Re: DNSSEC vs netbsd-8/sparc?

To: gdt%lexort.com@localhost
Subject: Re: DNSSEC vs netbsd-8/sparc?
From: Havard Eidnes <he%NetBSD.org@localhost>
Date: Wed, 22 Apr 2020 11:27:44 +0200 (CEST)

>>> Does anybody think that the bind bits in netbsd-8 are ok, even before we
>>> talk about compilation?
>>
>> I'm about halfway through the diff between what's in-tree in
>> netbsd-8 and what's in ISC BIND 9.10.5-P1, and all I find so far
>> are
>
> I asked because I had trouble maybe two months ago with bind failing to
> resolve protonmailch due to some DNSSEC issue, on amd64, and the same
> problem on earmv7hf-el.  The consensus seemed to be that bind and the
> root keys file in 8 is old and probably shouldn't be used.

The BIND code in netbsd-8 is old, and as far as ISC is concerned, is
no longer supported by them.  BIND 9.10 reached End-of-Life on July
2018 according to

  https://kb.isc.org/docs/bind-9-security-vulnerability-matrix-910

The oldest version still supported by ISC is BIND 9.11, which is an
"Extended Support Version", and which has an End-of-Life date of
December 2021.

However, the root keys file in netbsd-8 has been updated on the
branch, and the updated file is part of the NetBSD releases 8.1 and
7.2.

> I have no idea if the present problem is related to that or not - just
> asking if it was a "netbsd-8 on amd64 works, fails on sparc" clear case.

As later discussion revealed, this was an issue of "BIND as configured
to build on netbsd-8 and netbsd-7 on big-endian platforms" problem.

Regards,

- Håvard

References:
- Re: DNSSEC vs netbsd-8/sparc?
  - From: Greg Troxel
- Re: DNSSEC vs netbsd-8/sparc?
  - From: Havard Eidnes
- Re: DNSSEC vs netbsd-8/sparc?
  - From: Greg Troxel

Prev by Date: Re: How to burn a bootable .iso dvd on NetBSD 9.0
Next by Date: Asterisk video conferences using NetBSD?
Previous by Thread: Re: DNSSEC vs netbsd-8/sparc?
Next by Thread: Re: DNSSEC vs netbsd-8/sparc?
Indexes:

Home | Main Index | Thread Index | Old Index