Bug 11370

Summary: dns_signer not shipped
Product: [Retired] Red Hat Linux Reporter: Derek Atkins <warlord>
Component: bindAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED DEFERRED QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-05-22 17:59:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Derek Atkins 2000-05-11 19:02:45 UTC 
You do not ship dns_signer, the application needed to generate a Secure DNS
Zone (as per DNSSEC), as part of the standard bind package.  It is part of
the contrib section of BIND 8.2.2, but it does not get built as part of the
current bind rpm build process.

Without dns_signer, you cannot generate a DNSSEC Secure Zone file.

Could you please build the dns_signer and also ship it with the Bind RPM?

-derek
Comment 1 Nalin Dahyabhai 2000-05-22 17:59:59 UTC 
Please correct me if I'm wrong, but I understood that the DNSSEC protocols use
RSA-MD5 signatures, which require use of a patented algorithm.
Comment 2 Bernhard Rosenkraenzer 2000-08-03 09:25:40 UTC 
We'll probably "fix" this some time after the RSA patent expired.
#include <patents/suck.h>
Comment 3 Derek Atkins 2000-08-03 18:41:46 UTC 
FYI, RSADSI has given a license to BIND specifically to enable the distribution
of SecureDNS.  If you'd like I can go find you the relevant websites that have
the license information, but a web search of DNS RSA and License should find
it.  In particular, John Gilmore was instrumental in obtaining such a license.
Comment 4 Andrew Bartlett 2001-01-05 00:33:32 UTC 
I think this is all sorted with bind 9.1, as RSA has expired and bind now uses
OpenSSL. (The SecureDNS licence, from what I remember, was not strictly 'Open
Source')