Shared libraries loaded after chroot

Matthew Pounsett matt at
Mon May 16 12:09:05 UTC 2016

On 16 May 2016 at 04:38, Marc Haber <mh+bind-users at> wrote:

> I have filed Debian Bug #820974 (
> accordingly. The Debian bind people suggest that I copy the respective
> libraries to the chroot so that bind can find them.

Yeah, this has been the fix on a lot of systems since GOST was included in
OpenSSL.  It's something to do with the GOST algorithm being implemented
differently from everything else... as a plugin instead of a module, if
memory serves (it probably doesn't).    IMHO it's a bug in OpenSSL, not

Another option is to compile BIND with GOST support disabled... but that is
awkward for a lot of people using binary package distribution from the OS

> This, however, would take possibly security relevant libraries from
> the automated update mechanisms of the distributions, and would
> therefore greatly reduce ease of upgrades. It is also not mentioned in
> Chapter 6 of the ARM.
> What is the official upstream remedy to this situation?
> Frankly, I think this is a bug in bind 9.10, it should load all
> necessary libraries before chrooting itself. I am aware that this
> would probably need parsing of the configuration before chrooting.
> What is the recommended way to run bind 9.10 in a chroot?
> Greetings
> Marc
> --
> -----------------------------------------------------------------------------
> Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
> Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
> _______________________________________________
> Please visit to
> unsubscribe from this list
> bind-users mailing list
> bind-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list