Ubuntu 12.04 & BIND 9.9.2-P1
I am getting the following error with a compiled version of BIND with Ubuntu 12.04. The file at the path does exist. I think I am missing a package but I am not sure what could be missing. Thanks error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so): /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so: cannot open shared object file: No such file or directory error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:417:id=gost initializing DST: crypto failure exiting (due to fatal error) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Ubuntu 12.04 & BIND 9.9.2-P1
Hello Rusty, Rusty L Vaughn writes: > I am getting the following error with a compiled version of BIND with > Ubuntu 12.04. The file at the path does exist. I think I am missing a > package but I am not sure what could be missing. Thanks > > error:25066067:DSO support routines:DLFCN_LOAD:could not load the > shared library:dso_dlfcn.c:185:filename > (/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so): > /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so: cannot > open shared object file: No such file or directory > > error:25070067:DSO support routines:DSO_load:could not load the shared > library:dso_lib.c:244: > > error:260B6084:engine routines:DYNAMIC_LOAD:dso not > found:eng_dyn.c:450: > > error:2606A074:engine routines:ENGINE_by_id:no such > engine:eng_list.c:417:id=gost > > initializing DST: crypto failure > > exiting (due to fatal error) Are you running BIND in a chroot environment? If yes, you need to re-create the path and copy the file(s) mentioned in the error message into the chroot. libgost ist an OpenSSL "crypto-engine" that implements the GOST algorithm that can be used for DNSSEC. OpenSSL loads the "crypto-engines" after BIND has entered the chroot environment, so it looks for the files inside the chroot. if your chroot is "/var/named" (start BIND with named -t /var/named), then the file should be located in /var/named/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so Be prepared that you need to copy multiple file. Fix one error and then look for the next. Best regards Carsten Strotmann ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Ubuntu 12.04 & BIND 9.9.2-P1
Thanks that worked. I didn't even think about BIND being Chrooted since I have never seen this issue before on Debian. Ubuntu seems to be more restrictive to files outside the Chroot. Rusty L Vaughn On Sat, Jan 5, 2013 at 5:00 PM, Noel S. Rocha wrote: > Is bind chrooted? > > Try this(DONT FORGET: CHANGE VALUE OF $CHROOT VARIABLE ): > > 1º > mkdir -p $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ > > 2º Edit /etc/fstab > /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ > $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ none > defaults,bind,auto,nodev,noexec,nosuid 0 0 > > 3º > mount $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ > > 4º Edit /etc/apparmor.d/local/usr.sbin.named adding line above: > $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so rm, > > 5º reloading apparmor > /etc/init.d/apparmor reload > > Again, DONT FORGET: CHANGE VALUE OF $CHROOT. My chroot is /var/lib/bind/. > Put your chroot path. > > Good luck, > > On Sat, Jan 5, 2013 at 4:17 PM, Rusty L Vaughn > wrote: > >> I am getting the following error with a compiled version of BIND with >> Ubuntu 12.04. The file at the path does exist. I think I am missing a >> package but I am not sure what could be missing. Thanks >> >> error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared >> library:dso_dlfcn.c:185:filename(/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so): >> /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so: cannot open >> shared object file: No such file or directory >> >> error:25070067:DSO support routines:DSO_load:could not load the shared >> library:dso_lib.c:244: >> >> error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: >> >> error:2606A074:engine routines:ENGINE_by_id:no such >> engine:eng_list.c:417:id=gost >> >> initializing DST: crypto failure >> >> exiting (due to fatal error) >> >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > > > > -- > Noel S. Rocha > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
