From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 61B8B138334 for ; Tue, 17 Sep 2019 16:14:31 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0C00CE0950; Tue, 17 Sep 2019 16:14:23 +0000 (UTC) Received: from very.loosely.org (very.loosely.org [173.255.215.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 73B97E0921 for ; Tue, 17 Sep 2019 16:14:22 +0000 (UTC) Received: from c-67-174-233-217.hsd1.ca.comcast.net ([67.174.233.217]:51554 helo=foolinux.mooo.com) by ahiker.mooo.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2-145-34f34d221) (envelope-from ) id 1iAG7R-0007NI-8r; Tue, 17 Sep 2019 09:14:21 -0700 Date: Tue, 17 Sep 2019 09:14:14 -0700 From: Ian Zimmerman To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Re: problem with named restarting Message-ID: <20190917161414.fz24gizh7o2umqus@matica.foolinux.mooo.com> References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 X-Loosely-ASN: 7922 X-Archives-Salt: 71d8ff8c-1eca-430f-a6e1-9630291f2795 X-Archives-Hash: c195ec0fafb50dd318049d7e15dcd27f On 2019-09-17 03:30, John Covici wrote: > Hi. I am having a very annoying problem with named. I am using > net-dns/bind-9.14.4 which I actually updated from a previous version > which also had the problem. It seems that an assertion has failed: > Sep 17 03:10:53 ccs.covici.com named[1857864]: resolver.c:4917: > INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed, back > trace > > There is a back trace which I can supply if that would help. There is > also a coredump. > > Also, when I restart named (which I have now done automatically by > systemd) it gives me a lot of errors like the following: > Sep 17 03:11:59 ccs.covici.com named[3299910]: validating arpa/DS: no > valid signature found > or this: > Sep 17 03:12:00 ccs.covici.com named[3299910]: validating com/DS: no > valid signature found This looks like a DNSSEC problem. I don't run bind on my gentoo system, but I did this: $ equery -C u net-dns/bind [ Legend : U - final flag setting for installation] [ : I - package is installed with flag ] [ Colors : set, unset ] * Found these USE flags for net-dns/bind-9.14.4: U I + + berkdb : Add support for sys-libs/db (Berkeley DB for MySQL) + - caps : Use Linux capabilities library to control privilege - - dlz : Enables dynamic loaded zones, 3rd party extension - - dnsrps : Enable the DNS Response Policy Service (DNSRPS) API, a mechanism to allow an external response policy provider - - dnstap : Enables dnstap packet logging - - doc : Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally - - fixed-rrset : Enables fixed rrset-order option - - geoip : Add geoip support for country and city lookup based on IPs - - gost : Enables gost OpenSSL engine support - - gssapi : Enable gssapi support + + json : Enable JSON statistics channel - - ldap : Add LDAP support (Lightweight Directory Access Protocol) - - libressl : Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl useflag) - - lmdb : Enable LMDB support to store configuration for 'addzone' zones - - mysql : Add mySQL Database support - - odbc : Add ODBC Support (Open DataBase Connectivity) - - postgres : Add support for the postgresql database - - python : Add optional support/bindings for the Python language + + python_targets_python2_7 : Build with Python 2.7 - - python_targets_python3_5 : Build with Python 3.5 + + python_targets_python3_6 : Build with Python 3.6 - - static-libs : Build static versions of dynamic libraries as well - - urandom : Use /dev/urandom instead of /dev/random + + xml : Add support for XML files + + zlib : Add support for zlib (de)compression which left me puzzled: the libressl flag docstring talks about a ssl flag which doesn't exist for this package. Try running "ldd /usr/sbin/named". Is openssl (ie. libssl and libcrypto) part of the output? -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.