On 2019-09-17 03:30, John Covici wrote:
> Hi. I am having a very annoying problem with named. I am using
> net-dns/bind-9.14.4 which I actually updated from a previous version
> which also had the problem. It seems that an assertion has failed:
> Sep 17 03:10:53 ccs.covici.com named[1857864]: resolver.c:4917:
> INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed, back
> trace
>
> There is a back trace which I can supply if that would help. There is
> also a coredump.
>
> Also, when I restart named (which I have now done automatically by
> systemd) it gives me a lot of errors like the following:
> Sep 17 03:11:59 ccs.covici.com named[3299910]: validating arpa/DS: no
> valid signature found
> or this:
> Sep 17 03:12:00 ccs.covici.com named[3299910]: validating com/DS: no
> valid signature found
This looks like a DNSSEC problem. I don't run bind on my gentoo system,
but I did this:
$ equery -C u net-dns/bind
[ Legend : U - final flag setting for installation]
[ : I - package is installed with flag ]
[ Colors : set, unset ]
* Found these USE flags for net-dns/bind-9.14.4:
U I
+ + berkdb : Add support for sys-libs/db (Berkeley DB for
MySQL)
+ - caps : Use Linux capabilities library to control
privilege
- - dlz : Enables dynamic loaded zones, 3rd party
extension
- - dnsrps : Enable the DNS Response Policy Service (DNSRPS)
API, a mechanism to allow an
external response policy provider
- - dnstap : Enables dnstap packet logging
- - doc : Add extra documentation (API, Javadoc, etc). It
is recommended to enable per
package instead of globally
- - fixed-rrset : Enables fixed rrset-order option
- - geoip : Add geoip support for country and city lookup
based on IPs
- - gost : Enables gost OpenSSL engine support
- - gssapi : Enable gssapi support
+ + json : Enable JSON statistics channel
- - ldap : Add LDAP support (Lightweight Directory Access
Protocol)
- - libressl : Use dev-libs/libressl instead of
dev-libs/openssl when applicable (see also the ssl
useflag)
- - lmdb : Enable LMDB support to store configuration for
'addzone' zones
- - mysql : Add mySQL Database support
- - odbc : Add ODBC Support (Open DataBase Connectivity)
- - postgres : Add support for the postgresql database
- - python : Add optional support/bindings for the Python
language
+ + python_targets_python2_7 : Build with Python 2.7
- - python_targets_python3_5 : Build with Python 3.5
+ + python_targets_python3_6 : Build with Python 3.6
- - static-libs : Build static versions of dynamic libraries as
well
- - urandom : Use /dev/urandom instead of /dev/random
+ + xml : Add support for XML files
+ + zlib : Add support for zlib (de)compression
which left me puzzled: the libressl flag docstring talks about a ssl
flag which doesn't exist for this package.
Try running "ldd /usr/sbin/named". Is openssl (ie. libssl and
libcrypto) part of the output?
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.
