074002:BIO routines:file_ctrl:system
lib:../crypto/bio/bss_file.c:290:
févr. 10 19:50:39 Shaft-OL dnsdist[591354]:
139986757410048:error:140B0002:SSL
routines:SSL_CTX_use_PrivateKey_file:system lib:../ssl/ssl_rsa.c:540:
févr. 10 19:50:39 Shaft-OL dnsdist[591354]: Fatal error: Error setting
up TLS context for DoH listener on '[2001:bd8:cafe:cafe::443]:443': An
error occurred while trying to load the TLS server private key file:
/etc/dnsdist/foobar.k->
févr. 10 19:50:39 Shaft-OL systemd[1]: dnsdist.service: Main process
exited, code=exited, status=1/FAILURE
févr. 10 19:50:39 Shaft-OL systemd[1]: dnsdist.service: Failed with
result 'exit-code'.
févr. 10 19:50:39 Shaft-OL systemd[1]: Failed to start DNS Loadbalancer.

Without the lib installed, it can work by disabling the
CapabilityBoundingSet in the service file (which is clearly unwanted)

Installing it solved the issue

Thinking about it, it might be a more general bug, not related to Debian
(I'm definitely not a pro but it looks like it may be linked to the
"notify" service type and the CapabilityBoundingSettings)

I hope this message is clearer :)

Regards,

Reply via email to