# bind911 on FB_11.2p4 with OpenSSL in /usr/lib does not start - ENGINE_by_id failed (crypto failure)



## freecmb (Nov 9, 2018)

Hi all

I today updated to latest ports and updated / compiled from
   Upgrade bind911-9.11.4P2 to bind911-9.11.5
which went well, but finally it does not start:

```
Nov  9 10:57:25 fiend named[82369]: starting BIND 9.11.5 (Extended Support Version) <id:3b0b204>
Nov  9 10:57:25 fiend named[82369]: running on FreeBSD amd64 11.2-RELEASE-p4 FreeBSD 11.2-RELEASE-p4 #0: Thu Sep 27 08:16:24 UTC
 2018     [email]root@amd64-builder.daemonology.net[/email]:/usr/obj/usr/src/sys/GENERIC
Nov  9 10:57:25 fiend named[82369]: built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-random
dev=/dev/random' '--with-libxml2=/usr/local' '--with-readline=-L/usr/local/lib -ledit' '--with-dlopen=yes' '--sysconfdir=/usr/lo
cal/etc/namedb' '--with-dlz-filesystem=yes' '--disable-dnstap' '--enable-filter-aaaa' '--disable-fixed-rrset' '--without-geoip'
'--without-gssapi' '--with-libidn2=/usr/local' '--enable-ipv6' '--with-libjson=/usr/local' '--disable-largefile' '--with-lmdb=/u
sr/local' '--disable-native-pkcs11' '--with-python=/usr/local/bin/python2.7' '--disable-querytrace' '--enable-rpz-nsdname' '--en
able-rpz-nsip' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--with-openssl=/usr/local' '--enable-threads' '--with-tuning=default' '--prefix=
/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd11.2' 'build_alias=amd64-portbl
d-freebsd11.2' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector -isystem /usr/local/include -fno-strict-aliasing ' 'L
bsd11.2' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS
=
Nov  9 10:49:55 fiend named[52977]: running as: named -n 3 -t /var/named -u bind -c /etc/namedb/named.conf
Nov  9 10:49:55 fiend named[52977]: compiled by CLANG 4.2.1 Compatible FreeBSD Clang 6.0.0 (tags/RELEASE_600/final 326565)
Nov  9 10:49:55 fiend named[52977]: compiled with OpenSSL version: OpenSSL 1.0.2o-freebsd  27 Mar 2018
Nov  9 10:49:55 fiend named[52977]: linked to OpenSSL version: OpenSSL 1.0.2o-freebsd  27 Mar 2018
Nov  9 10:49:55 fiend named[52977]: compiled with libxml2 version: 2.9.7
Nov  9 10:49:55 fiend named[52977]: linked to libxml2 version: 20907
Nov  9 10:49:55 fiend named[52977]: compiled with libjson-c version: 0.13.1
Nov  9 10:49:55 fiend named[52977]: linked to libjson-c version: 0.13.1
Nov  9 10:49:55 fiend named[52977]: compiled with zlib version: 1.2.11
Nov  9 10:49:55 fiend named[52977]: linked to zlib version: 1.2.11
Nov  9 10:49:55 fiend named[52977]: threads support is enabled
Nov  9 10:49:55 fiend named[52977]: ----------------------------------------------------
Nov  9 10:49:55 fiend named[52977]: BIND 9 is maintained by Internet Systems Consortium,
Nov  9 10:49:55 fiend named[52977]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Nov  9 10:49:55 fiend named[52977]: corporation.  Support and training for BIND 9 are
Nov  9 10:49:55 fiend named[52977]: available at [URL]https://www.isc.org/support[/URL]
Nov  9 10:49:55 fiend named[52977]: ----------------------------------------------------
Nov  9 10:49:55 fiend named[52977]: ENGINE_by_id failed (crypto failure)
Nov  9 10:49:55 fiend named[52977]: initializing DST: crypto failure
Nov  9 10:49:55 fiend named[52977]: exiting (due to fatal error)
Nov  9 10:49:55 fiend root: /usr/local/etc/rc.d/named: WARNING: failed to start named
```
I increased log level to debug, but no more or more precise debug message / log or error messages...

make.conf is empty, so default openssl is used from /usr/lib.

The configure options in the /usr/ports/dns/bind911/ is on default as well.

Anyone else seeing this behaviour?

It works if compiled against the openssl in /usr/local/lib when there is the DEFAULTS on openssl from ports...btw.

Cheers
Christian


----------



## ShelLuser (Nov 9, 2018)

Try running it dedicated on the console: `# named -d 2 -f -L ./named.log`.

This will increase the logging level somewhat (your output doesn't even indicate debugging being used) and it might shed more light on all this.


----------

