8.2.1 experiences please?

[Dennis Glatting]

> isc is running it in production everywhere, and while we've
> uncovered a few ways in which features aren't implemented
> according to their documentation we have every confidence
> that we'll be able to continue running 8.2.1 until the
> obligatory 8.2.2 comes out in a few months.
>
> anyone else got any 8.2.1-in-production stories they can share?
>

I am having problems with TSIG under Solaris 2.6 SPARC. Part of
the problem, at least, seems to be EGCS 1.1.2 and compiling with
the -Os option. I am still investigating.

There are a few problems with the documentation. For example,
it isn't clear how to generate TSIG HMAC-MD5 keys (I used
dnskeygen but it isn't obvious what parameters one should use).
The named.conf example in bin/named shows ASCII text for the
secret but base64 encoded data is required. The comment in that
file says TSIG is supported by the parser but not yet
implemented in the server. Is that true?

There really needs to be some form of detailed debugging for
TSIG, such as ns_debug() statements in ns_verify.c and
find_key() that print out key searches and the key and
algorithm in packets. For debugging I am using syslog() but
that can't stay.


-dpg