upgrade from v9.9.3-rpz2+rl -> v9.9.4-rpz2+rl introduces fatal launch error: "initializing DST: no engine"

pgndev pgnet.dev at gmail.com
Sat Sep 28 01:19:33 UTC 2013 

I currently run,

    named -V
        BIND 9.9.3-rpz2+rl.13204.02-P2 (Extended Support Version)
<id:d8a6fe8b> built with '--prefix=/usr/local/bind-9.9.3-P2'
'--libdir=/usr/local/bind-9.9.3-P2/lib64'
'--sysconfdir=/usr/local/etc/named' '--localstatedir=/var'
'--enable-shared' '--disable-static' '--enable-chroot' '--enable-ipv6'
'--with-libxml2=yes' '--with-gnu-ld' '--with-libtool' '--without-idn'
'--enable-threads' '--enable-largefile'
'--with-randomdev=/dev/urandom' '--enable-openssl-version-check'
'--disable-openssl-hash' '--with-openssl=/usr/local/ssl'
'--without-pkcs11' '--with-dlz-postgres=no' '--with-dlz-mysql=no'
'--with-dlz-bdb=/usr/local/dlz-bdb' '--with-dlz-filesystem=yes'
'--with-dlz-ldap=no' '--with-dlz-odbc=no' '--with-dlz-stub=yes'
'--with-dlopen=yes' '--enable-rpz-nsip' '--enable-rpz-nsdname'
'--with-make-clean' 'CC=/usr/bin/gcc-4.8' 'CFLAGS=-O2
-fmessage-length=0 -D_FORTIFY_SOURCE=2 -fstack-protector
-funwind-tables -fasynchronous-unwind-tables -march=atom -mtune=atom
-fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -Wall'
'LDFLAGS=-L/usr/local/ssl/lib64 -Wl,-rpath,/usr/local/ssl/lib64 -lssl
-lcrypto ' 'CPPFLAGS=-I/usr/local/include -I/usr/local/ssl/include
-I/usr/include'
        using OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013
        using libxml2 version: 2.9.0


On the same box, with similar ./configure, I build/install bin v9.9.4
+ rpz2+rl patch, with no errors.

On launch, though, it FAILS, with a fatal error; from `journalctl`,

    Sep 27 17:14:46 test03.devlan.int named[28862]: starting BIND
9.9.4-rpz2+rl.13269.14 -t /var/chroot/named -n 4 -S 1024 -u named -c
/etc/named.conf -d 90
    Sep 27 17:14:46 test03.devlan.int named[28862]: built with
'--with-make-clean' '--enable-full-report'
'--prefix=/usr/local/bind-9.9.4'
'--libdir=/usr/local/bind-9.9.4/lib64'
'--sysconfdir=/usr/local/etc/named' '--localstatedir=/var'
'--enable-shared' '--disable-static' '--enable-chroot' '--enable-ipv6'
'--with-libxml2=yes' '--with-gnu-ld' '--with-libtool' '--without-idn'
'--enable-threads' '--enable-largefile'
'--with-randomdev=/dev/urandom' '--enable-openssl-version-check'
'--disable-openssl-hash' '--with-openssl=/usr/local/ssl'
'--without-pkcs11' '--with-dlz-postgres=no' '--with-dlz-mysql=no'
'--with-dlz-bdb=/usr/local/dlz-bdb' '--with-dlz-filesystem=yes'
'--with-dlz-ldap=no' '--with-dlz-odbc=no' '--with-dlz-stub=yes'
'--with-dlopen=yes' '--enable-rpz-nsip' '--enable-rpz-nsdname'
'--enable-rrl' '--enable-filter-aaaa' '--with-pkcs11'
'CC=/usr/bin/gcc-4.8' 'CFLAGS=-O2 -fmessage-length=0
-D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables
-fasynchronous-unwind-tables -march=atom -mtune=atom -fPIC -DPIC
-D_GNU_SOURCE -fno-strict-aliasing -Wall'
'LDFLAGS=-L/usr/local/ssl/lib64 -Wl,-rpath,/usr/local/ssl/lib64 -lssl
-lcrypto ' 'CPPFLAGS=-I/usr/local/include -I/usr/local/ssl/include
-I/usr/include'
    Sep 27 17:14:46 test03.devlan.int named[28862]:
----------------------------------------------------
    Sep 27 17:14:46 test03.devlan.int named[28862]: BIND 9 is
maintained by Internet Systems Consortium,
    Sep 27 17:14:46 test03.devlan.int named[28862]: Inc. (ISC), a
non-profit 501(c)(3) public-benefit
    Sep 27 17:14:46 test03.devlan.int named[28862]: corporation.
Support and training for BIND 9 are
    Sep 27 17:14:46 test03.devlan.int named[28862]: available at
https://www.isc.org/support
    Sep 27 17:14:46 test03.devlan.int named[28862]:
----------------------------------------------------
    Sep 27 17:14:46 test03.devlan.int named[28862]: adjusted limit on
open files from 4096 to 1048576
    Sep 27 17:14:46 test03.devlan.int named[28862]: found 4 CPUs,
using 4 worker threads
    Sep 27 17:14:46 test03.devlan.int named[28862]: using 4 UDP
listeners per interface
    Sep 27 17:14:46 test03.devlan.int named[28862]: using up to 1024 sockets
    Sep 27 17:14:46 test03.devlan.int named[28862]: initializing DST: no engine
    Sep 27 17:14:46 test03.devlan.int named[28862]: exiting (due to fatal error)

Same Openssl version, similar configure, same systemctl launch scripts.

Old posts referred to issues with libgost.so 'vs' chroot.

In the 9.9.3 instance (running atm), libgost is in the chroot built by
the startup script,

    ls -al /var/chroot/named/usr/local/ssl/lib64/engines/
        total 132K
        drwxr-xr-x 2 root root 4.0K Sep 27 17:12 ./
        drwxr-xr-x 3 root root 4.0K Sep 27 17:12 ../
        -r-xr-xr-x 1 root root 123K Sep 27 17:32 libgost.so*

The logs above don't tell me enough to know if the issue has returned
bet 993 & 994.

Any guidance as to where to start to beter identify & troubleshoot
this?  I can provide additional detail as needed.

More information about the bind-users mailing list