NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: DNSSEC vs netbsd-8/sparc?
>>> Does anybody think that the bind bits in netbsd-8 are ok, even before we
>>> talk about compilation?
>>
>> I'm about halfway through the diff between what's in-tree in
>> netbsd-8 and what's in ISC BIND 9.10.5-P1, and all I find so far
>> are
>
> I asked because I had trouble maybe two months ago with bind failing to
> resolve protonmailch due to some DNSSEC issue, on amd64, and the same
> problem on earmv7hf-el. The consensus seemed to be that bind and the
> root keys file in 8 is old and probably shouldn't be used.
The BIND code in netbsd-8 is old, and as far as ISC is concerned, is
no longer supported by them. BIND 9.10 reached End-of-Life on July
2018 according to
https://kb.isc.org/docs/bind-9-security-vulnerability-matrix-910
The oldest version still supported by ISC is BIND 9.11, which is an
"Extended Support Version", and which has an End-of-Life date of
December 2021.
However, the root keys file in netbsd-8 has been updated on the
branch, and the updated file is part of the NetBSD releases 8.1 and
7.2.
> I have no idea if the present problem is related to that or not - just
> asking if it was a "netbsd-8 on amd64 works, fails on sparc" clear case.
As later discussion revealed, this was an issue of "BIND as configured
to build on netbsd-8 and netbsd-7 on big-endian platforms" problem.
Regards,
- Håvard
Home |
Main Index |
Thread Index |
Old Index