NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: DNSSEC vs netbsd-8/sparc?



>>> Does anybody think that the bind bits in netbsd-8 are ok, even before we
>>> talk about compilation?
>>
>> I'm about halfway through the diff between what's in-tree in
>> netbsd-8 and what's in ISC BIND 9.10.5-P1, and all I find so far
>> are
>
> I asked because I had trouble maybe two months ago with bind failing to
> resolve protonmailch due to some DNSSEC issue, on amd64, and the same
> problem on earmv7hf-el.  The consensus seemed to be that bind and the
> root keys file in 8 is old and probably shouldn't be used.

The BIND code in netbsd-8 is old, and as far as ISC is concerned, is
no longer supported by them.  BIND 9.10 reached End-of-Life on July
2018 according to

  https://kb.isc.org/docs/bind-9-security-vulnerability-matrix-910

The oldest version still supported by ISC is BIND 9.11, which is an
"Extended Support Version", and which has an End-of-Life date of
December 2021.

However, the root keys file in netbsd-8 has been updated on the
branch, and the updated file is part of the NetBSD releases 8.1 and
7.2.

> I have no idea if the present problem is related to that or not - just
> asking if it was a "netbsd-8 on amd64 works, fails on sparc" clear case.

As later discussion revealed, this was an issue of "BIND as configured
to build on netbsd-8 and netbsd-7 on big-endian platforms" problem.

Regards,

- Håvard


Home | Main Index | Thread Index | Old Index