Anyone have problems with BIND 9.8.0

Tony Finch dot at
Mon May 2 23:40:52 UTC 2011

> A couple of problems:
> Firstly, if you are running chrooted and have a recent version of
> OpenSSL installed, you must either copy the OpenSSL gost cipher engine
> loadable module into your chroot, or hack the build scripts to disable
> gost support. The easiest way to do this is to make the obvious one line
> change to bind's config.h before running make. I could not work out how
> to make OpenSSL behave.

(i.e. I could not make OpenSSL's build system either leave out gost
support entirely or compile it in statically.)

> Secondly, bind's automatic trust anchor handl

Sorry that got truncated: touchphone fail.

BIND's automatic trust anchor handling has changed. There's a new
'dnssec-validation auto' option to enable automatic root trust anchor
management. I found that to make this work properly I had to delete the
old managed-keys pseudo-zone files - it seems that BIND only adds the
default root and/or DLV trust anchors when creating the files.

f.anthony.n.finch  <dot at>
Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in
Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5
or 6 later. Rough or very rough. Occasional rain. Moderate or good,
occasionally poor.

More information about the bind-users mailing list