OpenSSL problem: bind98-base FreeBSD port

Matthew Pounsett matt at
Sun Jul 8 16:54:09 UTC 2012

I upgraded my OpenSSL and BIND ports on one of my machines yesterday afternoon, and ended up with BIND being unable to start due to some problem with OpenSSL.  Unfortunately, it's not giving me any real information to go on about what the problem is.  

> openssl version
WARNING: can't open config file: /usr/local/openssl/openssl.cnf
OpenSSL 1.0.1c 10 May 2012

> sudo named -g -t /var/named/authoritative/ -u bind -d 100
08-Jul-2012 16:45:00.347 starting BIND 9.8.3-P1 -g -t /var/named/authoritative/ -u bind -d 100
08-Jul-2012 16:45:00.347 built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-openssl=/usr/local' '--with-libxml2=/usr/local' '--with-idn=/usr/local' '--with-libiconv=/usr/local' '--enable-largefile' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--enable-ipv6' '--enable-threads' '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info/' '--build=x86_64-portbld-freebsd8.2' 'build_alias=x86_64-portbld-freebsd8.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -rpath=/usr/local/lib' 'CPPFLAGS=' 'CPP=cpp' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -fno-strict-aliasing'
08-Jul-2012 16:45:00.347 ----------------------------------------------------
08-Jul-2012 16:45:00.347 BIND 9 is maintained by Internet Systems Consortium,
08-Jul-2012 16:45:00.347 Inc. (ISC), a non-profit 501(c)(3) public-benefit 
08-Jul-2012 16:45:00.347 corporation.  Support and training for BIND 9 are 
08-Jul-2012 16:45:00.347 available at
08-Jul-2012 16:45:00.347 ----------------------------------------------------
08-Jul-2012 16:45:00.347 found 4 CPUs, using 4 worker threads
08-Jul-2012 16:45:00.349 using up to 4096 sockets
08-Jul-2012 16:45:00.349 Registering DLZ_dlopen driver
08-Jul-2012 16:45:00.349 Registering SDLZ driver 'dlopen'
08-Jul-2012 16:45:00.349 Registering DLZ driver 'dlopen'
08-Jul-2012 16:45:00.351 decrement_reference: delete from rbt: 0x802467058 .
08-Jul-2012 16:45:00.352 initializing DST: openssl failure
08-Jul-2012 16:45:00.352 exiting (due to fatal error)

I found multiple versions of libgcrypt installed, which was generating some compile warnings, but cleaning that up didn't help.  There is only one version of openssl installed, so no conflicts there..

> ls -d /var/db/pkg/*ssl*

I can recompile without SSL to get my name servers running again, but that's not really sustainable.  Does anyone have any suggestions for how to get more information out of BIND about what exactly is failing?

More information about the bind-users mailing list