BIND 9.10.0b1 is now available

Mathieu Arnold mat at
Mon Mar 17 17:28:52 UTC 2014

+--On 17 mars 2014 18:56:25 +0200 Mark Elkins <mje at> wrote:
| On Wed, 2014-02-26 at 00:55 +0000, Michael McNally wrote:
|>    A new compile-time option, "configure --enable-native-pkcs11",
|>    allows the BIND 9 cryptography functions to use the PKCS#11 API
|>    natively, so that BIND can drive a cryptographic hardware service
|>    module (HSM) directly instead of using a modified OpenSSL as an
|>    intermediary.  This has been tested with the Thales nShield HSM
|>    and with SoftHSMv2 from the OpenDNSSEC project. [RT #29031] 
| Has anyone tried this yet? - either using SoftHSM or a Thales HSM?
| I have access to a totally unconfigured Thales netShield Connect 500.
| Without reading *all* the manuals - anyone have a HowTo setup to make
| one of these beasties talk PKCS#11...  a Goto page XX is acceptable..

For the FreeBSD port for 9.10 that I'm currently writing (as the beta comes
out) it seems you can only build it either with openssl or with
native-pkcs11, which is a bit strange.

As for trying it, no, making it compile is already somewhat a challenge...

Mathieu Arnold

More information about the bind-users mailing list