Trouble with 9.7.1-P2 on RHEL 5
Timothy Holtzen
tah at NebrWesleyan.edu
Wed Aug 25 21:56:47 UTC 2010
Has anyone been able to get 9.7.1-P2 to build with pkcs11 and run on
RHEL/CentOS 5? I appear to be able to configure and make without any
problems but when I go to run it I get the following error in the log.
named[14899]: starting BIND 9.7.1-P2 -c /etc/named.conf -t /var/named/chroot
named[14899]: built with '--with-libtool' '--localstatedir=/var'
'--disable-threads' '--enable-ipv6' '--disable-static' '--with-pic'
'--disable-openssl-version-check'
'--with-pkcs11=/usr/lib64/pkcs11/PKCS11_API.so' '--with-gssapi=yes'
'--disable-isc-spnego'
named[14899]: using up to 4096 sockets
named[14899]: initializing DST: no engine
named[14899]: exiting (due to fatal error)
>From what I have been able to deduce this means that bind can't find or
use the pkcs11 encryption engine. Compiling without the "--with-pkcs11"
option produces a functional executable. Stangely the exact same
configuration options worked just fine with 9.7.0 so something seems to
have changed between those releases. My ultimate goal is to do a full
DNSSEC depolyment so I'm guessing the pkcs11 option is going to be
required if I want to generate and manage keys etc. Anyone have any
ideas? I suspect that I'm missing some encription library or something.
--
Timothy A. Holtzen
Campus Network Administrator
Nebraska Wesleyan University
More information about the bind-users
mailing list