Bind 9.8 chroot and gsstsig - what additional libraries do I need?
Tony Finch
dot at dotat.at
Mon May 23 11:32:05 UTC 2011
Juergen Dietl <isclists01 at googlemail.com> wrote:
>
> I run bind 9.8 with GSS-TSIG in serveral domains with update-policy list
> for secure updatesand all is working fine. Before my bind was in a
> CHROOT enviroment. But with using GSS-TSIG it seems to need a lot more
> libraries.
Did it stop working when you upgraded to BIND 9.8.0 or when you added
GSS-TGIS support? If you changed them both at the same time then the
problem might not be anything to do with GSS-TSIG. (If it is GSS_TSIG
then I don't know the solution.)
BIND 9.8.0 supports the GOST cipher, and OpenSSL implements GOST as a
loadable module. Try copying /usr/lib/engines/libgost.so into your chroot.
Alternatively you can rebuild BIND without GOST support. After running its
configure script, run
perl -ni -e "print unless /HAVE_OPENSSL_GOST/" config.h
before running make.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in
Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5
or 6 later. Rough or very rough. Occasional rain. Moderate or good,
occasionally poor.
More information about the bind-users
mailing list