# BIND97 and GSSAPI



## ryeguy146 (Dec 24, 2010)

I am running BIND 9.7.2.2 from ports on FreeBSD 8.1. I recently attempted to add GSS-TSIG signed dynamic updates, but following configurations changes in named.conf, the daemon fails to start and produces the following error in messages:


```
named[95707]: configuring TKEY: not implemented
loading configuration: not implemented
```

This leads me to believe that BIND was not compiled using the --with-gssapi option. I ran [CMD=""]make config[/CMD] in the ports directory and was unable to find the setting in the menu.

Being as I want to support secure dynamic updates, I need to compile BIND with GSS support. I am wondering if it is possible to make the configuration alterations to the ports file by somehow editing a file, or if I need to simply build from source. If I do need to build from source and not install using a package, do I need to uninstall my current installation of BIND? I'm assuming that I would, and if so, what would that entail? A simple [CMD=""]pkg_delete[/CMD]?


----------



## ryeguy146 (Dec 24, 2010)

Well, problem solved. I hacked up the Makefile from the BIND97 port and added a [CMD="--with-gss=/usr"][/CMD] line. I'm sure that there's better ways of doing this, but this works. Normally, this would link to /usr/local, as ports are installed there, but I was unable to compile the GNU GSS port and installed from source to /usr. I'm sure I'm making a mess of my filesystem at this point. I only just realized that ports install to /usr/local, but not always. Kerberos, for instance, used the base system. As I understand it, the base system already has a version (Heimdal) running, but without GSS api functionality. Anyway, that's resolved, but it's frustrating to try to have an idea as to where a program is going to be installed to. 

Anyway, fixed. Fixed-ish.


----------

