Re: osf-contact Latest Openssl Issue with Bind 9.12.2-P2 on RHEL 7.5

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: osf-contact Latest Openssl Issue with Bind 9.12.2-P2 on RHEL 7.5

aakash.kumar

Hi Team,

 

Please find below error in text format.

 

[root@g3r1 ~]# systemctl status bind -l

● bind.service - LSB: DNS Daemon

   Loaded: loaded (/etc/rc.d/init.d/bind)

   Active: active (exited) since Fri 2018-10-05 13:31:09 CEST; 2 days ago

     Docs: man:systemd-sysv-generator(8)

  Process: 32417 ExecStop=/etc/rc.d/init.d/bind stop (code=exited, status=0/SUCCESS)

  Process: 32421 ExecStart=/etc/rc.d/init.d/bind start (code=exited, status=0/SUCCESS)

 

Oct 05 13:31:09 g3r1 named[32429]: ----------------------------------------------------

Oct 05 13:31:09 g3r1 named[32429]: adjusted limit on open files from 4096 to 1048576

Oct 05 13:31:09 g3r1 named[32429]: found 1 CPU, using 1 worker thread

Oct 05 13:31:09 g3r1 named[32429]: using 1 UDP listener per interface

Oct 05 13:31:09 g3r1 named[32429]: using up to 4096 sockets

Oct 05 13:31:09 g3r1 named[32429]: openssl_link.c:296: fatal error:

Oct 05 13:31:09 g3r1 named[32429]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)

Oct 05 13:31:09 g3r1 named[32429]: exiting (due to fatal error in library)

Oct 05 13:31:09 g3r1 bind[32421]: [13B blob data]

Oct 05 13:31:09 g3r1 systemd[1]: Started LSB: DNS Daemon.

 

 

[root@g3r1 ~]# tail /var/log/message

Oct  5 13:31:09 g3r1 systemd: Starting LSB: DNS Daemon...

Oct  5 13:31:09 g3r1 bind: /etc/rc.d/init.d/bind: line 36: log_info_msg: command not found

Oct  5 13:31:09 g3r1 named[32429]: starting BIND 9.12.2-P2 <id:b2bf278>

Oct  5 13:31:09 g3r1 named[32429]: running on Linux x86_64 3.10.0-327.13.1.el7.x86_64 #1 SMP Mon Feb 29 13:22:02 EST 2016

Oct  5 13:31:09 g3r1 named[32429]: built with '--prefix=/usr' '--sysconfdir=/etc' '--localstatedir=/var' 'mandir=/usr/share/man' '--enable-threads' '--with-libtool' '--with-openssl=/usr/local/ssl' '--disable-static' '--with-randomdev=/dev/urandom'

Oct  5 13:31:09 g3r1 named[32429]: running as: named -u named -t /srv/named -c /etc/named.conf

Oct  5 13:31:09 g3r1 named[32429]: compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-28)

Oct  5 13:31:09 g3r1 named[32429]: compiled with OpenSSL version: OpenSSL 1.0.2p  14 Aug 2018

Oct  5 13:31:09 g3r1 named[32429]: linked to OpenSSL version: OpenSSL 1.0.2p  14 Aug 2018

Oct  5 13:31:09 g3r1 named[32429]: compiled with zlib version: 1.2.7

Oct  5 13:31:09 g3r1 named[32429]: linked to zlib version: 1.2.7

Oct  5 13:31:09 g3r1 named[32429]: threads support is enabled

Oct  5 13:31:09 g3r1 named[32429]: ----------------------------------------------------

Oct  5 13:31:09 g3r1 named[32429]: BIND 9 is maintained by Internet Systems Consortium,

Oct  5 13:31:09 g3r1 named[32429]: Inc. (ISC), a non-profit 501(c)(3) public-benefit

Oct  5 13:31:09 g3r1 named[32429]: corporation.  Support and training for BIND 9 are

Oct  5 13:31:09 g3r1 named[32429]: available at https://www.isc.org/support

Oct  5 13:31:09 g3r1 named[32429]: ----------------------------------------------------

Oct  5 13:31:09 g3r1 named[32429]: adjusted limit on open files from 4096 to 1048576

