> A couple of problems: > > Firstly, if you are running chrooted and have a recent version of > OpenSSL installed, you must either copy the OpenSSL gost cipher engine > loadable module into your chroot, or hack the build scripts to disable > gost support. The easiest way to do this is to make the obvious one line > change to bind's config.h before running make. I could not work out how > to make OpenSSL behave.
(i.e. I could not make OpenSSL's build system either leave out gost support entirely or compile it in statically.) > Secondly, bind's automatic trust anchor handl Sorry that got truncated: touchphone fail. BIND's automatic trust anchor handling has changed. There's a new 'dnssec-validation auto' option to enable automatic root trust anchor management. I found that to make this work properly I had to delete the old managed-keys pseudo-zone files - it seems that BIND only adds the default root and/or DLV trust anchors when creating the files. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5 or 6 later. Rough or very rough. Occasional rain. Moderate or good, occasionally poor. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
