Bug 200031
| Summary: | [PATCH] dns/bind910 & dns/bind-tools - new GOST default incompatible | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Leo Vandewoestijne <freebsd> | ||||
| Component: | Individual Port(s) | Assignee: | Mathieu Arnold <mat> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Some People | Keywords: | patch | ||||
| Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(mat) |
||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
A commit references this bug: Author: mat Date: Mon May 18 11:41:43 UTC 2015 New revision: 386672 URL: https://svnweb.freebsd.org/changeset/ports/386672 Log: Allow BIND 9.10 users to select the old key format when using GOST.[1] While there, reword the options a bit, and the pkg-help files. PR: 200031 [1] Submitted by: Leo Vandewoestijne [1] Sponsored by: Absolight Changes: head/dns/bind910/Makefile head/dns/bind910/pkg-help head/dns/bind99/Makefile head/dns/bind99/pkg-help |
Created attachment 156476 [details] bind GOST compile options modify The command dnssec-keygen to generate GOST keys is now -contrary to bind99- using raw keys by default. These keys are not accepted when using for example Knot's DNSSEC autosigning functionality. ISC was aware that some people would prefer the old default; enclosed patch allows to compile that. For the rest it doesn't change anything. But I also removed some superfluous repeated text at the GSSAPI options, just to keep it clean, and to be consequent with how the DLZ menu is.