Oct  5 13:31:09 g3r1 named[32429]: found 1 CPU, using 1 worker thread

Oct  5 13:31:09 g3r1 named[32429]: using 1 UDP listener per interface

Oct  5 13:31:09 g3r1 named[32429]: using up to 4096 sockets

Oct  5 13:31:09 g3r1 named[32429]: openssl_link.c:296: fatal error:

Oct  5 13:31:09 g3r1 named[32429]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)

 

 

Thanks & Regards,

 

Aakash kumar

ITE - India

Tower B, 8th Floor, DLF Infinity Towers,

DLF Cyber City Phase - II

Gurgaon - 122002, Haryana, INDIA

[hidden email]

 

  Mobile: +91-8527288977

  CVS: 7357 3706

 

 

 

-----Original Message-----
From: Viktor Dukhovni [mailto:[hidden email]]
Sent: 05 October 2018 21:23
To: KUMAR Aakash IMT/OINIS
Cc: [hidden email]; SRIVASTAVA Himanshu IMT/OINIS; VARSHNEY Praveen IMT/OINIS
Subject: Re: osf-contact Latest Openssl Issue with Bind 9.12.2-P2 on RHEL 7.5

 

 

Please try to send the text of error reports, not pictures.

 

> I am getting below error while starting the bind service.

> <image002.png>

 

If you ask on the openssl-users list, someone else may have seen

the same issue, and may have useful advice to share.

 

NOTE!!!:  I've set the Reply-To: address to <[hidden email]>.

If you just hit "Reply", your answer may go to the list, though you'd

need to join the list first to be able to post...

 

Does the error still happen when you disable "chroot" in BIND?

Perhaps BIND is doing late initialization of the PRNG after

entering the chroot jail, and maybe trying to use "/dev/urandom",

which not be in the jail?  That's a wild guess.  You'd need to

trace system calls to see what it is actually doing...

 

--

                Viktor.

 

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: osf-contact Latest Openssl Issue with Bind 9.12.2-P2 on RHEL 7.5

Porter, Andrew

See the error message about looking at the FAQ? Here it is:

 

https://www.openssl.org/docs/faq.html#USER1

 

From: openssl-users [mailto:[hidden email]] On Behalf Of [hidden email]
Sent: Sunday, October 07, 2018 22:51
To: [hidden email]
Cc: [hidden email]
Subject: Re: [openssl-users] osf-contact Latest Openssl Issue with Bind 9.12.2-P2 on RHEL 7.5

 

Hi Team,

 

Please find below error in text format.

 

[root@g3r1 ~]# systemctl status bind -l

● bind.service - LSB: DNS Daemon

   Loaded: loaded (/etc/rc.d/init.d/bind)

   Active: active (exited) since Fri 2018-10-05 13:31:09 CEST; 2 days ago

     Docs: man:systemd-sysv-generator(8)

  Process: 32417 ExecStop=/etc/rc.d/init.d/bind stop (code=exited, status=0/SUCCESS)

  Process: 32421 ExecStart=/etc/rc.d/init.d/bind start (code=exited, status=0/SUCCESS)

 

Oct 05 13:31:09 g3r1 named[32429]: ----------------------------------------------------

Oct 05 13:31:09 g3r1 named[32429]: adjusted limit on open files from 4096 to 1048576

Oct 05 13:31:09 g3r1 named[32429]: found 1 CPU, using 1 worker thread

Oct 05 13:31:09 g3r1 named[32429]: using 1 UDP listener per interface

Oct 05 13:31:09 g3r1 named[32429]: using up to 4096 sockets

Oct 05 13:31:09 g3r1 named[32429]: openssl_link.c:296: fatal error:

Oct 05 13:31:09 g3r1 named[32429]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)

Oct 05 13:31:09 g3r1 named[32429]: exiting (due to fatal error in library)

Oct 05 13:31:09 g3r1 bind[32421]: [13B blob data]

Oct 05 13:31:09 g3r1 systemd[1]: Started LSB: DNS Daemon.

 

 

[root@g3r1 ~]# tail /var/log/message

Oct  5 13:31:09 g3r1 systemd: Starting LSB: DNS Daemon...

