>>> Does anybody think that the bind bits in netbsd-8 are ok, even before we >>> talk about compilation? >> >> I'm about halfway through the diff between what's in-tree in >> netbsd-8 and what's in ISC BIND 9.10.5-P1, and all I find so far >> are > > I asked because I had trouble maybe two months ago with bind failing to > resolve protonmailch due to some DNSSEC issue, on amd64, and the same > problem on earmv7hf-el. The consensus seemed to be that bind and the > root keys file in 8 is old and probably shouldn't be used.
The BIND code in netbsd-8 is old, and as far as ISC is concerned, is no longer supported by them. BIND 9.10 reached End-of-Life on July 2018 according to https://kb.isc.org/docs/bind-9-security-vulnerability-matrix-910 The oldest version still supported by ISC is BIND 9.11, which is an "Extended Support Version", and which has an End-of-Life date of December 2021. However, the root keys file in netbsd-8 has been updated on the branch, and the updated file is part of the NetBSD releases 8.1 and 7.2. > I have no idea if the present problem is related to that or not - just > asking if it was a "netbsd-8 on amd64 works, fails on sparc" clear case. As later discussion revealed, this was an issue of "BIND as configured to build on netbsd-8 and netbsd-7 on big-endian platforms" problem. Regards, - HÃ¥vard
