error on start: initializing DST: no engine (v9.7.0-P2)

Mon Jun 14 10:25:10 UTC 2010

Greg Whynott wrote:
> sorry,  forgot the subject.  not very good on my first posting....
> 
> Hello,
> 
> I'm seeing an unfamiliar error while attempting to start a newly built from source named instance.   I've search on the net and within the bind-user list without luck,  DST returns lots of hits,  but nothing with "named DST".     hoping someone here might know what its about.  Is it really a Day Light related?
> thanks much for your time,
> greg
> 
> 
> 
> 
> the error:
> 
> [root at fido ~]# /etc/init.d/named start
> Starting named:                                            [FAILED]
> [root at fido ~]# grep named /var/log/messages
> Jun 13 10:20:00 fido named[2430]: starting BIND 9.7.0-P2 -u named
> Jun 13 10:20:00 fido named[2430]: built with '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-pkcs11=/usr/lib/pkcs11/PKCS11_API.so' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=i386-redhat-linux-gnu' 'host_alias=i386-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables' 'CPPFLAGS= -DDIG_SIGCHASE'
> Jun 13 10:20:00 fido named[2430]: adjusted limit on open files from 1024 to 1048576
> Jun 13 10:20:00 fido named[2430]: found 2 CPUs, using 2 worker threads
> Jun 13 10:20:00 fido named[2430]: using up to 4096 sockets
> ****
> Jun 13 10:20:00 fido named[2430]: initializing DST: no engine
> Jun 13 10:20:00 fido named[2430]: exiting (due to fatal error)
> ****

No - not "daylight saving time" :-)

It's the Digital Signature Toolkit subsystem (it interfaces between BIND
and the cryptography it uses).

The error is reported during from ~/bin/named/server.c during the
initialization/startup phase because an error is returned from the call
to dst_lib_init2().  This function initializes the DST subsystem - you
can find it in ~/lib/dns/dst_api.c.  What api calls it makes depends on
what options named was built with.

Looking at the long list of options passed to configure I would first
hazard a guess that something is missing from your environment that
named is expecting because of how it has been built.  Are these all
configure options that you selected manually?  For example,
"--with-pkcs11=..." is one likely candidate to cause problems if you're
not going to be using a PKCS#11 interface to a hardware module.  A good
rule with configure is always to use the defaults except where you
definitely know why you need something different.

Hope this helps.

Cathy