Oct  5 13:31:09 g3r1 bind: /etc/rc.d/init.d/bind: line 36: log_info_msg: command not found

Oct  5 13:31:09 g3r1 named[32429]: starting BIND 9.12.2-P2 <id:b2bf278>

Oct  5 13:31:09 g3r1 named[32429]: running on Linux x86_64 3.10.0-327.13.1.el7.x86_64 #1 SMP Mon Feb 29 13:22:02 EST 2016

Oct  5 13:31:09 g3r1 named[32429]: built with '--prefix=/usr' '--sysconfdir=/etc' '--localstatedir=/var' 'mandir=/usr/share/man' '--enable-threads' '--with-libtool' '--with-openssl=/usr/local/ssl' '--disable-static' '--with-randomdev=/dev/urandom'

Oct  5 13:31:09 g3r1 named[32429]: running as: named -u named -t /srv/named -c /etc/named.conf

Oct  5 13:31:09 g3r1 named[32429]: compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-28)

Oct  5 13:31:09 g3r1 named[32429]: compiled with OpenSSL version: OpenSSL 1.0.2p  14 Aug 2018

Oct  5 13:31:09 g3r1 named[32429]: linked to OpenSSL version: OpenSSL 1.0.2p  14 Aug 2018

Oct  5 13:31:09 g3r1 named[32429]: compiled with zlib version: 1.2.7

Oct  5 13:31:09 g3r1 named[32429]: linked to zlib version: 1.2.7

Oct  5 13:31:09 g3r1 named[32429]: threads support is enabled

Oct  5 13:31:09 g3r1 named[32429]: ----------------------------------------------------

Oct  5 13:31:09 g3r1 named[32429]: BIND 9 is maintained by Internet Systems Consortium,

Oct  5 13:31:09 g3r1 named[32429]: Inc. (ISC), a non-profit 501(c)(3) public-benefit

Oct  5 13:31:09 g3r1 named[32429]: corporation.  Support and training for BIND 9 are

Oct  5 13:31:09 g3r1 named[32429]: available at https://www.isc.org/support

Oct  5 13:31:09 g3r1 named[32429]: ----------------------------------------------------

Oct  5 13:31:09 g3r1 named[32429]: adjusted limit on open files from 4096 to 1048576

Oct  5 13:31:09 g3r1 named[32429]: found 1 CPU, using 1 worker thread

Oct  5 13:31:09 g3r1 named[32429]: using 1 UDP listener per interface

Oct  5 13:31:09 g3r1 named[32429]: using up to 4096 sockets

Oct  5 13:31:09 g3r1 named[32429]: openssl_link.c:296: fatal error:

Oct  5 13:31:09 g3r1 named[32429]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)

 

 

Thanks & Regards,

 

Aakash kumar

ITE - India

Tower B, 8th Floor, DLF Infinity Towers,

DLF Cyber City Phase - II

Gurgaon - 122002, Haryana, INDIA

[hidden email]

 

  Mobile: +91-8527288977

  CVS: 7357 3706

 

 

 

-----Original Message-----
From: Viktor Dukhovni [mailto:[hidden email]]
Sent: 05 October 2018 21:23
To: KUMAR Aakash IMT/OINIS
Cc: [hidden email]; SRIVASTAVA Himanshu IMT/OINIS; VARSHNEY Praveen IMT/OINIS
Subject: Re: osf-contact Latest Openssl Issue with Bind 9.12.2-P2 on RHEL 7.5

 

 

Please try to send the text of error reports, not pictures.

 

> I am getting below error while starting the bind service.

> <image002.png>

 

If you ask on the openssl-users list, someone else may have seen

the same issue, and may have useful advice to share.

 

NOTE!!!:  I've set the Reply-To: address to <[hidden email]>.

If you just hit "Reply", your answer may go to the list, though you'd

need to join the list first to be able to post...

 

Does the error still happen when you disable "chroot" in BIND?

Perhaps BIND is doing late initialization of the PRNG after

entering the chroot jail, and maybe trying to use "/dev/urandom",

which not be in the jail?  That's a wild guess.  You'd need to

trace system calls to see what it is actually doing...

 

--

                Viktor.

 

_________________________________________________________________________________________________________________________
 
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
 
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users