Created attachment 306637 [details] result of emerge --info I updated today net-dns/bind from version 9.7.4_p1 to 9.8.1_p1. Before the update named was fully functional, after the update it fails: * Starting named ... * Checking named configuration ... [ ok ] * start-stop-daemon: failed to start `/usr/sbin/named' [ !! ] * ERROR: named failed to start My /etc/bind/named.conf and /var/bind/pri zones files are fine (checked using named-checkconf and named-checkzones). The configuration files are OK, so what could have generated this? The log file /var/log/everything/current shows: Mar 25 15:21:57 [named] starting BIND 9.8.1-P1 -u named Mar 25 15:21:57 [named] built with '--prefix=/usr' '--build=i686-pc-linux-gnu' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--enable-threads' '--with-dlopen' '--with-dlz-filesystem' '--with-dlz-stub' '--without-dlz-postgres' '--without-dlz-mysql' '--with-dlz-bdb' '--without-dlz-ldap' '--without-dlz-odbc' '--with-openssl' '--with-idn' '--enable-ipv6' '--with-libxml2' '--with-gssapi' '--enable-rpz-nsip' '--enable-rpz-nsdname' '--with-pkcs11' '--enable-linux-caps' '--with-gost' '--with-randomdev=/dev/urandom' 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-march=native -O2 -g0 -mno-3dnow -pipe -w -Wfatal-errors -I/usr/include/db4.8' 'LDFLAGS=-Wl,-O2 -Wl,--as-needed' Mar 25 15:21:57 [named] adjusted limit on open files from 4096 to 1048576 Mar 25 15:21:57 [named] found 1 CPU, using 1 worker thread Mar 25 15:21:57 [named] using up to 4096 sockets Mar 25 15:21:57 [named] initializing DST: no engine Mar 25 15:21:57 [named] exiting (due to fatal error) Mar 25 15:21:57 [/etc/init.d/named] start-stop-daemon: failed to start `/usr/sbin/named' Mar 25 15:21:57 [/etc/init.d/named] ERROR: named failed to start Eugen
Some Google searches revealed the problem may have something to do with pkcs11: https://lists.isc.org/pipermail/bind-users/2010-June/080291.html https://groups.google.com/forum/?fromgroups#!topic/comp.protocols.dns.bind/dVku09JUzww You may try disabling the pkcs11 USE flag of bind.
(In reply to comment #1) Besides disabling pkcs11 USE flag as you suggested, I also disabled a few others (see below). It did not help, same failure. # eix net-dns/bind [I] net-dns/bind Installed versions: 9.8.1_p1(08:35:41 AM 26/03/12)(caps dlz idn ipv6 threads urandom -berkdb -doc -geoip -gost -gssapi -ldap -mysql -odbc -pkcs11 -postgres -rpz -sdb-ldap -selinux -ssl -xml)
Please attach a strace log in case it still fails with -pkcs11.
(In reply to comment #3) > Please attach a strace log in case it still fails with -pkcs11. I rebuilt bind and all its dependencies and everything is fine now! Unless somebody else has the same issue, I would suggest closing this bug.
The PKCS11 useflag has been temporary removed as it seems to require OpenSSL to be patched first. So for now, I consider this bug to be fixed.
There is a package, dev-libs/engine_pkcs11 , version 0.1.8 marked as stable, is this means that package is broken?
(In reply to comment #6) > There is a package, dev-libs/engine_pkcs11 , version 0.1.8 marked as stable, > is this means that package is broken? No. BIND is just using "it's own" pkcs11 engine. We could ask ISC if engine_pkcs11 would met their requirements though.
