Инициализация привязки с именем DST: инициализация PKCS#11 завершилась неудачно
Я клонировал репозиторий BIND9, установил его зависимости и скомпилировал версию 9.14.2:
git clone https://gitlab.isc.org/isc-projects/bind9.git
cd bind9
git checkout v9_14_2
sudo python -m pip --upgrade pip
sudo python -m pip install ply
sudo apt install libcap-dev
sudo apt install libxml2-dev # Optional, for XML statistics
sudo apt install libkrb5-dev # Optional, for GSS API
sudo apt install libsofthsm2 libsofthsm2-dev # Optional, for pkcs11
export PATH_PYTHON_PACKAGES="/usr/local/lib/python3.7/site-packages"
export PATH_OPENSSL="/usr/local/openssl"
export OPENSSL_LIBS=/usr/local/openssl/lib
Моя конфигурация, как показано ниже:
$ ./configure --prefix=/usr \
--mandir=/usr/share/man \
--libdir=/usr/lib/x86_64-linux-gnu \
--infodir=/usr/share/info \
--sysconfdir=/etc/bind \
--localstatedir=/ \
--enable-threads \
--enable-largefile \
--enable-kqueue \
--enable-epoll \
--enable-shared \
--enable-static \
--with-libtool \
--with-libxml2 \
--with-gost=no \
--with-python=python \
--with-python-install-dir="$PATH_PYTHON_PACKAGES" \
--with-openssl="$PATH_OPENSSL" \
--with-gssapi=/usr \
--with-gnu-ld \
--with-atf=no \
--enable-ipv6 \
--enable-rrl \
--enable-filter-aaaa \
--enable-native-pkcs11 \
--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so \
--with-randomdev=/dev/urandom \
--enable-full-report
===============================================================================
Configuration summary:
-------------------------------------------------------------------------------
Optional features enabled:
Mutex lock type:
GSS-API (--with-gssapi)
Algorithm: aes
IPv6 support (--enable-ipv6)
Python tools (--with-python)
XML statistics (--with-libxml2)
HTTP zlib compression (--with-zlib)
Print backtrace on crash (--enable-backtrace)
Use symbol table for backtrace, named only (--enable-symtable)
Use GNU libtool (--with-libtool)
DNSSEC validation active by default (--enable-auto-validation)
Using PKCS#11 for Public-Key Cryptography (--with-native-pkcs11)
PKCS#11 module (--with-pkcs11): /usr/lib/softhsm/libsofthsm2.so
Dynamically loadable zone (DLZ) drivers:
None
-------------------------------------------------------------------------------
Features disabled or unavailable on this platform:
Large-system tuning (--with-tuning)
Allow 'dnstap' packet logging (--enable-dnstap)
GeoIP access control (--with-geoip)
DNS Response Policy Service interface (--enable-dnsrps)
Allow 'fixed' rrset-order (--enable-fixed-rrset)
Very verbose query trace logging (--enable-querytrace)
CMocka Unit Testing Framework (--with-cmocka)
JSON statistics (--with-libjson)
LMDB database to store configuration for 'addzone' zones (--with-lmdb)
IDN support (--with-libidn2)
-------------------------------------------------------------------------------
Configured paths:
prefix: /usr
sysconfdir: /etc/bind
localstatedir: /
-------------------------------------------------------------------------------
Compiler: gcc
gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516
Copyright (C) 2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Unrecognized options:
--enable-threads, --with-gost, --with-atf, --enable-ipv6, --enable-rrl, --enable-filter-aaaa, --with-randomdev
===============================================================================
$ make && sudo make install && make clean && echo 'Success'
Моя ОС Linux 4.9.0-8-amd64 Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux,
Когда я проверяю, правильно ли установлен BIND9, я получаю следующий вывод:
$ sudo named -g
18-May-2019 14:48:21.559 starting BIND 9.14.2 (Stable Release) <id:354cf1f66f>
18-May-2019 14:48:21.559 running on Linux x86_64 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27)
18-May-2019 14:48:21.559 built with '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--enable-kqueue' '--enable-epoll' '--enable-shared' '--enable-static' '--with-libtool' '--with-libxml2' '--with-gost=no' '--with-python=python' '--with-python-install-dir=/usr/local/lib/python3.7/site-packages' '--with-openssl=/usr/local/openssl' '--with-gssapi=/usr' '--with-gnu-ld' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so' '--with-randomdev=/dev/urandom' '--enable-full-report'
18-May-2019 14:48:21.559 running as: named -g
18-May-2019 14:48:21.559 compiled by GCC 6.3.0 20170516
18-May-2019 14:48:21.559 compiled with OpenSSL version: OpenSSL 1.1.1b 26 Feb 2019
18-May-2019 14:48:21.559 linked to OpenSSL version: OpenSSL 1.1.1b 26 Feb 2019
18-May-2019 14:48:21.559 compiled with libxml2 version: 2.9.4
18-May-2019 14:48:21.560 linked to libxml2 version: 20904
18-May-2019 14:48:21.560 compiled with zlib version: 1.2.11
18-May-2019 14:48:21.560 linked to zlib version: 1.2.8
18-May-2019 14:48:21.560 ----------------------------------------------------
18-May-2019 14:48:21.560 BIND 9 is maintained by Internet Systems Consortium,
18-May-2019 14:48:21.560 Inc. (ISC), a non-profit 501(c)(3) public-benefit
18-May-2019 14:48:21.560 corporation. Support and training for BIND 9 are
18-May-2019 14:48:21.560 available at https://www.isc.org/support
18-May-2019 14:48:21.560 ----------------------------------------------------
18-May-2019 14:48:21.560 found 1 CPU, using 1 worker thread
18-May-2019 14:48:21.560 using 1 UDP listener per interface
18-May-2019 14:48:21.561 using up to 4096 sockets
18-May-2019 14:48:21.566 initializing DST: PKCS#11 initialization failed
18-May-2019 14:48:21.566 exiting (due to fatal error)
$ sudo rndc-confgen -a
rndc-confgen: initialize dst library: (result code text not available)
Я читал о том, как начать работу с BIND - как создавать и запускать именованные с помощью базовой рекурсивной конфигурации - Компиляция и установка, но я понятия не имею, как ее решить.