On 25/08/2018 17:27, takahiro wrote: Hi Takahiro,
>> There are other features in BIND, such as TSIG keys, that require >> cryptographic functions, so you still need openssl. > Now I don't use TSIG keys. > Maybe rndc ,too? > (When I found out the word "cryptographic", rndc was displayed.) > >> Compiling without openssl is a bad idea. Don't do it. > I was surprised! > I thought it's a good idea to invalidate unnecessary functions. > Could you tell me the reason? > I can't fully understand the function of BIND. TSIG isn't the only thing that needs cryptographic functions. BIND also had support for DNS COOKIES (RFC 7873), which also need openssl. I would say openssl is not optional, so just don't compile without it. I don't even know why there's an option to compile without openssl, but I'm sure one of the BIND developers can enlighten us. Regards, Anand _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
