Public bug reported: If /etc/ssl/openssl.cnf is unreadable by bind9 process, or is symlinked from another file (regardless of whether the target is readable by bind9 or not), bind9 will not start.
This is apparently the same issue as what was discussed on the Debian side in 2010: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584911 I have several custom openssl.cnf files, and recently decided to symlink the 'default' openssl.cnf to one of them (the target is world readable). On the next reboot bind would not start. With a lot of digging, much like in the debian ticket I referred to above, I eventually clued in on the fact that somehow OpenSSL is involved even though it's not an advertised dependency. If this can't be corrected (i.e. so that bind would start regardless of whether openssl.cnf can be accessed), perhaps a more informative error message could be added. A simple "cannot read openssl.cnf" would have saved me an hour of debug time. -- Description: Ubuntu 12.04.2 LTS Release: 12.04 bind9: Installed: 1:9.8.1.dfsg.P1-4ubuntu0.5 Candidate: 1:9.8.1.dfsg.P1-4ubuntu0.5 Version table: *** 1:9.8.1.dfsg.P1-4ubuntu0.5 0 500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages 100 /var/lib/dpkg/status 1:9.8.1.dfsg.P1-4 0 500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1160435 Title: Unreadable or symlinked openssl.cnf breaks bind9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1160435/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
