Hi Sergio, the BIND 9 documentation covers this:
https://bind9.readthedocs.io/en/v9.18.34/chapter5.html#pkcs-11-cryptoki-support Since you are using OpenSSL you must ensure that Legacy engines are enabled. I would however recommend switching to 9.20.6 that has support for more modern OpenSSL Providers (5.5.6 and onwards): https://bind9.readthedocs.io/en/v9.20.6/chapter5.html#pkcs-11-cryptoki-support Cheers, -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 12. 3. 2025, at 20:29, Sergio Ramirez <srami...@seciu.edu.uy> wrote: > > Hi, > We need to integrate a "Thales Luna HSM PCIe 7" card, that we just > purchased, with the most updated BIND version that works in this scenario. > > We had followed carefully the instructions given by the Thales documents but > we had not succefull results. Also, we had contacted the Thales premium > technical support services but this services are poor, and at the moment they > did not give us a solution. > > For this reason we would like to ask you, if someone has expirience > integrating BIND with Thales HSM card with newer versions (in the past we had > done this integration succefully with older BIND versions and older Thales > HSM cards). > > The versions that we are using now are: > > Linux 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.106-3 (2024-08-26) > x86_64 GNU/Linux > OpenSSL 3.0.14 4 Jun 2024 (Library: OpenSSL 3.0.14 4 Jun 2024) > BIND 9.18.32 (Extended Support Version) <id:d1f1392> > > HSM Luna PCIe 7 card with firmware 7.0.3. > > We are very satisfied with BIND software, unfortunately if we can not find a > solution, perhaps we will need to change the DNS server software for other > compatible with newer HSM Thales card. > > Thanks in advance. > > -- > Sergio R. > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
