lwres [was Re: [Openswan dev] Re: [Openswan Users] more
aboutignored or processed SA delete messages]
mcr at xelerance.com
mcr at xelerance.com
Sat Dec 11 18:43:59 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "D" == D Hugh Redelmeier <hugh at mimosa.com> writes:
D> | Welcome to the bleeding edge? :)
D> What's up with this? lwres support was done years ago and was
D> considered "the future". It was the way to get DNSsec integrated
D> into OE. Is it abandoned?
D> I admit that it requires a version of BIND that not everyone has
D> by default. I don't even know if the newer BIND is being taken
D> up by distros.
Bind 9.3, which is what we require to ship lwres on by default, only
shipped this past summer.
This is because DNSSEC only got settled in the spring... and the RFCs
are not yet out either. lwres not only requires that you have bind9
libraries to build, but also that lwres {}; be enabled in named.conf.
The best choice is to have this all run-time selectable...
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQbuGOIqHRg3pndX9AQFUEAP/TjxE88ELgHumCqWy/qFnOJWyAH9sc0bg
X4FGf6BPlMNeykSiIyxY2ohTvttCg1wryAZlCrM5Spt/ROFpgj07cLS8HoCMXjA2
EgNTJNAx/E9Pu285OWP9QKnEz0ASoD0AB8wnRWBsW60qWHuNRb77c64Dhy61zUiF
MZYOsSfGmqc=
=VsX2
-----END PGP SIGNATURE-----
More information about the Dev
mailing list