Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Ubuntu 12.04 & BIND 9.9.2-P1

237 views
Skip to first unread message

Rusty L Vaughn

unread,
Jan 5, 2013, 1:17:28 PM1/5/13
to bind-...@lists.isc.org

I am getting the following error with a compiled version of BIND with Ubuntu 12.04. The file at the path does exist.  I think I am missing a package but I am not sure what could be missing.  Thanks

error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so): /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so: cannot open shared object file: No such file or directory

error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:

error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:

error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:417:id=gost

initializing DST: crypto failure

exiting (due to fatal error)

Carsten Strotmann

unread,
Jan 6, 2013, 5:26:03 AM1/6/13
to Rusty L Vaughn, bind-...@lists.isc.org

Hello Rusty,
Are you running BIND in a chroot environment? If yes, you need to
re-create the path and copy the file(s) mentioned in the error message
into the chroot. libgost ist an OpenSSL "crypto-engine" that implements
the GOST algorithm that can be used for DNSSEC.

OpenSSL loads the "crypto-engines" after BIND has entered the chroot
environment, so it looks for the files inside the chroot.

if your chroot is "/var/named" (start BIND with named -t /var/named),
then the file should be located in
/var/named/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so

Be prepared that you need to copy multiple file. Fix one error and then
look for the next.

Best regards

Carsten Strotmann

Rusty L Vaughn

unread,
Jan 6, 2013, 12:48:00 PM1/6/13
to Noel S. Rocha, bind-...@lists.isc.org
Thanks that worked.  I didn't even think about BIND being Chrooted since I have never seen this issue before on Debian.  Ubuntu seems to be more restrictive to files outside the Chroot.


----
Rusty L Vaughn


On Sat, Jan 5, 2013 at 5:00 PM, Noel S. Rocha <noels...@gmail.com> wrote:
Is bind chrooted?

Try this(DONT FORGET: CHANGE VALUE OF $CHROOT VARIABLE ):

mkdir -p $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/

2º Edit /etc/fstab
/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/  $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/ none  defaults,bind,auto,nodev,noexec,nosuid  0 0

mount $CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/

4º Edit /etc/apparmor.d/local/usr.sbin.named adding line above:
$CHROOT/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so rm,

5º reloading apparmor
/etc/init.d/apparmor reload

Again, DONT FORGET: CHANGE VALUE OF $CHROOT. My chroot is /var/lib/bind/. Put your chroot path.

Good luck,

On Sat, Jan 5, 2013 at 4:17 PM, Rusty L Vaughn <rusty.l...@gmail.com> wrote:

I am getting the following error with a compiled version of BIND with Ubuntu 12.04. The file at the path does exist.  I think I am missing a package but I am not sure what could be missing.  Thanks

error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so): /usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so: cannot open shared object file: No such file or directory

error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:

error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:

error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:417:id=gost

initializing DST: crypto failure

exiting (due to fatal error)


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



--
Noel S. Rocha

0 new messages