Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: openbsd.org > ipv6 > 02 > 120003.html (Request Expert openbsd.org Support)

Re: Bind4/IPv6/DNSSEC support

From: David Terrell <dbt(at)meat.net>
Date: Mon Dec 09 2002 - 12:48:16 EST

On Sun, Dec 08, 2002 at 07:01:31PM +0100, Virginie wrote:
> Bind4 is known to be IPv6 ready since release 4.9.5. So I tried to
> understand how to deal with but I didn't find any documentation on this
> topic, except a very very old "IPv6" draft written by Paul Vixie in 1996
> and still available in recent system sources (OpenBSD 3.1 ->
> /usr/src/usr.sbin/named/doc/misc/ipv6) as the unique bind4-IPv6
> documentation on the system.

Bind4 supports AAAA records, per rfc 1886. It will not bind to IPv6 sockets.

> Nothing more in the named man nor in the OpenBSD FAQ. Same thing

DNSSEC has changed so many times, the recent releases of BIND8 just dumped it completely rather than rewrite it. Bind9 is trying to track it but to get DNSSEC as it will eventually (maybe this time for sure, no really, trust us... why are you laughing?) be deployed you probably have to run some snapshot that's barely publicly available.

DNSSEC is, at this point, only usable for stuff like rfc 3007 (formerly 2137) "Secure Domain Name System (DNS) Dynamic Update". I wouldn't even waste your time trying to figure the rest of it out, it's a joke.

> I've an heavy confidence in OpenBSD developpers choices, so I would
> clearly prefer to keep Bind4 instead of installing Bind9, but I need to
> know if IPv6 support is just a legend or not, and if DNSSEC support
> exists or may exist. Optionally I would enjoy some precisions on the
> related options :-) (like the Bind9 listen-to-v6 for example). Any
> indication is welcome.

No listen-on-v6 for pre-bind9. Kame maintained experimental patches for bind8 to support listen-on-v6 style functionality, but if you're going to do that you might as well go bind9 at this point.

Good luck. 

-- 
David Terrell           | If a crypto algorithm is cracked in a forest
Nebcorp Prime Minister  | and a tree falls on a mime, does microsoft
dbt@meat.net            | need to publish an advisory on it?
http://wwn.nebcorp.com/
Received on Mon Dec 9 12:50:23 2002
Do you need help?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:30:14 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library