Trouble with 9.7.1-P2 on RHEL 5

CT groups at obsd.us
Thu Aug 26 13:09:07 UTC 2010 

I have successfully built on CentOS 5.5 (32bit)
(I do a very simple install with no desktop.. )

BIND 9.7.1-P2 built with '--prefix=/usr/local' 
'--sysconfdir=/etc/namedb' '--disable-openssl-version-check' 
'--with-openssl=yes'

Some notes I had made
---
Compiling from source is very simple once you have the necessary 
dependancies.

Needed to compile bind from source:
-- openssl
-- make
         are installed during the default installation

We need to install a few extra packages via yum.
These package will also pull in a few of their own dependancies.

-- yum install openssl-devel
-- yum install gcc
-- yum install autoconf

---
hth
Charles

> Timothy Holtzen wrote:
>> Has anyone been able to get 9.7.1-P2 to build with pkcs11 and run on
>> RHEL/CentOS 5?  I appear to be able to configure and make without any
>> problems but when I go to run it I get the following error in the log.
>>
>> named[14899]: starting BIND 9.7.1-P2 -c /etc/named.conf -t /var/named/chroot
>> named[14899]: built with '--with-libtool' '--localstatedir=/var'
>> '--disable-threads' '--enable-ipv6' '--disable-static' '--with-pic'
>> '--disable-openssl-version-check'
>> '--with-pkcs11=/usr/lib64/pkcs11/PKCS11_API.so' '--with-gssapi=yes'
>> '--disable-isc-spnego'
>> named[14899]: using up to 4096 sockets
>> named[14899]: initializing DST: no engine
>> named[14899]: exiting (due to fatal error)
>>
>> > From what I have been able to deduce this means that bind can't find or
>> use the pkcs11 encryption engine.  Compiling without the "--with-pkcs11"
>> option produces a functional executable.  Stangely the exact same
>> configuration options worked just fine with 9.7.0 so something seems to
>> have changed between those releases.  My ultimate goal is to do a full
>> DNSSEC depolyment so I'm guessing the pkcs11 option is going to be
>> required if I want to generate and manage keys etc.  Anyone have any
>> ideas?  I suspect that I'm missing some encription library or something.
>>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iD8DBQFMdZX2DADXcoYj2ZwRAuggAJ49JS5iERRDzRuzZu7D9B3c8Ui7bQCcCb0R
> deKtj3MANUTquQilmCJ7Dsw=
> =tHat
> -----END PGP SIGNATURE-----
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list