[blfs-dev] BIND, Part 2

Qrux qrux.qed at gmail.com
Fri Feb 17 01:28:34 PST 2012


The version of BIND included with BLFS doesn't work.  Googled:

	named initializing DST: openssl failure

Results in these apparently relevant links:

	* https://trac.macports.org/ticket/28619
	* https://bugs.gentoo.org/show_bug.cgi?id=356519
	* http://snarfu.com/freebsd/freebsd-bind-chroot-openssl-initializing-dst-openssl-failure-fix/

Apparently this error occurs across 3 separate OSes (Mac OS, Gentoo, FreeBSD).  AFAICT, named just don't play well with a chroot jail.  I've tried this:

====
sudo sed -i s'/ievaluate_retval/evaluate_retval/g' /etc/rc.d/init.d/bind

ldd /usr/sbin/named | awk -F \> '{print $2}' | grep /lib | cut -d ' ' -f 2 | sudo cpio -pdmv /srv/named 2> /dev/null
sudo /bin/cp -avf /usr/lib/engines /srv/named/usr/lib
sudo /bin/cp -avf /etc/ssl /srv/named/etc

set +e
sudo mknod -m 0666 /srv/named/dev/zero c 1 5
set -e

sudo chown -vR named.named /srv/named
====

Which didn't seem to help.  My gut says the chroot environment is somehow incomplete...

Personally, I don't need to run it in the chroot environment, but if anyone has gotten it working I'd love to hear how you did it.  In lieu of working advice, however, I would suggest pulling the chroot instructions out of BLFS.  Running it without -u, -t works just fine, as long as the config files are in /etc, and not in the jail.

	Q





More information about the blfs-dev mailing list